Problém se zapnutím PC Vyřešeno
Re: Problém se zapnutím PC
Operace byla přerušena z důvodu omezeních platných pro tento počítač. To vyskočí když dám možnosti internetu. V procesech ani v naplánovaných úlohách není. Ano, je to userini.exe
Re: Problém se zapnutím PC
Ahoj, než přijde Jaro3, prosím tě vlož nový log z HJT, nebo pokud máš v pc Rsit, tak z něj.
Re: Problém se zapnutím PC
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52:42, on 24.6.2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\userini.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\userini.exe
C:\WINDOWS\System32\userini.exe
C:\WINDOWS\System32\userini.exe
C:\Program Files\Styler\Styler.exe
C:\Documents and Settings\David\Plocha\Skype.exe
C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
O4 - HKCU\..\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
O4 - HKLM\..\Policies\Explorer\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
O4 - HKCU\..\Policies\Explorer\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
O4 - HKUS\S-1-5-21-343818398-436374069-839522115-1012\..\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe (User '?')
O4 - HKUS\S-1-5-21-343818398-436374069-839522115-1012\..\Policies\Explorer\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-343818398-436374069-839522115-1012 Startup: Styler.lnk = ? (User '?')
O4 - Startup: Styler.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5719 bytes
Scan saved at 16:52:42, on 24.6.2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\userini.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\userini.exe
C:\WINDOWS\System32\userini.exe
C:\WINDOWS\System32\userini.exe
C:\Program Files\Styler\Styler.exe
C:\Documents and Settings\David\Plocha\Skype.exe
C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
O4 - HKCU\..\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
O4 - HKLM\..\Policies\Explorer\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
O4 - HKCU\..\Policies\Explorer\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
O4 - HKUS\S-1-5-21-343818398-436374069-839522115-1012\..\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe (User '?')
O4 - HKUS\S-1-5-21-343818398-436374069-839522115-1012\..\Policies\Explorer\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-343818398-436374069-839522115-1012 Startup: Styler.lnk = ? (User '?')
O4 - Startup: Styler.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5719 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Problém se zapnutím PC
No prostě jedním slovem: Hrůza!!!
Odinstaluj:
StylerToolBar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Odinstaluj:
StylerToolBar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
O4 - HKCU\..\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
O4 - HKLM\..\Policies\Explorer\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
O4 - HKCU\..\Policies\Explorer\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
O4 - HKUS\S-1-5-21-343818398-436374069-839522115-1012\..\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe (User '?')
O4 - HKUS\S-1-5-21-343818398-436374069-839522115-1012\..\Policies\Explorer\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe (User '?')
O4 - S-1-5-21-343818398-436374069-839522115-1012 Startup: Styler.lnk = ? (User '?')
O4 - Startup: Styler.lnk = ?
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Problém se zapnutím PC
Heh, Dr.Web Scanner mi nic nenašel, ale jak koukám tak jsi to změnil.
Re: Problém se zapnutím PC
ComboFix 10-06-23.05 - David 24.06.2010 18:25:37.4.1 - x86
Spuštěný z: c:\documents and settings\David\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
ADS - explorer.exe: deleted 55808 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_004771_.tmp.dll
c:\windows\system32\_004947_.tmp.dll
c:\windows\system32\_004948_.tmp.dll
c:\windows\system32\_004949_.tmp.dll
c:\windows\system32\_004950_.tmp.dll
c:\windows\system32\_004957_.tmp.dll
c:\windows\system32\_004958_.tmp.dll
c:\windows\system32\_004959_.tmp.dll
c:\windows\system32\_004961_.tmp.dll
c:\windows\system32\_004962_.tmp.dll
c:\windows\system32\_004965_.tmp.dll
c:\windows\system32\_004966_.tmp.dll
c:\windows\system32\_004968_.tmp.dll
c:\windows\system32\_004969_.tmp.dll
c:\windows\system32\_004970_.tmp.dll
c:\windows\system32\_004972_.tmp.dll
c:\windows\system32\_004973_.tmp.dll
c:\windows\system32\_004974_.tmp.dll
c:\windows\system32\_004975_.tmp.dll
c:\windows\system32\_004976_.tmp.dll
c:\windows\system32\_004980_.tmp.dll
c:\windows\system32\_004981_.tmp.dll
c:\windows\system32\_004983_.tmp.dll
c:\windows\system32\_004984_.tmp.dll
c:\windows\system32\_004986_.tmp.dll
c:\windows\system32\_004988_.tmp.dll
c:\windows\system32\_004989_.tmp.dll
c:\windows\system32\_004990_.tmp.dll
c:\windows\system32\_004991_.tmp.dll
c:\windows\system32\_004994_.tmp.dll
c:\windows\system32\_004995_.tmp.dll
c:\windows\system32\_004996_.tmp.dll
c:\windows\system32\_004997_.tmp.dll
c:\windows\system32\_004998_.tmp.dll
c:\windows\system32\_005003_.tmp.dll
c:\windows\system32\_005005_.tmp.dll
c:\windows\system32\userini.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-24 do 2010-06-24 )))))))))))))))))))))))))))))))
.
2010-06-24 15:23 . 2010-06-24 15:23 -------- d-----w- c:\documents and settings\David\DoctorWeb
2010-06-19 11:08 . 2010-06-19 11:08 -------- d-----w- c:\windows\SysWOW64
2010-06-19 11:08 . 2010-06-19 11:08 -------- d-----w- c:\windows\system32\spp
2010-06-19 11:08 . 2010-06-19 11:08 -------- d-----w- c:\windows\ServiceProfiles
2010-06-18 19:07 . 2010-06-18 19:07 -------- d-----w- C:\_OTM
2010-06-18 19:06 . 2010-06-18 19:07 518656 ----a-w- C:\OTM.exe
2010-06-17 19:26 . 2008-05-08 12:52 65536 ----a-w- c:\windows\system32\HPPLVS.dll
2010-06-17 19:26 . 2009-09-22 09:50 293888 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HP1006S.DLL
2010-06-17 19:26 . 2009-09-22 09:50 284160 ----a-w- c:\windows\system32\HP1006LM.DLL
2010-06-16 19:02 . 2010-06-16 19:02 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-16 14:18 . 2010-06-16 14:18 7168 ----a-w- c:\windows\system32\drivers\utm3mtq3.sys
2010-06-15 10:28 . 2010-06-15 10:28 -------- d-----w- c:\windows\ServicePackFiles
2010-06-15 10:04 . 2003-04-16 12:00 624640 ----a-w- c:\windows\system32\advapi32.dll
2010-06-15 10:03 . 2005-03-02 18:18 2040704 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-15 10:03 . 2005-03-02 18:18 1955712 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-13 19:27 . 2010-06-24 16:34 -------- d-----w- c:\windows\system32\CatRoot2
2010-06-13 13:31 . 2003-04-16 12:00 42573 -c--a-w- c:\windows\system32\dllcache\hrtzzm.exe
2010-06-13 13:29 . 2003-04-16 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2010-06-13 06:00 . 2010-06-13 06:16 -------- d-----w- c:\program files\Makov kodek
2010-06-13 05:53 . 2006-07-14 15:58 307200 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-06-12 19:31 . 2008-04-14 06:51 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-06-12 17:33 . 2005-10-20 22:34 992768 ----a-w- c:\windows\system32\esent.dll
2010-06-12 17:33 . 2006-05-19 12:40 140288 -c----w- c:\windows\system32\dllcache\dnsapi.dll
2010-06-12 17:33 . 2006-05-19 12:40 102912 -c----w- c:\windows\system32\dllcache\dhcpcsvc.dll
2010-06-12 17:32 . 2005-08-22 18:37 154624 ----a-w- c:\windows\system32\netman.dll
2010-06-12 17:32 . 2005-08-23 03:53 112128 ------w- c:\windows\system32\umpnpmgr.dll
2010-06-12 17:32 . 2004-10-28 01:31 92672 -c----w- c:\windows\system32\dllcache\cscdll.dll
2010-06-12 17:32 . 2004-10-28 01:31 92672 ----a-w- c:\windows\system32\cscdll.dll
2010-06-12 17:32 . 2006-05-05 09:40 166656 -c----w- c:\windows\system32\dllcache\rdbss.sys
2010-06-12 17:32 . 2006-05-05 09:31 433152 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-12 06:46 . 2001-10-24 10:25 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-06-12 06:46 . 2001-10-24 10:25 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-06-12 06:46 . 2001-10-24 10:25 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-06-12 06:46 . 2001-08-18 04:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-06-12 06:46 . 2001-08-17 18:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-06-12 06:44 . 2001-08-17 19:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2010-06-12 06:43 . 2001-10-24 10:24 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2010-06-12 06:42 . 2001-10-24 09:56 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2010-06-12 06:41 . 2001-10-24 10:24 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2010-06-12 06:40 . 2001-08-17 19:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-06-12 06:39 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-06-12 06:38 . 2001-10-24 10:24 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2010-06-12 06:37 . 2001-10-24 10:24 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2010-06-12 06:37 . 2001-08-17 18:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2010-06-12 06:37 . 2001-08-17 18:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2010-06-12 06:37 . 2001-08-17 18:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2010-06-12 06:37 . 2001-08-17 18:14 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2010-06-12 06:37 . 2001-08-17 18:14 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2010-06-12 06:33 . 2001-10-24 10:24 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-06-12 06:33 . 2001-08-17 18:13 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2010-06-12 06:33 . 2001-08-17 18:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2010-06-12 06:33 . 2001-08-17 18:12 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2010-06-12 06:33 . 2001-08-17 18:12 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys
2010-06-12 06:33 . 2001-08-17 18:11 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2010-06-12 06:33 . 2001-08-17 18:11 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2010-06-12 06:33 . 2001-08-17 19:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2010-06-12 06:33 . 2001-08-17 18:12 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys
2010-06-12 06:33 . 2001-10-24 10:24 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2010-06-12 06:33 . 2001-10-24 10:24 45568 -c--a-w- c:\windows\system32\dllcache\esuni.dll
2010-06-12 06:33 . 2001-10-24 10:24 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll
2010-06-12 06:31 . 2001-10-24 10:24 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2010-06-12 06:30 . 2001-10-24 10:25 32256 -c--a-w- c:\windows\system32\dllcache\brmfrsmg.exe
2010-06-12 06:29 . 2001-10-24 10:24 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2010-06-12 06:29 . 2001-08-17 19:52 23552 -c--a-w- c:\windows\system32\dllcache\abp480n5.sys
2010-06-12 06:29 . 2001-08-17 18:12 184320 -c--a-w- c:\windows\system32\dllcache\ac300nd5.sys
2010-06-12 06:29 . 2001-08-17 18:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2010-06-12 06:29 . 2001-10-24 10:24 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2010-06-12 06:29 . 2001-08-17 19:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2010-06-12 06:29 . 2001-08-17 20:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2010-06-12 06:29 . 2001-10-24 10:24 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-06-12 06:17 . 2008-04-14 06:51 87552 ----a-w- c:\windows\system32\fldrclnr.dll
2010-06-12 06:17 . 2004-08-20 21:53 701440 ------w- c:\windows\system32\sxs.dll
2010-06-12 06:17 . 2004-07-01 22:10 331776 ------w- c:\windows\system32\winhttp.dll
2010-06-12 06:17 . 2004-07-01 22:10 17408 ------w- c:\windows\system32\qmgrprxy.dll
2010-06-11 21:51 . 2010-06-11 21:56 -------- d-----w- c:\program files\Webteh
2010-06-11 20:52 . 2010-06-11 20:58 -------- d-----w- c:\program files\Styler
2010-06-11 20:41 . 2010-06-11 20:41 -------- d-----w- c:\program files\RegCleaner
2010-06-11 19:36 . 2010-06-11 19:36 -------- d-----w- c:\program files\TeamViewer
2010-06-11 19:25 . 2010-06-11 19:25 -------- d-----w- c:\program files\CCleaner
2010-06-11 15:38 . 2010-06-11 15:38 -------- d-----w- c:\program files\Axis Communications
2010-06-11 12:43 . 2009-08-06 17:24 209632 ----a-w- c:\windows\system32\wuweb.dll
2010-06-10 14:46 . 2003-04-16 12:00 3072 ------w- c:\windows\system32\icmp.dll
2010-06-10 14:45 . 2003-04-16 12:00 68992 ------w- c:\windows\system32\drivers\_004924_.tmp.dll
2010-06-10 14:38 . 2010-06-15 09:55 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 11:33 . 2010-06-10 14:47 1004544 ----a-w- c:\windows\explorer.exe
2010-06-17 19:25 . 2009-01-12 19:33 -------- d-----w- c:\program files\HP
2010-06-15 16:36 . 2010-06-15 16:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-06-15 16:36 . 2010-06-15 16:36 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-06-15 10:39 . 2010-06-15 10:39 347523 ----a-w- c:\windows\Help\SET1239.tmp
2010-06-15 10:38 . 2005-04-19 10:45 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-15 10:38 . 2005-04-19 10:45 2378 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-12 20:35 . 2009-03-01 22:30 -------- d-----w- c:\program files\Common Files\LightScribe
2010-06-12 18:53 . 2009-02-28 08:12 -------- d-----r- c:\program files\Skype
2010-06-11 20:21 . 2004-01-01 16:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 20:18 . 2005-04-25 11:41 -------- d-----w- c:\program files\XnView
2010-06-08 11:43 . 2008-08-04 11:08 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-08 11:43 . 2007-10-10 17:06 -------- d-----w- c:\program files\USB Disk Win98 Driver
2010-06-08 11:43 . 2006-02-06 15:22 -------- d-----w- c:\program files\Volo View Express
2010-06-08 11:43 . 2008-05-23 11:25 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-08 11:43 . 2007-11-30 07:34 -------- d-----w- c:\program files\Doom Shareware for Windows 95
2010-06-08 11:43 . 2006-02-20 14:24 -------- d-----w- c:\program files\ACDSee32
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
c:\documents and settings\David\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Styler.lnk - c:\documents and settings\David\Data aplikacˇ\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2010-6-11 15086]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Hidden & Dangerous 2\\ServerLauncher.exe"=
"d:\\Hidden & Dangerous 2\\HD2DS.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"d:\\Xfire\\Xfire.exe"=
"d:\\Hidden & Dangerous 2\\hd2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-03-23 717296]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2004-08-25 9984]
R3 utm3mtq3;AVZ Kernel Driver;c:\windows\System32\Drivers\utm3mtq3.sys [2010-06-16 7168]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S1 aswSP;avast! Self Protection; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
mLocal Page =
IE: E&xportovat do aplikace Microsoft Office Excel - d:\micros~1\OFFICE11\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-userini - c:\windows\explorer.exe:userini.exe
HKLM-Run-userini - c:\windows\explorer.exe:userini.exe
HKLM-Explorer_Run-userini - c:\windows\explorer.exe:userini.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 18:39
Windows 5.1.2600 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\ODBC32.dll
- - - - - - - > 'lsass.exe'(572)
c:\windows\system32\dssenh.dll
- - - - - - - > 'explorer.exe'(1860)
c:\program files\Styler\StylerHelper.dll
c:\windows\System32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Styler\Styler.exe
.
**************************************************************************
.
Celkový čas: 2010-06-24 18:46:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-24 16:46
Před spuštěním: 3 885 854 720
Po spuštění: 3 773 915 136
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 9849E669030C945286C4DAE48CD89997
Spuštěný z: c:\documents and settings\David\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
ADS - explorer.exe: deleted 55808 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_004771_.tmp.dll
c:\windows\system32\_004947_.tmp.dll
c:\windows\system32\_004948_.tmp.dll
c:\windows\system32\_004949_.tmp.dll
c:\windows\system32\_004950_.tmp.dll
c:\windows\system32\_004957_.tmp.dll
c:\windows\system32\_004958_.tmp.dll
c:\windows\system32\_004959_.tmp.dll
c:\windows\system32\_004961_.tmp.dll
c:\windows\system32\_004962_.tmp.dll
c:\windows\system32\_004965_.tmp.dll
c:\windows\system32\_004966_.tmp.dll
c:\windows\system32\_004968_.tmp.dll
c:\windows\system32\_004969_.tmp.dll
c:\windows\system32\_004970_.tmp.dll
c:\windows\system32\_004972_.tmp.dll
c:\windows\system32\_004973_.tmp.dll
c:\windows\system32\_004974_.tmp.dll
c:\windows\system32\_004975_.tmp.dll
c:\windows\system32\_004976_.tmp.dll
c:\windows\system32\_004980_.tmp.dll
c:\windows\system32\_004981_.tmp.dll
c:\windows\system32\_004983_.tmp.dll
c:\windows\system32\_004984_.tmp.dll
c:\windows\system32\_004986_.tmp.dll
c:\windows\system32\_004988_.tmp.dll
c:\windows\system32\_004989_.tmp.dll
c:\windows\system32\_004990_.tmp.dll
c:\windows\system32\_004991_.tmp.dll
c:\windows\system32\_004994_.tmp.dll
c:\windows\system32\_004995_.tmp.dll
c:\windows\system32\_004996_.tmp.dll
c:\windows\system32\_004997_.tmp.dll
c:\windows\system32\_004998_.tmp.dll
c:\windows\system32\_005003_.tmp.dll
c:\windows\system32\_005005_.tmp.dll
c:\windows\system32\userini.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-24 do 2010-06-24 )))))))))))))))))))))))))))))))
.
2010-06-24 15:23 . 2010-06-24 15:23 -------- d-----w- c:\documents and settings\David\DoctorWeb
2010-06-19 11:08 . 2010-06-19 11:08 -------- d-----w- c:\windows\SysWOW64
2010-06-19 11:08 . 2010-06-19 11:08 -------- d-----w- c:\windows\system32\spp
2010-06-19 11:08 . 2010-06-19 11:08 -------- d-----w- c:\windows\ServiceProfiles
2010-06-18 19:07 . 2010-06-18 19:07 -------- d-----w- C:\_OTM
2010-06-18 19:06 . 2010-06-18 19:07 518656 ----a-w- C:\OTM.exe
2010-06-17 19:26 . 2008-05-08 12:52 65536 ----a-w- c:\windows\system32\HPPLVS.dll
2010-06-17 19:26 . 2009-09-22 09:50 293888 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HP1006S.DLL
2010-06-17 19:26 . 2009-09-22 09:50 284160 ----a-w- c:\windows\system32\HP1006LM.DLL
2010-06-16 19:02 . 2010-06-16 19:02 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-16 14:18 . 2010-06-16 14:18 7168 ----a-w- c:\windows\system32\drivers\utm3mtq3.sys
2010-06-15 10:28 . 2010-06-15 10:28 -------- d-----w- c:\windows\ServicePackFiles
2010-06-15 10:04 . 2003-04-16 12:00 624640 ----a-w- c:\windows\system32\advapi32.dll
2010-06-15 10:03 . 2005-03-02 18:18 2040704 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-15 10:03 . 2005-03-02 18:18 1955712 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-13 19:27 . 2010-06-24 16:34 -------- d-----w- c:\windows\system32\CatRoot2
2010-06-13 13:31 . 2003-04-16 12:00 42573 -c--a-w- c:\windows\system32\dllcache\hrtzzm.exe
2010-06-13 13:29 . 2003-04-16 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2010-06-13 06:00 . 2010-06-13 06:16 -------- d-----w- c:\program files\Makov kodek
2010-06-13 05:53 . 2006-07-14 15:58 307200 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-06-12 19:31 . 2008-04-14 06:51 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-06-12 17:33 . 2005-10-20 22:34 992768 ----a-w- c:\windows\system32\esent.dll
2010-06-12 17:33 . 2006-05-19 12:40 140288 -c----w- c:\windows\system32\dllcache\dnsapi.dll
2010-06-12 17:33 . 2006-05-19 12:40 102912 -c----w- c:\windows\system32\dllcache\dhcpcsvc.dll
2010-06-12 17:32 . 2005-08-22 18:37 154624 ----a-w- c:\windows\system32\netman.dll
2010-06-12 17:32 . 2005-08-23 03:53 112128 ------w- c:\windows\system32\umpnpmgr.dll
2010-06-12 17:32 . 2004-10-28 01:31 92672 -c----w- c:\windows\system32\dllcache\cscdll.dll
2010-06-12 17:32 . 2004-10-28 01:31 92672 ----a-w- c:\windows\system32\cscdll.dll
2010-06-12 17:32 . 2006-05-05 09:40 166656 -c----w- c:\windows\system32\dllcache\rdbss.sys
2010-06-12 17:32 . 2006-05-05 09:31 433152 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-12 06:46 . 2001-10-24 10:25 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-06-12 06:46 . 2001-10-24 10:25 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-06-12 06:46 . 2001-10-24 10:25 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-06-12 06:46 . 2001-08-18 04:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-06-12 06:46 . 2001-08-17 18:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-06-12 06:44 . 2001-08-17 19:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2010-06-12 06:43 . 2001-10-24 10:24 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2010-06-12 06:42 . 2001-10-24 09:56 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2010-06-12 06:41 . 2001-10-24 10:24 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2010-06-12 06:40 . 2001-08-17 19:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-06-12 06:39 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-06-12 06:38 . 2001-10-24 10:24 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2010-06-12 06:37 . 2001-10-24 10:24 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2010-06-12 06:37 . 2001-08-17 18:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2010-06-12 06:37 . 2001-08-17 18:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2010-06-12 06:37 . 2001-08-17 18:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2010-06-12 06:37 . 2001-08-17 18:14 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2010-06-12 06:37 . 2001-08-17 18:14 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2010-06-12 06:33 . 2001-10-24 10:24 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-06-12 06:33 . 2001-08-17 18:13 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2010-06-12 06:33 . 2001-08-17 18:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2010-06-12 06:33 . 2001-08-17 18:12 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2010-06-12 06:33 . 2001-08-17 18:12 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys
2010-06-12 06:33 . 2001-08-17 18:11 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2010-06-12 06:33 . 2001-08-17 18:11 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2010-06-12 06:33 . 2001-08-17 19:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2010-06-12 06:33 . 2001-08-17 18:12 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys
2010-06-12 06:33 . 2001-10-24 10:24 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2010-06-12 06:33 . 2001-10-24 10:24 45568 -c--a-w- c:\windows\system32\dllcache\esuni.dll
2010-06-12 06:33 . 2001-10-24 10:24 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll
2010-06-12 06:31 . 2001-10-24 10:24 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2010-06-12 06:30 . 2001-10-24 10:25 32256 -c--a-w- c:\windows\system32\dllcache\brmfrsmg.exe
2010-06-12 06:29 . 2001-10-24 10:24 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2010-06-12 06:29 . 2001-08-17 19:52 23552 -c--a-w- c:\windows\system32\dllcache\abp480n5.sys
2010-06-12 06:29 . 2001-08-17 18:12 184320 -c--a-w- c:\windows\system32\dllcache\ac300nd5.sys
2010-06-12 06:29 . 2001-08-17 18:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2010-06-12 06:29 . 2001-10-24 10:24 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2010-06-12 06:29 . 2001-08-17 19:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2010-06-12 06:29 . 2001-08-17 20:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2010-06-12 06:29 . 2001-10-24 10:24 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-06-12 06:17 . 2008-04-14 06:51 87552 ----a-w- c:\windows\system32\fldrclnr.dll
2010-06-12 06:17 . 2004-08-20 21:53 701440 ------w- c:\windows\system32\sxs.dll
2010-06-12 06:17 . 2004-07-01 22:10 331776 ------w- c:\windows\system32\winhttp.dll
2010-06-12 06:17 . 2004-07-01 22:10 17408 ------w- c:\windows\system32\qmgrprxy.dll
2010-06-11 21:51 . 2010-06-11 21:56 -------- d-----w- c:\program files\Webteh
2010-06-11 20:52 . 2010-06-11 20:58 -------- d-----w- c:\program files\Styler
2010-06-11 20:41 . 2010-06-11 20:41 -------- d-----w- c:\program files\RegCleaner
2010-06-11 19:36 . 2010-06-11 19:36 -------- d-----w- c:\program files\TeamViewer
2010-06-11 19:25 . 2010-06-11 19:25 -------- d-----w- c:\program files\CCleaner
2010-06-11 15:38 . 2010-06-11 15:38 -------- d-----w- c:\program files\Axis Communications
2010-06-11 12:43 . 2009-08-06 17:24 209632 ----a-w- c:\windows\system32\wuweb.dll
2010-06-10 14:46 . 2003-04-16 12:00 3072 ------w- c:\windows\system32\icmp.dll
2010-06-10 14:45 . 2003-04-16 12:00 68992 ------w- c:\windows\system32\drivers\_004924_.tmp.dll
2010-06-10 14:38 . 2010-06-15 09:55 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 11:33 . 2010-06-10 14:47 1004544 ----a-w- c:\windows\explorer.exe
2010-06-17 19:25 . 2009-01-12 19:33 -------- d-----w- c:\program files\HP
2010-06-15 16:36 . 2010-06-15 16:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-06-15 16:36 . 2010-06-15 16:36 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-06-15 10:39 . 2010-06-15 10:39 347523 ----a-w- c:\windows\Help\SET1239.tmp
2010-06-15 10:38 . 2005-04-19 10:45 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-15 10:38 . 2005-04-19 10:45 2378 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-12 20:35 . 2009-03-01 22:30 -------- d-----w- c:\program files\Common Files\LightScribe
2010-06-12 18:53 . 2009-02-28 08:12 -------- d-----r- c:\program files\Skype
2010-06-11 20:21 . 2004-01-01 16:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 20:18 . 2005-04-25 11:41 -------- d-----w- c:\program files\XnView
2010-06-08 11:43 . 2008-08-04 11:08 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-08 11:43 . 2007-10-10 17:06 -------- d-----w- c:\program files\USB Disk Win98 Driver
2010-06-08 11:43 . 2006-02-06 15:22 -------- d-----w- c:\program files\Volo View Express
2010-06-08 11:43 . 2008-05-23 11:25 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-08 11:43 . 2007-11-30 07:34 -------- d-----w- c:\program files\Doom Shareware for Windows 95
2010-06-08 11:43 . 2006-02-20 14:24 -------- d-----w- c:\program files\ACDSee32
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
c:\documents and settings\David\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Styler.lnk - c:\documents and settings\David\Data aplikacˇ\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2010-6-11 15086]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Hidden & Dangerous 2\\ServerLauncher.exe"=
"d:\\Hidden & Dangerous 2\\HD2DS.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"d:\\Xfire\\Xfire.exe"=
"d:\\Hidden & Dangerous 2\\hd2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-03-23 717296]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2004-08-25 9984]
R3 utm3mtq3;AVZ Kernel Driver;c:\windows\System32\Drivers\utm3mtq3.sys [2010-06-16 7168]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S1 aswSP;avast! Self Protection; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
mLocal Page =
IE: E&xportovat do aplikace Microsoft Office Excel - d:\micros~1\OFFICE11\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-userini - c:\windows\explorer.exe:userini.exe
HKLM-Run-userini - c:\windows\explorer.exe:userini.exe
HKLM-Explorer_Run-userini - c:\windows\explorer.exe:userini.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 18:39
Windows 5.1.2600 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\ODBC32.dll
- - - - - - - > 'lsass.exe'(572)
c:\windows\system32\dssenh.dll
- - - - - - - > 'explorer.exe'(1860)
c:\program files\Styler\StylerHelper.dll
c:\windows\System32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Styler\Styler.exe
.
**************************************************************************
.
Celkový čas: 2010-06-24 18:46:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-24 16:46
Před spuštěním: 3 885 854 720
Po spuštění: 3 773 915 136
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 9849E669030C945286C4DAE48CD89997
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Problém se zapnutím PC
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\program files\Styler\Styler.exe
c:\program files\Styler\StylerHelper.dll
c:\windows\explorer.exe
Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows\system32\drivers\utm3mtq3.sys
c:\windows\system32\drivers\_004924_.tmp.dll
c:\windows\Help\SET1239.tmp
Driver::
utm3mtq3
DirLook::
c:\windows\system32\spp
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\program files\Styler\Styler.exe
c:\program files\Styler\StylerHelper.dll
c:\windows\explorer.exe
Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Problém se zapnutím PC
ComboFix 10-06-23.05 - David 24.06.2010 21:43:07.5.1 - x86
Spuštěný z: c:\documents and settings\David\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\David\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
FILE ::
"c:\windows\Help\SET1239.tmp"
"c:\windows\system32\drivers\_004924_.tmp.dll"
"c:\windows\system32\drivers\utm3mtq3.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Help\SET1239.tmp
c:\windows\system32\drivers\_004924_.tmp.dll
c:\windows\system32\drivers\utm3mtq3.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_UTM3MTQ3
-------\Service_utm3mtq3
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-24 do 2010-06-24 )))))))))))))))))))))))))))))))
.
2010-06-24 15:23 . 2010-06-24 15:23 -------- d-----w- c:\documents and settings\David\DoctorWeb
2010-06-19 11:08 . 2010-06-19 11:08 -------- d-----w- c:\windows\SysWOW64
2010-06-19 11:08 . 2010-06-19 11:08 -------- d-----w- c:\windows\system32\spp
2010-06-19 11:08 . 2010-06-19 11:08 -------- d-----w- c:\windows\ServiceProfiles
2010-06-18 19:07 . 2010-06-18 19:07 -------- d-----w- C:\_OTM
2010-06-18 19:06 . 2010-06-18 19:07 518656 ----a-w- C:\OTM.exe
2010-06-17 19:26 . 2008-05-08 12:52 65536 ----a-w- c:\windows\system32\HPPLVS.dll
2010-06-17 19:26 . 2009-09-22 09:50 293888 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HP1006S.DLL
2010-06-17 19:26 . 2009-09-22 09:50 284160 ----a-w- c:\windows\system32\HP1006LM.DLL
2010-06-16 19:02 . 2010-06-16 19:02 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-15 10:28 . 2010-06-15 10:28 -------- d-----w- c:\windows\ServicePackFiles
2010-06-15 10:04 . 2003-04-16 12:00 624640 ----a-w- c:\windows\system32\advapi32.dll
2010-06-15 10:03 . 2005-03-02 18:18 2040704 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-15 10:03 . 2005-03-02 18:18 1955712 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-13 19:27 . 2010-06-24 19:51 -------- d-----w- c:\windows\system32\CatRoot2
2010-06-13 13:31 . 2003-04-16 12:00 42573 -c--a-w- c:\windows\system32\dllcache\hrtzzm.exe
2010-06-13 13:29 . 2003-04-16 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2010-06-13 06:00 . 2010-06-13 06:16 -------- d-----w- c:\program files\Makov kodek
2010-06-13 05:53 . 2006-07-14 15:58 307200 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-06-12 19:31 . 2008-04-14 06:51 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-06-12 17:33 . 2005-10-20 22:34 992768 ----a-w- c:\windows\system32\esent.dll
2010-06-12 17:33 . 2006-05-19 12:40 140288 -c----w- c:\windows\system32\dllcache\dnsapi.dll
2010-06-12 17:33 . 2006-05-19 12:40 102912 -c----w- c:\windows\system32\dllcache\dhcpcsvc.dll
2010-06-12 17:32 . 2005-08-22 18:37 154624 ----a-w- c:\windows\system32\netman.dll
2010-06-12 17:32 . 2005-08-23 03:53 112128 ------w- c:\windows\system32\umpnpmgr.dll
2010-06-12 17:32 . 2004-10-28 01:31 92672 -c----w- c:\windows\system32\dllcache\cscdll.dll
2010-06-12 17:32 . 2004-10-28 01:31 92672 ----a-w- c:\windows\system32\cscdll.dll
2010-06-12 17:32 . 2006-05-05 09:40 166656 -c----w- c:\windows\system32\dllcache\rdbss.sys
2010-06-12 17:32 . 2006-05-05 09:31 433152 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-12 06:46 . 2001-10-24 10:25 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-06-12 06:46 . 2001-10-24 10:25 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-06-12 06:46 . 2001-10-24 10:25 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-06-12 06:46 . 2001-08-18 04:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-06-12 06:46 . 2001-08-17 18:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-06-12 06:44 . 2001-08-17 19:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2010-06-12 06:43 . 2001-10-24 10:24 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2010-06-12 06:42 . 2001-10-24 09:56 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2010-06-12 06:41 . 2001-10-24 10:24 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2010-06-12 06:40 . 2001-08-17 19:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-06-12 06:39 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-06-12 06:38 . 2001-10-24 10:24 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2010-06-12 06:37 . 2001-10-24 10:24 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2010-06-12 06:37 . 2001-08-17 18:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2010-06-12 06:37 . 2001-08-17 18:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2010-06-12 06:37 . 2001-08-17 18:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2010-06-12 06:37 . 2001-08-17 18:14 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2010-06-12 06:37 . 2001-08-17 18:14 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2010-06-12 06:33 . 2001-10-24 10:24 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-06-12 06:33 . 2001-08-17 18:13 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2010-06-12 06:33 . 2001-08-17 18:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2010-06-12 06:33 . 2001-08-17 18:12 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2010-06-12 06:33 . 2001-08-17 18:12 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys
2010-06-12 06:33 . 2001-08-17 18:11 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2010-06-12 06:33 . 2001-08-17 18:11 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2010-06-12 06:33 . 2001-08-17 19:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2010-06-12 06:33 . 2001-08-17 18:12 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys
2010-06-12 06:33 . 2001-10-24 10:24 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2010-06-12 06:33 . 2001-10-24 10:24 45568 -c--a-w- c:\windows\system32\dllcache\esuni.dll
2010-06-12 06:33 . 2001-10-24 10:24 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll
2010-06-12 06:31 . 2001-10-24 10:24 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2010-06-12 06:30 . 2001-10-24 10:25 32256 -c--a-w- c:\windows\system32\dllcache\brmfrsmg.exe
2010-06-12 06:29 . 2001-10-24 10:24 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2010-06-12 06:29 . 2001-08-17 19:52 23552 -c--a-w- c:\windows\system32\dllcache\abp480n5.sys
2010-06-12 06:29 . 2001-08-17 18:12 184320 -c--a-w- c:\windows\system32\dllcache\ac300nd5.sys
2010-06-12 06:29 . 2001-08-17 18:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2010-06-12 06:29 . 2001-10-24 10:24 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2010-06-12 06:29 . 2001-08-17 19:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2010-06-12 06:29 . 2001-08-17 20:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2010-06-12 06:29 . 2001-10-24 10:24 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-06-12 06:17 . 2008-04-14 06:51 87552 ----a-w- c:\windows\system32\fldrclnr.dll
2010-06-12 06:17 . 2004-08-20 21:53 701440 ------w- c:\windows\system32\sxs.dll
2010-06-12 06:17 . 2004-07-01 22:10 331776 ------w- c:\windows\system32\winhttp.dll
2010-06-12 06:17 . 2004-07-01 22:10 17408 ------w- c:\windows\system32\qmgrprxy.dll
2010-06-11 21:51 . 2010-06-11 21:56 -------- d-----w- c:\program files\Webteh
2010-06-11 20:52 . 2010-06-11 20:58 -------- d-----w- c:\program files\Styler
2010-06-11 20:41 . 2010-06-11 20:41 -------- d-----w- c:\program files\RegCleaner
2010-06-11 19:36 . 2010-06-11 19:36 -------- d-----w- c:\program files\TeamViewer
2010-06-11 19:25 . 2010-06-11 19:25 -------- d-----w- c:\program files\CCleaner
2010-06-11 15:38 . 2010-06-11 15:38 -------- d-----w- c:\program files\Axis Communications
2010-06-11 12:43 . 2009-08-06 17:24 209632 ----a-w- c:\windows\system32\wuweb.dll
2010-06-10 14:46 . 2003-04-16 12:00 3072 ------w- c:\windows\system32\icmp.dll
2010-06-10 14:38 . 2010-06-15 09:55 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 11:33 . 2010-06-10 14:47 1004544 ----a-w- c:\windows\explorer.exe
2010-06-17 19:25 . 2009-01-12 19:33 -------- d-----w- c:\program files\HP
2010-06-15 16:36 . 2010-06-15 16:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-06-15 16:36 . 2010-06-15 16:36 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-06-15 10:38 . 2005-04-19 10:45 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-15 10:38 . 2005-04-19 10:45 2378 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-12 20:35 . 2009-03-01 22:30 -------- d-----w- c:\program files\Common Files\LightScribe
2010-06-12 18:53 . 2009-02-28 08:12 -------- d-----r- c:\program files\Skype
2010-06-11 20:21 . 2004-01-01 16:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 20:18 . 2005-04-25 11:41 -------- d-----w- c:\program files\XnView
2010-06-08 11:43 . 2008-08-04 11:08 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-08 11:43 . 2007-10-10 17:06 -------- d-----w- c:\program files\USB Disk Win98 Driver
2010-06-08 11:43 . 2006-02-06 15:22 -------- d-----w- c:\program files\Volo View Express
2010-06-08 11:43 . 2008-05-23 11:25 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-08 11:43 . 2007-11-30 07:34 -------- d-----w- c:\program files\Doom Shareware for Windows 95
2010-06-08 11:43 . 2006-02-20 14:24 -------- d-----w- c:\program files\ACDSee32
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\spp ----
2010-06-19 11:08 . 2009-07-14 00:27 16271 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-ul-phn.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 16271 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-RETAIL1-ul-phn.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13053 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-ul-oob.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13299 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-RETAIL1-pl.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13053 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-RETAIL1-ul-oob.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 16281 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-OEM-SLPCOA-ul-phn.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13299 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-pl.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13063 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-OEM-SLPCOA-ul-oob.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13299 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-OEM-SLPCOA-pl.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 11646 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-OEM-SLP-ul.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 16283 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-OEM-NONSLP-ul-phn.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13055 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-OEM-SLP-ul-oob.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13299 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-OEM-NONSLP-pl.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13065 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-OEM-NONSLP-ul-oob.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3019 ----a-w- c:\windows\system32\spp\tokens\ppdlic\WorkstationService-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3198 ----a-w- c:\windows\system32\spp\tokens\ppdlic\volmgrx-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3028 ----a-w- c:\windows\system32\spp\tokens\ppdlic\WindowsSearchComponent-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3123 ----a-w- c:\windows\system32\spp\tokens\ppdlic\WMPPlayer-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3084 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TerminalServices-RemoteConnectionManager-UiEffects-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3011 ----a-w- c:\windows\system32\spp\tokens\ppdlic\VirtualPC-licensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3011 ----a-w- c:\windows\system32\spp\tokens\ppdlic\VirtualXP-licensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3375 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TerminalServices-DeviceRedirection-Licenses-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3067 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TerminalServices-RemoteApplications-ClientSku-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 4420 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TerminalServices-RemoteConnectionManager-License-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3240 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TabletPCPlatformInput-core-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3046 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TabletPCCoreInkRecognitionLicensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3112 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TabletPCInputPanel-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3043 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TabletPCInputPersonalization-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3009 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TabletPC-tabbtn-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3139 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TabletPC-UIHub-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3092 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TabletPCAccessories-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3015 ----a-w- c:\windows\system32\spp\tokens\ppdlic\SnippingToolLicensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3013 ----a-w- c:\windows\system32\spp\tokens\ppdlic\StickyNotesLicensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3035 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TabletPC-MathInputLicensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3035 ----a-w- c:\windows\system32\spp\tokens\ppdlic\SLC-Component-SKU-OCUR-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3229 ----a-w- c:\windows\system32\spp\tokens\ppdlic\SMBServer-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3044 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-MultiplayerInboxGames-Spades-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3034 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-PremiumInBoxGames-Chess-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3023 ----a-w- c:\windows\system32\spp\tokens\ppdlic\shell32-license-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3052 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-MultiplayerInboxGames-Backgammon-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3048 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-MultiplayerInboxGames-Checkers-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3044 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-MultiplayerInboxGames-Common-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3028 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-InBoxGames-Solitaire-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3040 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-InBoxGames-SpiderSolitaire-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3026 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-InBoxGames-Shanghai-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3032 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-InBoxGames-Minesweeper-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3032 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-InBoxGames-PurblePlace-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3026 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-InBoxGames-FreeCell-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3022 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-InBoxGames-Hearts-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3030 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Security-SPP-UX-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3003 ----a-w- c:\windows\system32\spp\tokens\ppdlic\shell-homegroup-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3787 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Security-SPP-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 16635 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Security-SPP-Component-SKU-Ultimate-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3074 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Security-SPP-Component-SKU-OCUR-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3230 ----a-w- c:\windows\system32\spp\tokens\ppdlic\SecureStartupFeature-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3011 ----a-w- c:\windows\system32\spp\tokens\ppdlic\provsvc-license-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3116 ----a-w- c:\windows\system32\spp\tokens\ppdlic\RasBase-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3160 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Printing-Spooler-Core-Spoolss-Licensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3033 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Printing-Spooler-Pmc-Licensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3053 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Printing-Spooler-Core-Localspl-Licensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3074 ----a-w- c:\windows\system32\spp\tokens\ppdlic\PhotoMinFeature-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3003 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Personalization-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3318 ----a-w- c:\windows\system32\spp\tokens\ppdlic\PeerToPeerBase-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3011 ----a-w- c:\windows\system32\spp\tokens\ppdlic\parentalcontrols-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3221 ----a-w- c:\windows\system32\spp\tokens\ppdlic\PeerDist-Common-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3028 ----a-w- c:\windows\system32\spp\tokens\ppdlic\NetworkSecurity-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 2987 ----a-w- c:\windows\system32\spp\tokens\ppdlic\OMD-API-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3097 ----a-w- c:\windows\system32\spp\tokens\ppdlic\NetworkProjection-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3162 ----a-w- c:\windows\system32\spp\tokens\ppdlic\msmpeg2enc-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3391 ----a-w- c:\windows\system32\spp\tokens\ppdlic\msmpeg2vdec-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3379 ----a-w- c:\windows\system32\spp\tokens\ppdlic\msmpeg2adec-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3030 ----a-w- c:\windows\system32\spp\tokens\ppdlic\MobilePCMobilityCenter-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3048 ----a-w- c:\windows\system32\spp\tokens\ppdlic\MobilePCPresentationSettings-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3160 ----a-w- c:\windows\system32\spp\tokens\ppdlic\msac3enc-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3039 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-SensorsLicense-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3194 ----a-w- c:\windows\system32\spp\tokens\ppdlic\MicrosoftWindowsSafeDocsMain-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3105 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-QWAVE-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3049 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-NetworkBridge-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3144 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-OfflineFiles-Core-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3118 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-Fax-Common-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3175 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-InternetConnectionSharingConfig-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3867 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-Core-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3573 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-DesktopWindowManager-Core-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3030 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-DOT11PREF-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3292 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-AuxiliaryDisplay-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 2998 ----a-w- c:\windows\system32\spp\tokens\ppdlic\MediaCenter-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3351 ----a-w- c:\windows\system32\spp\tokens\ppdlic\MCLicense-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3044 ----a-w- c:\windows\system32\spp\tokens\ppdlic\MathRecognizerEventsLicensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3133 ----a-w- c:\windows\system32\spp\tokens\ppdlic\LSA-License-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 4947 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Kernel-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3133 ----a-w- c:\windows\system32\spp\tokens\ppdlic\IASLicensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3184 ----a-w- c:\windows\system32\spp\tokens\ppdlic\GroupPolicy-License-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3056 ----a-w- c:\windows\system32\spp\tokens\ppdlic\feclient-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3065 ----a-w- c:\windows\system32\spp\tokens\ppdlic\explorer-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3010 ----a-w- c:\windows\system32\spp\tokens\ppdlic\DNS-Client-license-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3022 ----a-w- c:\windows\system32\spp\tokens\ppdlic\DirectExperience-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3019 ----a-w- c:\windows\system32\spp\tokens\ppdlic\ChangeDesktopBackground-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3023 ----a-w- c:\windows\system32\spp\tokens\ppdlic\ACLUIFileFolderTool-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3013 ----a-w- c:\windows\system32\spp\tokens\ppdlic\appid-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 783424 ----a-w- c:\windows\system32\spp\tokens\pkeyconfig\pkeyconfig.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3617 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-wgalic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 4140 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-ul.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 4339 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-ul-phn.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 4324 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-ul-oob.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3313 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-stil.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 5001 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-ul-oem.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 7371 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-rac.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 5259 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-spc.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3338 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-ppd.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3267 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-plugin-manifest.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3033 ----a-w- c:\windows\system32\spp\tokens\identity\spc-generic-public.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3241 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-pkc.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 5463 ----a-w- c:\windows\system32\spp\tokens\identity\spc-generic-private.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 5105 ----a-w- c:\windows\system32\spp\tokens\identity\rac-generic-private.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3978 ----a-w- c:\windows\system32\spp\tokens\identity\rac-generic-public.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 16375 ----a-w- c:\windows\system32\spp\tokens\channels\OCUR\Security-SPP-Component-SKU-OCUR-ul-phn.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 11853 ----a-w- c:\windows\system32\spp\tokens\channels\OCUR\Security-SPP-Component-SKU-OCUR-ul-oob.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 16375 ----a-w- c:\windows\system32\spp\tokens\channels\OCUR\Security-SPP-Component-SKU-OCUR-RETAIL1-ul-phn.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13352 ----a-w- c:\windows\system32\spp\tokens\channels\OCUR\Security-SPP-Component-SKU-OCUR-RETAIL1-pl.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 11853 ----a-w- c:\windows\system32\spp\tokens\channels\OCUR\Security-SPP-Component-SKU-OCUR-RETAIL1-ul-oob.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13352 ----a-w- c:\windows\system32\spp\tokens\channels\OCUR\Security-SPP-Component-SKU-OCUR-pl.xrm-ms
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
c:\documents and settings\David\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Styler.lnk - c:\documents and settings\David\Data aplikacˇ\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2010-6-11 15086]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Hidden & Dangerous 2\\ServerLauncher.exe"=
"d:\\Hidden & Dangerous 2\\HD2DS.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"d:\\Xfire\\Xfire.exe"=
"d:\\Hidden & Dangerous 2\\hd2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-03-23 717296]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2004-08-25 9984]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S1 aswSP;avast! Self Protection; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
mLocal Page =
IE: E&xportovat do aplikace Microsoft Office Excel - d:\micros~1\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 21:57
Windows 5.1.2600 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\ODBC32.dll
- - - - - - - > 'lsass.exe'(572)
c:\windows\system32\dssenh.dll
- - - - - - - > 'explorer.exe'(1676)
c:\program files\Styler\StylerHelper.dll
c:\windows\System32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Styler\Styler.exe
c:\windows\System32\taskmgr.exe
.
**************************************************************************
.
Celkový čas: 2010-06-24 22:02:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-24 20:02
ComboFix2.txt 2010-06-24 16:46
Před spuštěním: 3 759 869 952
Po spuštění: 3 734 753 280
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 190E009D68997D4EE7BBF1A12B674155
Spuštěný z: c:\documents and settings\David\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\David\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
FILE ::
"c:\windows\Help\SET1239.tmp"
"c:\windows\system32\drivers\_004924_.tmp.dll"
"c:\windows\system32\drivers\utm3mtq3.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Help\SET1239.tmp
c:\windows\system32\drivers\_004924_.tmp.dll
c:\windows\system32\drivers\utm3mtq3.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_UTM3MTQ3
-------\Service_utm3mtq3
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-24 do 2010-06-24 )))))))))))))))))))))))))))))))
.
2010-06-24 15:23 . 2010-06-24 15:23 -------- d-----w- c:\documents and settings\David\DoctorWeb
2010-06-19 11:08 . 2010-06-19 11:08 -------- d-----w- c:\windows\SysWOW64
2010-06-19 11:08 . 2010-06-19 11:08 -------- d-----w- c:\windows\system32\spp
2010-06-19 11:08 . 2010-06-19 11:08 -------- d-----w- c:\windows\ServiceProfiles
2010-06-18 19:07 . 2010-06-18 19:07 -------- d-----w- C:\_OTM
2010-06-18 19:06 . 2010-06-18 19:07 518656 ----a-w- C:\OTM.exe
2010-06-17 19:26 . 2008-05-08 12:52 65536 ----a-w- c:\windows\system32\HPPLVS.dll
2010-06-17 19:26 . 2009-09-22 09:50 293888 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HP1006S.DLL
2010-06-17 19:26 . 2009-09-22 09:50 284160 ----a-w- c:\windows\system32\HP1006LM.DLL
2010-06-16 19:02 . 2010-06-16 19:02 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-15 10:28 . 2010-06-15 10:28 -------- d-----w- c:\windows\ServicePackFiles
2010-06-15 10:04 . 2003-04-16 12:00 624640 ----a-w- c:\windows\system32\advapi32.dll
2010-06-15 10:03 . 2005-03-02 18:18 2040704 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-15 10:03 . 2005-03-02 18:18 1955712 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-13 19:27 . 2010-06-24 19:51 -------- d-----w- c:\windows\system32\CatRoot2
2010-06-13 13:31 . 2003-04-16 12:00 42573 -c--a-w- c:\windows\system32\dllcache\hrtzzm.exe
2010-06-13 13:29 . 2003-04-16 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2010-06-13 06:00 . 2010-06-13 06:16 -------- d-----w- c:\program files\Makov kodek
2010-06-13 05:53 . 2006-07-14 15:58 307200 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-06-12 19:31 . 2008-04-14 06:51 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-06-12 17:33 . 2005-10-20 22:34 992768 ----a-w- c:\windows\system32\esent.dll
2010-06-12 17:33 . 2006-05-19 12:40 140288 -c----w- c:\windows\system32\dllcache\dnsapi.dll
2010-06-12 17:33 . 2006-05-19 12:40 102912 -c----w- c:\windows\system32\dllcache\dhcpcsvc.dll
2010-06-12 17:32 . 2005-08-22 18:37 154624 ----a-w- c:\windows\system32\netman.dll
2010-06-12 17:32 . 2005-08-23 03:53 112128 ------w- c:\windows\system32\umpnpmgr.dll
2010-06-12 17:32 . 2004-10-28 01:31 92672 -c----w- c:\windows\system32\dllcache\cscdll.dll
2010-06-12 17:32 . 2004-10-28 01:31 92672 ----a-w- c:\windows\system32\cscdll.dll
2010-06-12 17:32 . 2006-05-05 09:40 166656 -c----w- c:\windows\system32\dllcache\rdbss.sys
2010-06-12 17:32 . 2006-05-05 09:31 433152 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-12 06:46 . 2001-10-24 10:25 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-06-12 06:46 . 2001-10-24 10:25 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-06-12 06:46 . 2001-10-24 10:25 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-06-12 06:46 . 2001-08-18 04:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-06-12 06:46 . 2001-08-17 18:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-06-12 06:44 . 2001-08-17 19:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2010-06-12 06:43 . 2001-10-24 10:24 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2010-06-12 06:42 . 2001-10-24 09:56 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2010-06-12 06:41 . 2001-10-24 10:24 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2010-06-12 06:40 . 2001-08-17 19:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-06-12 06:39 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-06-12 06:38 . 2001-10-24 10:24 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2010-06-12 06:37 . 2001-10-24 10:24 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2010-06-12 06:37 . 2001-08-17 18:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2010-06-12 06:37 . 2001-08-17 18:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2010-06-12 06:37 . 2001-08-17 18:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2010-06-12 06:37 . 2001-08-17 18:14 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2010-06-12 06:37 . 2001-08-17 18:14 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2010-06-12 06:33 . 2001-10-24 10:24 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-06-12 06:33 . 2001-08-17 18:13 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2010-06-12 06:33 . 2001-08-17 18:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2010-06-12 06:33 . 2001-08-17 18:12 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2010-06-12 06:33 . 2001-08-17 18:12 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys
2010-06-12 06:33 . 2001-08-17 18:11 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2010-06-12 06:33 . 2001-08-17 18:11 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2010-06-12 06:33 . 2001-08-17 19:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2010-06-12 06:33 . 2001-08-17 18:12 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys
2010-06-12 06:33 . 2001-10-24 10:24 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2010-06-12 06:33 . 2001-10-24 10:24 45568 -c--a-w- c:\windows\system32\dllcache\esuni.dll
2010-06-12 06:33 . 2001-10-24 10:24 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll
2010-06-12 06:31 . 2001-10-24 10:24 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2010-06-12 06:30 . 2001-10-24 10:25 32256 -c--a-w- c:\windows\system32\dllcache\brmfrsmg.exe
2010-06-12 06:29 . 2001-10-24 10:24 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2010-06-12 06:29 . 2001-08-17 19:52 23552 -c--a-w- c:\windows\system32\dllcache\abp480n5.sys
2010-06-12 06:29 . 2001-08-17 18:12 184320 -c--a-w- c:\windows\system32\dllcache\ac300nd5.sys
2010-06-12 06:29 . 2001-08-17 18:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2010-06-12 06:29 . 2001-10-24 10:24 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2010-06-12 06:29 . 2001-08-17 19:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2010-06-12 06:29 . 2001-08-17 20:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2010-06-12 06:29 . 2001-10-24 10:24 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-06-12 06:17 . 2008-04-14 06:51 87552 ----a-w- c:\windows\system32\fldrclnr.dll
2010-06-12 06:17 . 2004-08-20 21:53 701440 ------w- c:\windows\system32\sxs.dll
2010-06-12 06:17 . 2004-07-01 22:10 331776 ------w- c:\windows\system32\winhttp.dll
2010-06-12 06:17 . 2004-07-01 22:10 17408 ------w- c:\windows\system32\qmgrprxy.dll
2010-06-11 21:51 . 2010-06-11 21:56 -------- d-----w- c:\program files\Webteh
2010-06-11 20:52 . 2010-06-11 20:58 -------- d-----w- c:\program files\Styler
2010-06-11 20:41 . 2010-06-11 20:41 -------- d-----w- c:\program files\RegCleaner
2010-06-11 19:36 . 2010-06-11 19:36 -------- d-----w- c:\program files\TeamViewer
2010-06-11 19:25 . 2010-06-11 19:25 -------- d-----w- c:\program files\CCleaner
2010-06-11 15:38 . 2010-06-11 15:38 -------- d-----w- c:\program files\Axis Communications
2010-06-11 12:43 . 2009-08-06 17:24 209632 ----a-w- c:\windows\system32\wuweb.dll
2010-06-10 14:46 . 2003-04-16 12:00 3072 ------w- c:\windows\system32\icmp.dll
2010-06-10 14:38 . 2010-06-15 09:55 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 11:33 . 2010-06-10 14:47 1004544 ----a-w- c:\windows\explorer.exe
2010-06-17 19:25 . 2009-01-12 19:33 -------- d-----w- c:\program files\HP
2010-06-15 16:36 . 2010-06-15 16:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-06-15 16:36 . 2010-06-15 16:36 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-06-15 10:38 . 2005-04-19 10:45 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-15 10:38 . 2005-04-19 10:45 2378 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-12 20:35 . 2009-03-01 22:30 -------- d-----w- c:\program files\Common Files\LightScribe
2010-06-12 18:53 . 2009-02-28 08:12 -------- d-----r- c:\program files\Skype
2010-06-11 20:21 . 2004-01-01 16:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 20:18 . 2005-04-25 11:41 -------- d-----w- c:\program files\XnView
2010-06-08 11:43 . 2008-08-04 11:08 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-08 11:43 . 2007-10-10 17:06 -------- d-----w- c:\program files\USB Disk Win98 Driver
2010-06-08 11:43 . 2006-02-06 15:22 -------- d-----w- c:\program files\Volo View Express
2010-06-08 11:43 . 2008-05-23 11:25 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-08 11:43 . 2007-11-30 07:34 -------- d-----w- c:\program files\Doom Shareware for Windows 95
2010-06-08 11:43 . 2006-02-20 14:24 -------- d-----w- c:\program files\ACDSee32
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\spp ----
2010-06-19 11:08 . 2009-07-14 00:27 16271 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-ul-phn.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 16271 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-RETAIL1-ul-phn.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13053 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-ul-oob.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13299 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-RETAIL1-pl.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13053 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-RETAIL1-ul-oob.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 16281 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-OEM-SLPCOA-ul-phn.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13299 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-pl.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13063 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-OEM-SLPCOA-ul-oob.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13299 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-OEM-SLPCOA-pl.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 11646 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-OEM-SLP-ul.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 16283 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-OEM-NONSLP-ul-phn.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13055 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-OEM-SLP-ul-oob.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13299 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-OEM-NONSLP-pl.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13065 ----a-w- c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-Ultimate\Security-SPP-Component-SKU-Ultimate-OEM-NONSLP-ul-oob.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3019 ----a-w- c:\windows\system32\spp\tokens\ppdlic\WorkstationService-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3198 ----a-w- c:\windows\system32\spp\tokens\ppdlic\volmgrx-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3028 ----a-w- c:\windows\system32\spp\tokens\ppdlic\WindowsSearchComponent-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3123 ----a-w- c:\windows\system32\spp\tokens\ppdlic\WMPPlayer-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3084 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TerminalServices-RemoteConnectionManager-UiEffects-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3011 ----a-w- c:\windows\system32\spp\tokens\ppdlic\VirtualPC-licensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3011 ----a-w- c:\windows\system32\spp\tokens\ppdlic\VirtualXP-licensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3375 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TerminalServices-DeviceRedirection-Licenses-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3067 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TerminalServices-RemoteApplications-ClientSku-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 4420 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TerminalServices-RemoteConnectionManager-License-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3240 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TabletPCPlatformInput-core-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3046 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TabletPCCoreInkRecognitionLicensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3112 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TabletPCInputPanel-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3043 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TabletPCInputPersonalization-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3009 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TabletPC-tabbtn-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3139 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TabletPC-UIHub-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3092 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TabletPCAccessories-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3015 ----a-w- c:\windows\system32\spp\tokens\ppdlic\SnippingToolLicensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3013 ----a-w- c:\windows\system32\spp\tokens\ppdlic\StickyNotesLicensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3035 ----a-w- c:\windows\system32\spp\tokens\ppdlic\TabletPC-MathInputLicensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3035 ----a-w- c:\windows\system32\spp\tokens\ppdlic\SLC-Component-SKU-OCUR-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3229 ----a-w- c:\windows\system32\spp\tokens\ppdlic\SMBServer-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3044 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-MultiplayerInboxGames-Spades-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3034 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-PremiumInBoxGames-Chess-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3023 ----a-w- c:\windows\system32\spp\tokens\ppdlic\shell32-license-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3052 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-MultiplayerInboxGames-Backgammon-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3048 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-MultiplayerInboxGames-Checkers-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3044 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-MultiplayerInboxGames-Common-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3028 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-InBoxGames-Solitaire-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3040 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-InBoxGames-SpiderSolitaire-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3026 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-InBoxGames-Shanghai-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3032 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-InBoxGames-Minesweeper-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3032 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-InBoxGames-PurblePlace-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3026 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-InBoxGames-FreeCell-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3022 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Shell-InBoxGames-Hearts-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3030 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Security-SPP-UX-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3003 ----a-w- c:\windows\system32\spp\tokens\ppdlic\shell-homegroup-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3787 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Security-SPP-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 16635 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Security-SPP-Component-SKU-Ultimate-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3074 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Security-SPP-Component-SKU-OCUR-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3230 ----a-w- c:\windows\system32\spp\tokens\ppdlic\SecureStartupFeature-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3011 ----a-w- c:\windows\system32\spp\tokens\ppdlic\provsvc-license-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3116 ----a-w- c:\windows\system32\spp\tokens\ppdlic\RasBase-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3160 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Printing-Spooler-Core-Spoolss-Licensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3033 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Printing-Spooler-Pmc-Licensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3053 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Printing-Spooler-Core-Localspl-Licensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3074 ----a-w- c:\windows\system32\spp\tokens\ppdlic\PhotoMinFeature-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3003 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Personalization-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3318 ----a-w- c:\windows\system32\spp\tokens\ppdlic\PeerToPeerBase-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3011 ----a-w- c:\windows\system32\spp\tokens\ppdlic\parentalcontrols-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3221 ----a-w- c:\windows\system32\spp\tokens\ppdlic\PeerDist-Common-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3028 ----a-w- c:\windows\system32\spp\tokens\ppdlic\NetworkSecurity-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 2987 ----a-w- c:\windows\system32\spp\tokens\ppdlic\OMD-API-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3097 ----a-w- c:\windows\system32\spp\tokens\ppdlic\NetworkProjection-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3162 ----a-w- c:\windows\system32\spp\tokens\ppdlic\msmpeg2enc-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3391 ----a-w- c:\windows\system32\spp\tokens\ppdlic\msmpeg2vdec-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3379 ----a-w- c:\windows\system32\spp\tokens\ppdlic\msmpeg2adec-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3030 ----a-w- c:\windows\system32\spp\tokens\ppdlic\MobilePCMobilityCenter-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3048 ----a-w- c:\windows\system32\spp\tokens\ppdlic\MobilePCPresentationSettings-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3160 ----a-w- c:\windows\system32\spp\tokens\ppdlic\msac3enc-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3039 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-SensorsLicense-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3194 ----a-w- c:\windows\system32\spp\tokens\ppdlic\MicrosoftWindowsSafeDocsMain-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3105 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-QWAVE-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3049 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-NetworkBridge-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3144 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-OfflineFiles-Core-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3118 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-Fax-Common-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3175 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-InternetConnectionSharingConfig-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3867 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-Core-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3573 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-DesktopWindowManager-Core-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3030 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-DOT11PREF-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3292 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Microsoft-Windows-AuxiliaryDisplay-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 2998 ----a-w- c:\windows\system32\spp\tokens\ppdlic\MediaCenter-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3351 ----a-w- c:\windows\system32\spp\tokens\ppdlic\MCLicense-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3044 ----a-w- c:\windows\system32\spp\tokens\ppdlic\MathRecognizerEventsLicensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3133 ----a-w- c:\windows\system32\spp\tokens\ppdlic\LSA-License-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 4947 ----a-w- c:\windows\system32\spp\tokens\ppdlic\Kernel-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3133 ----a-w- c:\windows\system32\spp\tokens\ppdlic\IASLicensing-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3184 ----a-w- c:\windows\system32\spp\tokens\ppdlic\GroupPolicy-License-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3056 ----a-w- c:\windows\system32\spp\tokens\ppdlic\feclient-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3065 ----a-w- c:\windows\system32\spp\tokens\ppdlic\explorer-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3010 ----a-w- c:\windows\system32\spp\tokens\ppdlic\DNS-Client-license-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3022 ----a-w- c:\windows\system32\spp\tokens\ppdlic\DirectExperience-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3019 ----a-w- c:\windows\system32\spp\tokens\ppdlic\ChangeDesktopBackground-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3023 ----a-w- c:\windows\system32\spp\tokens\ppdlic\ACLUIFileFolderTool-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3013 ----a-w- c:\windows\system32\spp\tokens\ppdlic\appid-ppdlic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 783424 ----a-w- c:\windows\system32\spp\tokens\pkeyconfig\pkeyconfig.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3617 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-wgalic.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 4140 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-ul.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 4339 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-ul-phn.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 4324 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-ul-oob.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3313 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-stil.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 5001 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-ul-oem.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 7371 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-rac.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 5259 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-spc.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3338 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-ppd.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3267 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-plugin-manifest.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3033 ----a-w- c:\windows\system32\spp\tokens\identity\spc-generic-public.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3241 ----a-w- c:\windows\system32\spp\tokens\issuance\client-issuance-pkc.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 5463 ----a-w- c:\windows\system32\spp\tokens\identity\spc-generic-private.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 5105 ----a-w- c:\windows\system32\spp\tokens\identity\rac-generic-private.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:25 3978 ----a-w- c:\windows\system32\spp\tokens\identity\rac-generic-public.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 16375 ----a-w- c:\windows\system32\spp\tokens\channels\OCUR\Security-SPP-Component-SKU-OCUR-ul-phn.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 11853 ----a-w- c:\windows\system32\spp\tokens\channels\OCUR\Security-SPP-Component-SKU-OCUR-ul-oob.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 16375 ----a-w- c:\windows\system32\spp\tokens\channels\OCUR\Security-SPP-Component-SKU-OCUR-RETAIL1-ul-phn.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13352 ----a-w- c:\windows\system32\spp\tokens\channels\OCUR\Security-SPP-Component-SKU-OCUR-RETAIL1-pl.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 11853 ----a-w- c:\windows\system32\spp\tokens\channels\OCUR\Security-SPP-Component-SKU-OCUR-RETAIL1-ul-oob.xrm-ms
2010-06-19 11:08 . 2009-07-14 00:27 13352 ----a-w- c:\windows\system32\spp\tokens\channels\OCUR\Security-SPP-Component-SKU-OCUR-pl.xrm-ms
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
c:\documents and settings\David\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Styler.lnk - c:\documents and settings\David\Data aplikacˇ\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2010-6-11 15086]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Hidden & Dangerous 2\\ServerLauncher.exe"=
"d:\\Hidden & Dangerous 2\\HD2DS.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"d:\\Xfire\\Xfire.exe"=
"d:\\Hidden & Dangerous 2\\hd2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-03-23 717296]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2004-08-25 9984]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S1 aswSP;avast! Self Protection; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
mLocal Page =
IE: E&xportovat do aplikace Microsoft Office Excel - d:\micros~1\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 21:57
Windows 5.1.2600 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\ODBC32.dll
- - - - - - - > 'lsass.exe'(572)
c:\windows\system32\dssenh.dll
- - - - - - - > 'explorer.exe'(1676)
c:\program files\Styler\StylerHelper.dll
c:\windows\System32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Styler\Styler.exe
c:\windows\System32\taskmgr.exe
.
**************************************************************************
.
Celkový čas: 2010-06-24 22:02:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-24 20:02
ComboFix2.txt 2010-06-24 16:46
Před spuštěním: 3 759 869 952
Po spuštění: 3 734 753 280
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 190E009D68997D4EE7BBF1A12B674155
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Problém se zapnutím PC
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Problém se zapnutím PC
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4235
Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106
24.6.2010 22:59:44
mbam-log-2010-06-24 (22-59-44).txt
Typ skenu: Rychlý sken
Skenované objekty: 146136
Uplynulý čas: 15 minuta(y), 29 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
www.malwarebytes.org
Verze databáze: 4235
Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106
24.6.2010 22:59:44
mbam-log-2010-06-24 (22-59-44).txt
Typ skenu: Rychlý sken
Skenované objekty: 146136
Uplynulý čas: 15 minuta(y), 29 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Problém se zapnutím PC
Vypni si rez.ochrany i firewall.
Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat
Jak to vypadá s PC?
Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat
Jak to vypadá s PC?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Seznam[Bot] a 131 hostů