poškozená data ?

[gazebo]

Zdravim,
nevim jestli to sem patri ale kdyby nahodou ne tak to proste smazte.

Mam problem se znicenymi daty. Pachatel rika ze jen otevrel jeden mejl a hned ho smazal...ale kdovi kde je pravda. Faktem je ze zmizely vsechny fotky, videa, mp3 ze systemoveho disku. Kdyz pouziji program na obnovu smazanych dat Recuva nebo Restoration tak mi data sice najdou ale nejsou schopny mi je obnovit, teda obnovit ano ale jsou nepouzitelna protoze jsou pry poskozena. Jeste takovy poznatek...vsechny slozky jsou prazdny ale velikost disku se nezmensila..takze nekde musi byt. Nemate nekdo nejakou radu ? Diky vsem kdo se budou snazit pomoci. P.

Jeste takovej mozna nepodstatnej poznatek....zniceny jsou veci jen co byly na plose...klasicka cesta C...dokument and settings...uzivatel...plocha. Veci primo na Cecku jsou ok a na Decku taky.

[Rudy]

Skutečně to vypadá, že nějaký šmejd data smazal. Abych mohl říci více, musel bych mít k dispozici log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 . Pak se budu moci vyjádřit k tomu, zda jej bude možné odvirovat. Svízelnější už to ale bude s obnovou dat.

[gazebo]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Uživatel at 2010-01-03 14:11:06
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (4%) free of 114 GB
Total RAM: 767 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at Čas: 14:12.14, on 3.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\kernell.dll
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Kalendar\kalendar.exe
C:\Program Files\Seznam.cz\postak.exe
C:\orant\bin\ifsrv60.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\orant\bin\ifweb60.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\explorer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Documents and Settings\Uživatel\Plocha\RSIT.exe
C:\Program Files\trend micro\Uživatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbox.digsby.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbox.digsby.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbox.digsby.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbox.digsby.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: IHPIEHook Class - {0eceeac0-8a08-11d4-a521-0020af300fc7} - C:\fmkxmbyf\HPIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Kalendar] C:\Program Files\Kalendar\kalendar.exe
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Do fronty Star Downloaderu - C:\Program Files\Star Downloader\sdieenq.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: Oracle Forms Server [Forms60Server] (OracleFormsServer-Forms60Server) - Oracle Corporation - C:\orant\bin\ifsrv60.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 10554 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Automatic troubleshooting.job
C:\WINDOWS\tasks\Úklid 1 kliknutím.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0eceeac0-8a08-11d4-a521-0020af300fc7}]
IHPIEHook Class - C:\fmkxmbyf\HPIE.dll [2008-06-22 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-06 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll [2009-09-23 1075352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-06 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-03-23 335872]
"AHQInit"=C:\Program Files\Creative\SBLive\Program\AHQInit.exe [2001-05-10 102400]
"mouseElf"=C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe [2002-05-20 151552]
"AudioHQ"=C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE [2001-08-17 180224]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2006-12-01 1583644]
"COMODO Internet Security"=C:\Program Files\Comodo\COMODO Internet Security\cfp.exe [2009-11-18 1800464]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-31 149280]
"AGEIA PhysX SysTray"=C:\Program Files\AGEIA Technologies\TrayIcon.exe [2006-08-16 339968]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Kalendar"=C:\Program Files\Kalendar\kalendar.exe [2005-11-09 580608]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2009-09-23 434840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-06-13 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-07 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-03-27 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TOSBTM~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^Reminder-cor40212.lnk]
C:\PROGRA~1\Corel\GRAPHI~1\Register\Remind32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^µTorrent.lnk]
C:\PROGRA~1\uTorrent\utorrent.exe [2009-12-31 289584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3
"SSDPSRV"=3
"LmHosts"=2
"mnmsrvc"=3
"upnphost"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-16 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DAE0285D-0788-4E87-985E-01DF2EDE4ACD}"=C:\WINDOWS\system32\Wshxt.dll [2008-06-22 53248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
""=
"NoSharedDocuments"=01000000
"NoDrives"=02000000
"NoViewOnDrive"=0
"NoLogoff"=0
"NoUserNameInStartMenu"=00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Total Commander 6\TOTALCMD.EXE"="C:\Program Files\Total Commander 6\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Java\j2re1.4.2_04\bin\javaw.exe"="C:\Program Files\Java\j2re1.4.2_04\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Last.fm\LastFM.exe"="C:\Program Files\Last.fm\LastFM.exe:*:Enabled:LastFM"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home"
"C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:*:Enabled:VoipDiscount"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Mozilla\mozilla.exe"="C:\Program Files\Mozilla\mozilla.exe:*:Enabled:Mozilla"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffd96f3c-ba67-11de-a23d-001478063422}]
shell\AutoRun\command - I:\Launcher.exe


======File associations======

.txt - open - C:\WINDOWS\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-01-03 14:11:12 ----D---- C:\Program Files\trend micro
2010-01-03 14:11:06 ----D---- C:\rsit
2010-01-03 13:53:02 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-01-02 16:33:16 ----D---- C:\Program Files\Ontrack
2010-01-02 16:23:56 ----A---- C:\WINDOWS\system32\TURegOpt.exe
2010-01-02 16:22:22 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-01-02 16:21:39 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-01 17:27:26 ----D---- C:\Program Files\MediaDoctor
2010-01-01 15:58:31 ----A---- C:\WINDOWS\system32\OctaneARM.dll
2010-01-01 01:34:45 ----D---- C:\Program Files\Recuva
2009-12-28 19:36:39 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\HandBrake
2009-12-27 13:59:45 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-12-27 13:59:44 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-12-27 13:59:43 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2009-12-27 13:59:41 ----D---- C:\Program Files\ffdshow
2009-12-13 15:46:33 ----D---- C:\Program Files\ICQ6.5
2009-12-10 17:11:52 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-10 17:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-10 17:11:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-10 17:11:03 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-10 17:10:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-10 16:29:06 ----A---- C:\WINDOWS\e06_appcompat.txt
2009-12-10 16:14:43 ----D---- C:\Program Files\IDOS 09-10

======List of files/folders modified in the last 1 months======

2010-01-03 14:11:12 ----AD---- C:\Program Files
2010-01-03 14:10:58 ----AC---- C:\WINDOWS\NeroDigital.ini
2010-01-03 14:02:35 ----D---- C:\WINDOWS\Prefetch
2010-01-03 13:53:17 ----HD---- C:\WINDOWS\Temp
2010-01-03 13:53:02 ----D---- C:\WINDOWS
2010-01-03 12:09:15 ----SHD---- C:\WINDOWS\Installer
2010-01-03 12:07:00 ----D---- C:\WINDOWS\system32
2010-01-03 12:02:46 ----D---- C:\Program Files\Mozilla Firefox
2010-01-03 11:34:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-03 11:26:55 ----D---- C:\Program Files\LogMeIn
2010-01-02 21:01:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-02 21:01:31 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\uTorrent
2010-01-02 18:55:46 ----A---- C:\WINDOWS\WTRAN32.INI
2010-01-02 18:28:59 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Happy Foto
2010-01-02 18:28:39 ----D---- C:\Program Files\FastStone Image Viewer
2010-01-02 17:24:10 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-02 17:19:22 ----D---- C:\Program Files\Safari
2010-01-02 17:17:18 ----D---- C:\Program Files\CyberLink
2010-01-02 17:15:41 ----D---- C:\Program Files\Phenomedia
2010-01-02 17:14:41 ----D---- C:\Program Files\Counter-Strike 1.6
2010-01-02 16:24:10 ----SD---- C:\WINDOWS\Tasks
2010-01-02 16:21:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2010-01-01 17:12:17 ----D---- C:\Program Files\Common Files\COWON
2010-01-01 16:56:49 ----D---- C:\Program Files\JetAudio
2010-01-01 16:34:32 ----D---- C:\Program Files\FlatOut
2010-01-01 01:20:45 ----ASD---- C:\Lenka
2010-01-01 01:03:56 ----SHD---- C:\System Volume Information
2010-01-01 01:03:56 ----D---- C:\WINDOWS\system32\Restore
2009-12-29 00:28:44 ----D---- C:\Lucas
2009-12-27 22:34:55 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\esmska
2009-12-27 13:59:25 ----D---- C:\Program Files\Cool YouTube Downloader
2009-12-27 13:57:11 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\vlc
2009-12-22 18:47:35 ----HD---- C:\WINDOWS\inf
2009-12-22 18:39:49 ----A---- C:\WINDOWS\wincmd.ini
2009-12-18 19:35:59 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2009-12-18 14:02:53 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-18 14:01:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-12-18 13:57:25 ----D---- C:\WINDOWS\Debug
2009-12-18 00:08:54 ----A---- C:\WINDOWS\system32\uxt3B.tmp
2009-12-16 19:56:48 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\ICQ
2009-12-13 17:06:34 ----D---- C:\Program Files\Miranda IM
2009-12-13 16:53:05 ----D---- C:\Program Files\ICQ6Toolbar
2009-12-13 16:23:31 ----D---- C:\Program Files\QIP
2009-12-10 19:15:05 ----D---- C:\WINDOWS\system32\drivers
2009-12-10 17:11:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-10 17:11:14 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-10 16:19:20 ----RSD---- C:\WINDOWS\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-11-25 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-11-18 25160]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2009-05-07 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2009-05-07 81288]
R1 nnrnstdi;nnrnstdi; C:\WINDOWS\system32\drivers\nnrnstdi.sys [2007-06-08 13312]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2006-08-16 225664]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R1 Winhpfile;Winhpfile; \??\C:\fmkxmbyf\HPFile.sys []
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 athsgt;athsgt; C:\WINDOWS\system32\DRIVERS\athsgt.sys [2006-04-06 164992]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2006-07-28 165376]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 ithsgt;ithsgt; C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2006-04-09 162432]
R2 lilsgt;lilsgt; C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2006-04-09 12032]
R2 limsgt;limsgt; C:\WINDOWS\system32\DRIVERS\limsgt.sys [2006-04-06 12544]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2006-07-28 18048]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 Prvflder;Prvflder; C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 70912]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-03-23 700928]
R3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! series(WDM); C:\WINDOWS\system32\drivers\emu10k1f.sys [2001-08-14 775296]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlface.sys [2001-07-11 6912]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 km_filter;km_filter; C:\WINDOWS\system32\drivers\km_filter.sys [2007-06-08 8832]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2006-04-14 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-06-19 10368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfman.sys [2001-08-31 36992]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S2 BT848;BtCap, WDM Video Capture; C:\WINDOWS\system32\drivers\BT848.sys [2001-12-31 266180]
S2 BTTUNER;BtTuner, WDM TvTuner; C:\WINDOWS\system32\drivers\BTTUNER.sys [2001-03-07 18944]
S2 BTXBAR;BtXBar, WDM Crossbar; C:\WINDOWS\system32\drivers\BTXBAR.sys [1999-07-21 13308]
S3 azetb7m1;azetb7m1; C:\WINDOWS\system32\drivers\azetb7m1.sys []
S3 BOCDRIVE;BOClean Kernel Monitor.; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GAGPDrv;GAGPDrv; C:\WINDOWS\system32\drivers\GAGPDrv.sys []
S3 genmcmn;Genius NetScroll Optical Mouse Driver; C:\WINDOWS\System32\DRIVERS\gmfiltr.sys [2002-05-17 6656]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2006-12-29 16224]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Revolution1;Revolution1; \??\C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\Rar$EX02.047\Revolution_Engine_8.3_ShaK3\SHAK3.sys []
S3 RTL8023xp;TP-LINK TF-3239 Series Fast Ethernet Adapter NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-12-02 70912]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 97184]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 88688]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS); C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 18704]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 86560]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM); C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 90800]
S3 Ser2pl;MAT Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 Tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-01-12 113792]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-01-24 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-01-12 40576]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe [2009-11-18 723632]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.EXE [1999-12-13 44032]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 LicCtrlService;LicCtrl Service; C:\WINDOWS\runservice.exe [2006-11-08 2560]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-10-16 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 OracleFormsServer-Forms60Server;Oracle Forms Server [Forms60Server]; C:\orant\bin\ifsrv60.exe [2005-03-03 79872]
R2 prfldsvc;Private Folder Service; C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe [2006-04-21 69632]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-18 1044808]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2005-05-17 126976]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-31 153376]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S3 OracleClientCache80;OracleClientCache80; C:\orant\BIN\ONRSD80.EXE [2004-02-27 101136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-05-07 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-05-07 1079176]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[BoRy]

S timto problemem uz sem se taky setkal, dokonce se mi to stalo po otevreni jakehosi emailu. Bylo to na 500GB HDD, ktery byl rozdelen na dva oddily o velikosti 250GB. Kdyz mi pri pokusu o otevreni nehlasil, ze byl pristup odepren a na HDD sem se dostal tak po otevreni jakekoliv slozky sem nic nenasel i kdyz byl disk z cca 75 procent zaplnen. Mam takovy dojem, ze mi pimohl ComboFix. Prosim berte toto pouze jako reakci a ne jako radu, nerad bych poradil nejak zle.

[gazebo]

S timto problemem uz sem se taky setkal, dokonce se mi to stalo po otevreni jakehosi emailu. Bylo to na 500GB HDD, ktery byl rozdelen na dva oddily o velikosti 250GB. Kdyz mi pri pokusu o otevreni nehlasil, ze byl pristup odepren a na HDD sem se dostal tak po otevreni jakekoliv slozky sem nic nenasel i kdyz byl disk z cca 75 procent zaplnen. Mam takovy dojem, ze mi pimohl ComboFix. Prosim berte toto pouze jako reakci a ne jako radu, nerad bych poradil nejak zle.

Jsem rad za kazdej impuls...diky ... jeste pockam na reakci na log z RSITu...diky.

[Rudy]

Vidím tam sice AdWare, ale ten sám o sobě by to dělat neměl. Log z ComboFix dejte, uvidíme, zda se tam něco neskrývá.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[gazebo]

....dnes musim od pc...vice treba zitra...zatim dik.

[Rudy]

Zatím NZ.

[gazebo]

Combofix Log

ComboFix 10-01-02.05 - Uživatel 03.01.2010 16:11:49.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.324 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100102-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
C:\Thumbs.db
c:\windows\EventSystem.log
c:\windows\Fonts\WA5SI.FON
c:\windows\regedit.com
c:\windows\system32\_004132_.tmp.dll
c:\windows\system32\_004133_.tmp.dll
c:\windows\system32\_004134_.tmp.dll
c:\windows\system32\_004135_.tmp.dll
c:\windows\system32\_004142_.tmp.dll
c:\windows\system32\_004143_.tmp.dll
c:\windows\system32\_004144_.tmp.dll
c:\windows\system32\_004146_.tmp.dll
c:\windows\system32\_004147_.tmp.dll
c:\windows\system32\_004150_.tmp.dll
c:\windows\system32\_004151_.tmp.dll
c:\windows\system32\_004153_.tmp.dll
c:\windows\system32\_004154_.tmp.dll
c:\windows\system32\_004155_.tmp.dll
c:\windows\system32\_004157_.tmp.dll
c:\windows\system32\_004159_.tmp.dll
c:\windows\system32\_004160_.tmp.dll
c:\windows\system32\_004161_.tmp.dll
c:\windows\system32\_004162_.tmp.dll
c:\windows\system32\_004165_.tmp.dll
c:\windows\system32\_004166_.tmp.dll
c:\windows\system32\_004168_.tmp.dll
c:\windows\system32\_004171_.tmp.dll
c:\windows\system32\_004173_.tmp.dll
c:\windows\system32\_004175_.tmp.dll
c:\windows\system32\_004176_.tmp.dll
c:\windows\system32\_004179_.tmp.dll
c:\windows\system32\_004180_.tmp.dll
c:\windows\system32\_004181_.tmp.dll
c:\windows\system32\_004182_.tmp.dll
c:\windows\system32\_004183_.tmp.dll
c:\windows\system32\_004188_.tmp.dll
c:\windows\system32\_004190_.tmp.dll
c:\windows\system32\_004854_.tmp.dll
c:\windows\system32\_004855_.tmp.dll
c:\windows\system32\_004856_.tmp.dll
c:\windows\system32\_004857_.tmp.dll
c:\windows\system32\_004864_.tmp.dll
c:\windows\system32\_004865_.tmp.dll
c:\windows\system32\_004866_.tmp.dll
c:\windows\system32\_004867_.tmp.dll
c:\windows\system32\_004869_.tmp.dll
c:\windows\system32\_004870_.tmp.dll
c:\windows\system32\_004873_.tmp.dll
c:\windows\system32\_004874_.tmp.dll
c:\windows\system32\_004876_.tmp.dll
c:\windows\system32\_004877_.tmp.dll
c:\windows\system32\_004878_.tmp.dll
c:\windows\system32\_004880_.tmp.dll
c:\windows\system32\_004882_.tmp.dll
c:\windows\system32\_004883_.tmp.dll
c:\windows\system32\_004884_.tmp.dll
c:\windows\system32\_004885_.tmp.dll
c:\windows\system32\_004888_.tmp.dll
c:\windows\system32\_004889_.tmp.dll
c:\windows\system32\_004891_.tmp.dll
c:\windows\system32\_004894_.tmp.dll
c:\windows\system32\_004896_.tmp.dll
c:\windows\system32\_004897_.tmp.dll
c:\windows\system32\_004899_.tmp.dll
c:\windows\system32\_004900_.tmp.dll
c:\windows\system32\_004903_.tmp.dll
c:\windows\system32\_004904_.tmp.dll
c:\windows\system32\_004905_.tmp.dll
c:\windows\system32\_004906_.tmp.dll
c:\windows\system32\_004907_.tmp.dll
c:\windows\system32\_004912_.tmp.dll
c:\windows\system32\calc.ico
c:\windows\system32\ieuinit.inf
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\system32\mobsync.ico
c:\windows\system32\mstsc.ico
c:\windows\system32\notepad.ico
c:\windows\system32\SIntf16.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\Thumbs.db
c:\windows\unins000.dat
c:\windows\unins000.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-03 do 2010-01-03 )))))))))))))))))))))))))))))))
.

2010-01-03 13:43 . 2010-01-03 13:43 389632 ----a-w- c:\windows\system32\CF9622.exe
2010-01-03 13:34 . 2010-01-03 13:31 389632 ----a-w- c:\windows\system32\CF7323.exe
2010-01-03 13:11 . 2010-01-03 13:12 -------- d-----w- c:\program files\trend micro
2010-01-03 13:11 . 2010-01-03 13:12 -------- d-----w- C:\rsit
2010-01-02 15:33 . 2010-01-02 16:23 -------- d-----w- c:\program files\Ontrack
2010-01-02 15:23 . 2009-12-17 23:14 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-02 15:22 . 2010-01-02 15:23 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-01 16:27 . 2010-01-01 16:27 -------- d-----w- c:\program files\MediaDoctor
2010-01-01 14:58 . 2004-03-16 07:35 49152 ----a-w- c:\windows\system32\OctaneARM.dll
2010-01-01 00:34 . 2010-01-01 00:34 -------- d-----w- c:\program files\Recuva
2009-12-31 21:27 . 2009-12-31 21:27 155 ----a-w- c:\windows\x.reg
2009-12-27 12:59 . 2009-07-05 20:33 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-27 12:59 . 2009-07-05 20:33 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-27 12:59 . 2009-12-27 12:59 -------- d-----w- c:\program files\ffdshow
2009-12-13 14:46 . 2010-01-02 18:18 -------- d-----w- c:\program files\ICQ6.5
2009-12-10 15:14 . 2010-01-01 18:38 -------- d-----w- c:\program files\IDOS 09-10

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 15:06 . 2006-11-08 14:24 609 --sha-w- c:\windows\system32\mmf.sys
2010-01-03 10:26 . 2009-06-03 12:43 -------- d-----w- c:\program files\LogMeIn
2010-01-02 17:28 . 2009-04-30 12:28 -------- d-----w- c:\program files\FastStone Image Viewer
2010-01-02 16:24 . 2004-11-19 08:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-02 16:19 . 2009-08-22 09:21 -------- d-----w- c:\program files\Safari
2010-01-02 16:17 . 2005-10-02 17:26 -------- d-----w- c:\program files\CyberLink
2010-01-02 16:15 . 2004-11-19 21:16 -------- d-----w- c:\program files\Phenomedia
2010-01-02 16:14 . 2006-12-12 16:13 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-01-01 16:12 . 2008-11-03 16:55 -------- d-----w- c:\program files\Common Files\COWON
2010-01-01 15:56 . 2008-11-03 16:55 -------- d-----w- c:\program files\JetAudio
2010-01-01 15:34 . 2008-03-13 19:06 -------- d-----w- c:\program files\FlatOut
2009-12-27 12:59 . 2009-09-19 10:25 -------- d-----w- c:\program files\Cool YouTube Downloader
2009-12-18 13:02 . 2005-03-10 17:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-13 16:06 . 2008-07-11 20:42 -------- d-----w- c:\program files\Miranda IM
2009-12-13 15:53 . 2009-03-13 20:11 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-13 15:23 . 2007-08-05 14:03 -------- d-----w- c:\program files\QIP
2009-11-25 16:40 . 2009-10-19 12:30 171552 ----a-w- c:\windows\system32\guard32.dll
2009-11-25 16:40 . 2009-10-19 12:30 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-24 23:54 . 2007-06-22 13:30 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-06-22 13:30 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2007-06-22 13:30 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-06-22 13:30 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-06-22 13:30 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-06-22 13:30 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 13:44 . 2004-11-19 18:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-18 12:56 . 2009-10-19 12:30 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-18 12:56 . 2009-10-19 12:30 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-10-28 17:58 . 2001-10-25 14:00 505350 ----a-w- c:\windows\system32\perfh005.dat
2009-10-28 17:58 . 2001-10-25 14:00 108888 ----a-w- c:\windows\system32\perfc005.dat
2009-10-21 06:03 . 2004-12-03 17:58 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:03 . 2004-12-03 17:58 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 14:58 . 2009-07-12 15:04 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 12:32 . 2009-10-19 12:32 253688 ----a-w- c:\windows\system32\cssdll32.dll
2009-10-13 10:53 . 2002-09-20 18:04 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2002-09-20 18:04 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2002-09-20 18:04 112640 ----a-w- c:\windows\system32\rastls.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 13:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kalendar"="c:\program files\Kalendar\kalendar.exe" [2005-11-09 580608]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-09-23 434840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 335872]
"AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 102400]
"mouseElf"="c:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"AudioHQ"="c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 180224]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2006-12-01 1583644]
"COMODO Internet Security"="c:\program files\Comodo\COMODO Internet Security\cfp.exe" [2009-11-18 1800464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{DAE0285D-0788-4E87-985E-01DF2EDE4ACD}"= "c:\windows\system32\Wshxt.dll" [2008-06-22 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^Reminder-cor40212.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\Reminder-cor40212.lnk
backup=c:\windows\pss\Reminder-cor40212.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^µTorrent.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\µTorrent.lnk
backup=c:\windows\pss\µTorrent.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-07-24 16:46 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-06-13 13:21 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-07 17:39 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-03-27 06:35 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3 (0x3)
"SSDPSRV"=3 (0x3)
"LmHosts"=2 (0x2)
"mnmsrvc"=3 (0x3)
"upnphost"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"EA Core"="c:\program files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CHotkey"=mHotkey.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Total Commander 6\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_04\\bin\\javaw.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla\\mozilla.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8785:TCP"= 8785:TCP:*:Disabled:BitComet 8785 TCP
"8785:UDP"= 8785:UDP:*:Disabled:BitComet 8785 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)

R0 fqrtoxdw;fqrtoxdw;c:\windows\system32\drivers\onniqwqw.sys [x]
R0 fucwklgf;fucwklgf;c:\windows\system32\drivers\gqxhkcdk.sys [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-05-01 716272]
R2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2001-12-31 266180]
R2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\BTTUNER.sys [2001-03-07 18944]
R2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\BTXBAR.sys [1999-07-21 13308]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2006-11-08 2560]
R2 OracleFormsServer-Forms60Server;Oracle Forms Server [Forms60Server];c:\orant\bin\ifsrv60.exe [2005-03-03 20:32 79872]
R3 GAGPDrv;GAGPDrv; [x]
R3 OracleClientCache80;OracleClientCache80;c:\orant\BIN\ONRSD80.EXE [2004-02-27 101136]
R3 Revolution1;Revolution1;c:\docume~1\UIVATE~1\LOCALS~1\Temp\Rar$EX02.047\Revolution_Engine_8.3_ShaK3\SHAK3.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-05-07 356920]
R3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\DRIVERS\SE2Fbus.sys [2006-11-10 61600]
R3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 9360]
R3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 97184]
R3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 88688]
R3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);c:\windows\system32\DRIVERS\se2Fnd5.sys [2006-11-10 18704]
R3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\SE2Fobex.sys [2006-11-10 86560]
R3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);c:\windows\system32\DRIVERS\se2Funic.sys [2006-11-10 90800]
R4 LMIRfsClientNP;LMIRfsClientNP; [x]
S1 aswSP;avast! Self Protection; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-11-25 133064]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-11-18 25160]
S1 nnrnstdi;nnrnstdi; [x]
S1 Winhpfile;Winhpfile;c:\fmkxmbyf\HPFile.sys [2008-06-22 16601]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 athsgt;athsgt;c:\windows\system32\DRIVERS\athsgt.sys [2006-04-06 164992]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S2 limsgt;limsgt;c:\windows\system32\DRIVERS\limsgt.sys [2006-04-06 12544]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-07-24 47640]
S2 Prvflder;Prvflder;c:\windows\system32\DRIVERS\prvflder.sys [2006-04-21 70912]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-17 1044808]
S3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2007-06-08 8832]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]

.
Obsah adresáře 'Naplánované úlohy'

2009-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-03 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 23:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Do fronty Star Downloaderu - c:\program files\Star Downloader\sdieenq.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Zobrazit originál
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\g8ca54fd.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np32dsw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
SafeBoot-Wdf01000.sys
MSConfigStartUp-LanguageShortcut - c:\program files\CyberLink\PowerDVD\Language\Language.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
AddRemove-Spybot - Search & Destroy_is1 - c:\windows\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 16:25
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1614895754-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A0B3829-8B3D-6294-BC8B-A754B0DB491E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1614895754-1637723038-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,85,13,20,e9,a2,22,63,a1,7b,ab,30,d3,36,21,fb,82,2a,8c,fa,b0,dd,ad,
10,6a,6d,fe,82,d7,19,3f,25,a2,12,8a,62,a0,f6,4e,f4,d0,27,ac,fe,c1,d9,88,c9,\
"??"=hex:75,4f,3d,73,80,3a,99,4b,7b,08,39,8b,8e,8b,b6,43

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{765dd79e-581f-4bb6-92f4-2c332f2d46df}]
@Denied: (Full) (Everyone)
"Model"=dword:0000015a
"Therad"=dword:0000001f

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):99,c7,fb,e7,71,8c,30,ac,11,59,be,14,34,84,06,e9,96,84,22,74,d4,
8e,ae,47,ec,25,f3,53,18,c7,e5,00,b2,9a,c7,bc,58,20,67,d4,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:58,92,5a,34,3f,c6,a5,c5
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,8a,e8,46,ee,dc,b9,3c,
6e,96,5e,02,2e,f5,00,a9,81,08,f6,52,ef,e7,50,0b,0f,63,cf,89,b0,df,91,3d,bf,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\LMIinit.dll
.
Celkový čas: 2010-01-03 16:29:40
ComboFix-quarantined-files.txt 2010-01-03 15:29

Před spuštěním: 4 136 534 016
Po spuštění: 4 084 850 688

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B205BF754BF9E8F0552C33F96B1747C3

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\AskBarDis

Collect::
c:\windows\system32\drivers\onniqwqw.sys
c:\windows\system32\drivers\gqxhkcdk.sys
c:\fmkxmbyf\HPFile.sys

Driver::
GAGPDrv
fqrtoxdw
fucwklgf
nnrnstdi
Winhpfile

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[gazebo]

Provedeno presne dle navodu...CF chvili chroupal a pak restartoval PC...co dal ?

[Rudy]

Jak to vypadá s těmi daty?

[gazebo]

Bohuzel slozky s fotografiemi ( o ty mi jde predevsim ) jsou stale prazdne.

[Rudy]

V tom případě se budete muset pokusit o obnovení dat po vyčištění. Obávám se ale, že to nebude jednoduché, PC byl značně zavirován a těžko zjistíme, jakým způsobem vir soubory přepsal.

[gazebo]

Jeste jednou pro jistotu jsem nechal ComboFix udelat scan a znovu predkladam log.
Pokud nezdrzuju tak jsem pripraven udelat pro zachranu dat vse....muzete-li mi dat dalsi podnety budu jen rad. Diky.

ComboFix 10-01-03.05 - Uživatel 04.01.2010 21:13:25.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.347 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100104-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\EventSystem.log

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-04 do 2010-01-04 )))))))))))))))))))))))))))))))
.

2010-01-03 13:43 . 2010-01-03 13:43 389632 ----a-w- c:\windows\system32\CF9622.exe
2010-01-03 13:34 . 2010-01-03 13:31 389632 ----a-w- c:\windows\system32\CF7323.exe
2010-01-03 13:11 . 2010-01-03 13:12 -------- d-----w- c:\program files\trend micro
2010-01-03 13:11 . 2010-01-03 13:12 -------- d-----w- C:\rsit
2010-01-02 15:33 . 2010-01-02 16:23 -------- d-----w- c:\program files\Ontrack
2010-01-02 15:23 . 2009-12-17 23:14 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-02 15:22 . 2010-01-02 15:23 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-01 16:27 . 2010-01-01 16:27 -------- d-----w- c:\program files\MediaDoctor
2010-01-01 14:58 . 2004-03-16 07:35 49152 ----a-w- c:\windows\system32\OctaneARM.dll
2010-01-01 00:34 . 2010-01-01 00:34 -------- d-----w- c:\program files\Recuva
2009-12-31 21:27 . 2009-12-31 21:27 155 ----a-w- c:\windows\x.reg
2009-12-27 12:59 . 2009-07-05 20:33 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-27 12:59 . 2009-07-05 20:33 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-27 12:59 . 2009-12-27 12:59 -------- d-----w- c:\program files\ffdshow
2009-12-13 14:46 . 2010-01-04 20:25 -------- d-----w- c:\program files\ICQ6.5
2009-12-10 15:14 . 2010-01-01 18:38 -------- d-----w- c:\program files\IDOS 09-10

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 20:01 . 2006-11-08 14:24 609 --sha-w- c:\windows\system32\mmf.sys
2010-01-04 15:24 . 2009-06-03 12:43 -------- d-----w- c:\program files\LogMeIn
2010-01-02 17:28 . 2009-04-30 12:28 -------- d-----w- c:\program files\FastStone Image Viewer
2010-01-02 16:24 . 2004-11-19 08:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-02 16:19 . 2009-08-22 09:21 -------- d-----w- c:\program files\Safari
2010-01-02 16:17 . 2005-10-02 17:26 -------- d-----w- c:\program files\CyberLink
2010-01-02 16:15 . 2004-11-19 21:16 -------- d-----w- c:\program files\Phenomedia
2010-01-02 16:14 . 2006-12-12 16:13 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-01-01 16:12 . 2008-11-03 16:55 -------- d-----w- c:\program files\Common Files\COWON
2010-01-01 15:56 . 2008-11-03 16:55 -------- d-----w- c:\program files\JetAudio
2010-01-01 15:34 . 2008-03-13 19:06 -------- d-----w- c:\program files\FlatOut
2009-12-27 12:59 . 2009-09-19 10:25 -------- d-----w- c:\program files\Cool YouTube Downloader
2009-12-18 13:02 . 2005-03-10 17:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-13 16:06 . 2008-07-11 20:42 -------- d-----w- c:\program files\Miranda IM
2009-12-13 15:53 . 2009-03-13 20:11 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-13 15:23 . 2007-08-05 14:03 -------- d-----w- c:\program files\QIP
2009-11-25 16:40 . 2009-10-19 12:30 171552 ----a-w- c:\windows\system32\guard32.dll
2009-11-25 16:40 . 2009-10-19 12:30 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-24 23:54 . 2007-06-22 13:30 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-06-22 13:30 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2007-06-22 13:30 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-06-22 13:30 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-06-22 13:30 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-06-22 13:30 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 13:44 . 2004-11-19 18:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-18 12:56 . 2009-10-19 12:30 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-18 12:56 . 2009-10-19 12:30 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-10-28 17:58 . 2001-10-25 14:00 505350 ----a-w- c:\windows\system32\perfh005.dat
2009-10-28 17:58 . 2001-10-25 14:00 108888 ----a-w- c:\windows\system32\perfc005.dat
2009-10-21 06:03 . 2004-12-03 17:58 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:03 . 2004-12-03 17:58 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 14:58 . 2009-07-12 15:04 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 12:32 . 2009-10-19 12:32 253688 ----a-w- c:\windows\system32\cssdll32.dll
2009-10-13 10:53 . 2002-09-20 18:04 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2002-09-20 18:04 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2002-09-20 18:04 112640 ----a-w- c:\windows\system32\rastls.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-03_15.25.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-04 20:01 . 2010-01-04 20:01 16384 c:\windows\Temp\Perflib_Perfdata_6c0.dat
+ 2010-01-04 20:01 . 2010-01-04 20:01 16384 c:\windows\Temp\Perflib_Perfdata_5ec.dat
+ 2008-03-26 14:57 . 2010-01-04 15:39 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-03-26 14:57 . 2009-08-04 18:23 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 13:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kalendar"="c:\program files\Kalendar\kalendar.exe" [2005-11-09 580608]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-09-23 434840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 335872]
"AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 102400]
"mouseElf"="c:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"AudioHQ"="c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 180224]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2006-12-01 1583644]
"COMODO Internet Security"="c:\program files\Comodo\COMODO Internet Security\cfp.exe" [2009-11-18 1800464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{DAE0285D-0788-4E87-985E-01DF2EDE4ACD}"= "c:\windows\system32\Wshxt.dll" [2008-06-22 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^Reminder-cor40212.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\Reminder-cor40212.lnk
backup=c:\windows\pss\Reminder-cor40212.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^µTorrent.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\µTorrent.lnk
backup=c:\windows\pss\µTorrent.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-07-24 16:46 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-06-13 13:21 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-07 17:39 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-03-27 06:35 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3 (0x3)
"SSDPSRV"=3 (0x3)
"LmHosts"=2 (0x2)
"mnmsrvc"=3 (0x3)
"upnphost"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"EA Core"="c:\program files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CHotkey"=mHotkey.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Total Commander 6\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_04\\bin\\javaw.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla\\mozilla.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8785:TCP"= 8785:TCP:*:Disabled:BitComet 8785 TCP
"8785:UDP"= 8785:UDP:*:Disabled:BitComet 8785 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.4.2008 16:15 Čas: 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [19.10.2009 13:30 Čas: 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [19.10.2009 13:30 Čas: 25160]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [13.8.2007 12:42 Čas: 13312]
R1 Winhpfile;Winhpfile;c:\fmkxmbyf\HPFile.sys [22.6.2008 19:37 Čas: 16601]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.4.2008 16:15 Čas: 20560]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [6.4.2006 19:00 Čas: 164992]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.3.2009 21:11 Čas: 222968]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [6.4.2006 19:00 Čas: 12544]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 17:46 Čas: 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [3.6.2009 13:44 Čas: 47640]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21.4.2006 7:22 Čas: 70912]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18.12.2009 0:12 Čas: 1044808]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [13.8.2007 12:42 Čas: 8832]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 Čas: 10064]
S0 fqrtoxdw;fqrtoxdw;c:\windows\system32\drivers\onniqwqw.sys --> c:\windows\system32\drivers\onniqwqw.sys [?]
S0 fucwklgf;fucwklgf;c:\windows\system32\drivers\gqxhkcdk.sys --> c:\windows\system32\drivers\gqxhkcdk.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.11.2005 9:27 Čas: 716272]
S2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [25.11.2004 14:09 Čas: 266180]
S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [19.11.2004 21:45 Čas: 18944]
S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [19.11.2004 21:45 Čas: 13308]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [8.11.2006 15:24 Čas: 2560]
S2 OracleFormsServer-Forms60Server;Oracle Forms Server [Forms60Server];c:\orant\bin\ifsrv60.exe -start_service --> c:\orant\bin\ifsrv60.exe -start_service [?]
S3 GAGPDrv;GAGPDrv; [x]
S3 OracleClientCache80;OracleClientCache80;c:\orant\BIN\ONRSD80.EXE [2.5.2009 16:54 Čas: 101136]
S3 Revolution1;Revolution1;\??\c:\docume~1\UIVATE~1\LOCALS~1\Temp\Rar$EX02.047\Revolution_Engine_8.3_ShaK3\SHAK3.sys --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\Rar$EX02.047\Revolution_Engine_8.3_ShaK3\SHAK3.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2.2.2009 11:04 Čas: 356920]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [30.5.2007 15:47 Čas: 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Fmdfl.sys [30.5.2007 17:58 Čas: 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Fmdm.sys [30.5.2007 17:58 Čas: 97184]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE2Fmgmt.sys [30.5.2007 18:25 Čas: 88688]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);c:\windows\system32\drivers\se2Fnd5.sys [30.5.2007 18:25 Čas: 18704]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;c:\windows\system32\drivers\SE2Fobex.sys [30.5.2007 18:20 Čas: 86560]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);c:\windows\system32\drivers\se2Funic.sys [30.5.2007 18:25 Čas: 90800]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Obsah adresáře 'Naplánované úlohy'

2009-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-04 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 23:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Do fronty Star Downloaderu - c:\program files\Star Downloader\sdieenq.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Zobrazit originál
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\g8ca54fd.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np32dsw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-04 21:25
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


C:\FMKXMBYF
C:\PROTOKOL
C:\SKRYTY

sken byl úspešně dokončen
skryté soubory: 3

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1614895754-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A0B3829-8B3D-6294-BC8B-A754B0DB491E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1614895754-1637723038-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,85,13,20,e9,a2,22,63,a1,7b,ab,30,d3,36,21,fb,82,2a,8c,fa,b0,dd,ad,
10,6a,6d,fe,82,d7,19,3f,25,a2,12,8a,62,a0,f6,4e,f4,d0,27,ac,fe,c1,d9,88,c9,\
"??"=hex:75,4f,3d,73,80,3a,99,4b,7b,08,39,8b,8e,8b,b6,43

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{765dd79e-581f-4bb6-92f4-2c332f2d46df}]
@Denied: (Full) (Everyone)
"Model"=dword:0000015a
"Therad"=dword:0000001f

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):99,c7,fb,e7,71,8c,30,ac,11,59,be,14,34,84,06,e9,96,84,22,74,d4,
8e,ae,47,ec,25,f3,53,18,c7,e5,00,b2,9a,c7,bc,58,20,67,d4,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:58,92,5a,34,3f,c6,a5,c5
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,8a,e8,46,ee,dc,b9,3c,
6e,96,5e,02,2e,f5,00,a9,81,08,f6,52,ef,e7,50,0b,0f,63,cf,89,b0,df,91,3d,bf,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\LMIinit.dll
.
Celkový čas: 2010-01-04 21:30:38
ComboFix-quarantined-files.txt 2010-01-04 20:30
ComboFix2.txt 2010-01-03 15:29

Před spuštěním: 4 193 263 616
Po spuštění: 4 153 217 024

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 35B6CAF680F69E2626A8312B1AFA6E67