Vir /IEXPLORE.EXE/

[alpi]

Dobrý den,
předem mého příspěvku bych odkázal na obdobný, již řešený problém http://www.viry.cz/forum/viewtopic.php?f=13&t=96748.
V kostce jde o neustále, každých několik sekund otevíranou hlášku o chybě procesu iexplore.exe a přímo úděsné zpomalení PC.

Na PC mi funguje Nod32 antivirus, pravidelně využívám Advanced Windows Care a Spyware terminator. I přesto se objevil výše zmíněný problém. Nyní jsem zkusil cca další 3 programy na odstranění havěti, ale bez úspěchu. Proto velmi prosím o pomoc zkušenějšího.

RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Alpi at 2010-03-20 09:21:21
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 6 GB (7%) free of 75 GB
Total RAM: 511 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:25, on 20.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM .exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui .exe
C:\DOCUME~1\Alpi\LOCALS~1\Temp\hki132.exe
C:\Documents and Settings\All Users\Data aplikací\O6FcLkNi.exe
C:\Documents and Settings\All Users\Data aplikací\O6FcLkNi.exe
C:\Documents and Settings\All Users\Data aplikací\O6FcLkNi.exe
C:\Documents and Settings\All Users\Data aplikací\O6FcLkNi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Alpi\Plocha\RSIT.exe
C:\Program Files\trend micro\Alpi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.153.156.21:1080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM .exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6258 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At49.job
C:\WINDOWS\tasks\At50.job
C:\WINDOWS\tasks\At51.job
C:\WINDOWS\tasks\At52.job
C:\WINDOWS\tasks\At53.job
C:\WINDOWS\tasks\At54.job
C:\WINDOWS\tasks\At55.job
C:\WINDOWS\tasks\At56.job
C:\WINDOWS\tasks\At57.job
C:\WINDOWS\tasks\At58.job
C:\WINDOWS\tasks\At59.job
C:\WINDOWS\tasks\At60.job
C:\WINDOWS\tasks\At61.job
C:\WINDOWS\tasks\At62.job
C:\WINDOWS\tasks\At63.job
C:\WINDOWS\tasks\At64.job
C:\WINDOWS\tasks\At65.job
C:\WINDOWS\tasks\At66.job
C:\WINDOWS\tasks\At67.job
C:\WINDOWS\tasks\At68.job
C:\WINDOWS\tasks\At69.job
C:\WINDOWS\tasks\At70.job
C:\WINDOWS\tasks\At71.job
C:\WINDOWS\tasks\At72.job
C:\WINDOWS\tasks\At73.job
C:\WINDOWS\tasks\At74.job
C:\WINDOWS\tasks\At75.job
C:\WINDOWS\tasks\At76.job
C:\WINDOWS\tasks\At77.job
C:\WINDOWS\tasks\At78.job
C:\WINDOWS\tasks\At79.job
C:\WINDOWS\tasks\At80.job
C:\WINDOWS\tasks\At81.job
C:\WINDOWS\tasks\At82.job
C:\WINDOWS\tasks\At83.job
C:\WINDOWS\tasks\At84.job
C:\WINDOWS\tasks\At85.job
C:\WINDOWS\tasks\At86.job
C:\WINDOWS\tasks\At87.job
C:\WINDOWS\tasks\At88.job
C:\WINDOWS\tasks\At89.job
C:\WINDOWS\tasks\At90.job
C:\WINDOWS\tasks\At91.job
C:\WINDOWS\tasks\At92.job
C:\WINDOWS\tasks\At93.job
C:\WINDOWS\tasks\At94.job
C:\WINDOWS\tasks\At95.job
C:\WINDOWS\tasks\At96.job
C:\WINDOWS\tasks\SDMsgUpdate (TE).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2010-02-18 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2010-02-18 2349080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2004-04-23 3756032]
"nwiz"=nwiz.exe /install []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-16 33792]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2004-04-23 46080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"ISUSPM"=C:\Documents and Settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM .exe [2007-07-12 226904]

C:\Documents and Settings\Alpi\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13fb5360-c1f1-11dd-bf0d-00110982d196}]
shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ba9c7aa-c1f0-11dd-bf0c-00110982d196}]
shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ba9c7ab-c1f0-11dd-bf0c-00110982d196}]
shell\AutoRun\command - F:\StartVMCLite.exe


======List of files/folders created in the last 1 months======

2010-03-20 09:19:40 ----D---- C:\Program Files\trend micro
2010-03-20 09:19:39 ----D---- C:\rsit
2010-03-20 09:06:18 ----D---- C:\Program Files\Trojan Remover
2010-03-20 09:06:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Simply Super Software
2010-03-20 09:02:05 ----A---- C:\WINDOWS\RegGenie.ini
2010-03-20 08:59:59 ----A---- C:\WINDOWS\RegGenieOnUninstall.exe
2010-03-20 08:59:42 ----D---- C:\Program Files\RegGenie
2010-03-20 08:53:47 ----D---- C:\WINDOWS\LastGood
2010-03-19 20:05:43 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-19 20:05:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-03-19 20:01:19 ----D---- C:\Program Files\Lark Anti-Spyware
2010-03-19 19:56:10 ----D---- C:\ComboFix
2010-03-19 19:56:10 ----A---- C:\WINDOWS\system32\CF30936.exe
2010-03-19 19:55:37 ----D---- C:\WINDOWS\ERDNT
2010-03-19 19:55:30 ----A---- C:\WINDOWS\system32\CF30772.exe
2010-03-19 19:55:14 ----D---- C:\Qoobox
2010-03-19 19:55:10 ----A---- C:\Bug.txt
2010-03-19 19:55:08 ----A---- C:\WINDOWS\system32\cmd.execf
2010-03-19 11:59:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-03-19 11:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-03-19 11:57:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-03-19 11:56:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-03-19 11:56:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-03-19 11:55:36 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-19 11:53:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-19 11:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-03-19 11:53:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-03-19 11:52:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-03-19 11:51:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-03-19 11:49:55 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-03-19 11:49:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-03-19 11:48:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-03-19 11:48:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-03-19 11:47:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-03-19 11:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-03-19 10:03:06 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-03-18 19:50:37 ----HDC---- C:\WINDOWS\$NtUninstallKB873333$
2010-03-18 17:22:14 ----D---- C:\WINDOWS\Prefetch
2010-03-18 12:56:07 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-03-18 12:39:29 ----N---- C:\WINDOWS\system32\ieencode.dll
2010-03-18 10:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP10$
2010-03-18 10:03:25 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2010-03-18 10:03:24 ----A---- C:\WINDOWS\system32\h323msp.dll
2010-03-18 09:51:33 ----A---- C:\WINDOWS\system32\msgsvc.dll
2010-03-18 09:50:19 ----A---- C:\WINDOWS\system32\vbajet32.dll
2010-03-18 09:50:19 ----A---- C:\WINDOWS\system32\msxbde40.dll
2010-03-18 09:50:19 ----A---- C:\WINDOWS\system32\mswstr10.dll
2010-03-18 09:50:19 ----A---- C:\WINDOWS\system32\mswdat10.dll
2010-03-18 09:50:19 ----A---- C:\WINDOWS\system32\mstext40.dll
2010-03-18 09:50:19 ----A---- C:\WINDOWS\system32\msrepl40.dll
2010-03-18 09:50:19 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2010-03-18 09:50:19 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2010-03-18 09:50:19 ----A---- C:\WINDOWS\system32\mspbde40.dll
2010-03-18 09:50:19 ----A---- C:\WINDOWS\system32\msjtes40.dll
2010-03-18 09:50:19 ----A---- C:\WINDOWS\system32\msjter40.dll
2010-03-18 09:50:19 ----A---- C:\WINDOWS\system32\msjint40.dll
2010-03-18 09:50:19 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2010-03-18 09:50:19 ----A---- C:\WINDOWS\system32\msjet40.dll
2010-03-18 09:50:19 ----A---- C:\WINDOWS\system32\msexch40.dll
2010-03-18 09:50:19 ----A---- C:\WINDOWS\system32\msexcl40.dll
2010-03-18 09:50:19 ----A---- C:\WINDOWS\system32\expsrv.dll
2010-03-18 09:50:18 ----A---- C:\WINDOWS\system32\msltus40.dll
2010-03-18 09:14:55 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-03-18 09:14:55 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-03-18 09:14:55 ----A---- C:\WINDOWS\system32\mstask.dll
2010-03-18 09:12:09 ----A---- C:\WINDOWS\system32\esent.dll
2010-03-18 08:54:13 ----A---- C:\WINDOWS\system32\winhttp.dll
2010-03-18 08:54:13 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-03-18 08:40:21 ----RA---- C:\WINDOWS\system32\nwiz.exe
2010-03-18 08:40:20 ----RA---- C:\WINDOWS\system32\nvwimg.dll
2010-03-18 08:40:20 ----RA---- C:\WINDOWS\system32\nvwdmcpl.dll
2010-03-18 08:40:20 ----RA---- C:\WINDOWS\system32\nvshell.dll
2010-03-18 08:40:19 ----RA---- C:\WINDOWS\system32\nview.dll
2010-03-18 08:40:19 ----RA---- C:\WINDOWS\system32\nvdspsch.exe
2010-03-18 08:40:18 ----RA---- C:\WINDOWS\system32\nvappbar.exe
2010-03-18 08:40:17 ----RA---- C:\WINDOWS\system32\keystone.exe
2010-03-18 08:40:16 ----RA---- C:\WINDOWS\system32\nvwddi.dll
2010-03-18 08:40:16 ----RA---- C:\WINDOWS\system32\nvnt4cpl.dll
2010-03-18 08:40:15 ----RA---- C:\WINDOWS\system32\nvmctray.dll
2010-03-18 08:40:14 ----RA---- C:\WINDOWS\system32\nvcpl.dll
2010-03-18 08:40:12 ----RA---- C:\WINDOWS\system32\nvoglnt.dll
2010-03-18 08:40:11 ----RA---- C:\WINDOWS\system32\nv4_disp.dll
2010-03-18 08:40:10 ----RA---- C:\WINDOWS\system32\nvsvc32.exe
2010-03-18 08:40:10 ----RA---- C:\WINDOWS\system32\nvcodins.dll
2010-03-18 08:40:10 ----RA---- C:\WINDOWS\system32\nvcod.dll
2010-03-18 08:24:18 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-03-18 08:23:49 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-03-18 08:23:49 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-03-18 08:23:49 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-03-18 08:23:49 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-03-18 08:23:48 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-03-18 08:23:48 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-03-18 08:23:46 ----A---- C:\WINDOWS\system32\inetres.dll
2010-03-18 08:23:43 ----A---- C:\WINDOWS\system32\isign32.dll
2010-03-18 08:23:43 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-03-18 08:23:43 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-03-18 08:23:43 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-03-18 08:23:38 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-03-18 08:23:34 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-03-18 08:23:34 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-03-18 08:23:34 ----A---- C:\WINDOWS\system32\srclient.dll
2010-03-18 08:23:34 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-03-18 08:23:34 ----A---- C:\WINDOWS\system32\ils.dll
2010-03-18 08:23:33 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-03-18 08:23:33 ----A---- C:\WINDOWS\system32\msconf.dll
2010-03-18 08:23:31 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-03-18 08:23:31 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-03-18 08:23:31 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-03-18 08:22:37 ----D---- C:\Program Files\ComPlus Applications
2010-03-18 08:22:27 ----HD---- C:\Program Files\WindowsUpdate
2010-03-18 08:22:25 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-03-18 08:22:24 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-03-18 08:22:24 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-03-18 08:22:24 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-03-18 08:22:23 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-03-18 08:22:23 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-03-18 08:22:23 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-03-18 08:22:23 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-03-18 08:22:22 ----A---- C:\WINDOWS\system32\stclient.dll
2010-03-18 08:22:22 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-03-18 08:22:22 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-03-18 08:22:22 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-03-18 08:22:22 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-03-18 08:22:22 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-03-18 08:22:22 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-03-18 08:22:21 ----A---- C:\WINDOWS\system32\comuid.dll
2010-03-18 08:22:21 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-03-18 08:22:21 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-03-18 08:22:21 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-03-18 08:22:16 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-03-18 08:22:14 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-03-18 08:22:14 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-03-18 08:22:14 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-03-18 08:22:14 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-03-18 08:22:14 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-03-18 08:22:13 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-03-18 08:22:13 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-03-18 08:22:13 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-03-18 08:22:13 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-03-18 08:22:13 ----A---- C:\WINDOWS\system32\spider.exe
2010-03-18 08:22:12 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-03-18 08:22:12 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-03-18 08:22:12 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-03-18 08:22:12 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-03-18 08:22:12 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-03-18 08:22:12 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-03-18 08:22:12 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-03-18 08:22:12 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-03-18 08:22:12 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-03-18 08:22:12 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-03-18 08:22:12 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-03-18 08:22:12 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-03-18 08:22:12 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-03-18 08:22:11 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-03-18 08:22:08 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-03-18 08:14:45 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-03-18 08:14:45 ----A---- C:\WINDOWS\system32\irclass.dll
2010-03-18 08:14:44 ----A---- C:\WINDOWS\system32\storprop.dll
2010-03-18 08:14:32 ----RA---- C:\WINDOWS\SETDA.tmp
2010-03-18 08:14:29 ----RA---- C:\WINDOWS\SETC5.tmp
2010-03-16 21:00:22 ----A---- C:\Documents and Settings\All Users\Data aplikací\O6FcLkNi.exe
2010-03-16 19:15:54 ----D---- C:\Program Files\ESET
2010-03-16 19:15:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-03-14 23:42:05 ----D---- C:\Program Files\Common Files\ABBYY
2010-03-14 23:34:46 ----D---- C:\FR90PE_VOL
2010-03-14 13:55:11 ----D---- C:\Program Files\ABBYY FineReader 7.0 Professional Edition
2010-03-14 13:53:18 ----D---- C:\FR70PRO
2010-02-28 12:13:14 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-02-28 12:13:13 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2010-02-28 12:13:13 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2010-02-28 12:13:12 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-02-28 12:13:11 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-02-28 12:13:11 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-02-28 12:13:10 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-02-28 12:13:09 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-02-28 12:13:09 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-02-28 12:13:08 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2010-02-28 12:13:07 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-02-28 12:13:06 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2010-02-28 12:13:06 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2010-02-28 12:13:05 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2010-02-28 12:13:05 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2010-02-28 12:13:04 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2010-02-28 12:13:04 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2010-02-28 12:13:03 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2010-02-28 12:13:03 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2010-02-28 12:13:03 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2010-02-28 12:13:02 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2010-02-28 12:13:01 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2010-02-28 12:13:01 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2010-02-28 12:13:01 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2010-02-28 12:13:01 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2010-02-28 12:13:00 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2010-02-28 12:13:00 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2010-02-28 12:12:59 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2010-02-28 12:12:59 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2010-02-28 12:12:59 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2010-02-28 12:12:58 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2010-02-28 12:12:58 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2010-02-28 12:12:57 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2010-02-28 12:12:57 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2010-02-28 12:12:57 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2010-02-28 12:12:56 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2010-02-28 12:12:56 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2010-02-28 12:12:55 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2010-02-28 12:12:55 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2010-02-28 12:12:54 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2010-02-28 12:12:54 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2010-02-28 12:12:53 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2010-02-28 12:12:53 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2010-02-28 12:12:52 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2010-02-28 12:12:52 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2010-02-28 12:12:51 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2010-02-28 12:12:51 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2010-02-28 12:12:50 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2010-02-28 12:12:49 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2010-02-28 12:12:49 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2010-02-28 12:12:49 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2010-02-28 12:12:48 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2010-02-28 12:12:47 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2010-02-28 12:12:47 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2010-02-28 12:12:47 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2010-02-28 12:12:47 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2010-02-28 12:12:46 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2010-02-28 12:12:44 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2010-02-28 12:12:40 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2010-02-28 12:12:40 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2010-02-28 12:12:37 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2010-02-28 12:11:07 ----D---- C:\WINDOWS\Logs
2010-02-27 17:00:48 ----D---- C:\Program Files\RapidDown

======List of files/folders modified in the last 1 months======

2010-03-20 09:19:51 ----D---- C:\WINDOWS\Temp
2010-03-20 09:19:40 ----RD---- C:\Program Files
2010-03-20 09:17:58 ----D---- C:\Program Files\Mozilla Firefox
2010-03-20 09:09:25 ----D---- C:\WINDOWS\system32
2010-03-20 09:02:05 ----D---- C:\WINDOWS
2010-03-20 09:00:00 ----RSD---- C:\WINDOWS\Fonts
2010-03-20 08:54:03 ----HD---- C:\WINDOWS\inf
2010-03-20 08:53:48 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-20 08:53:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-20 08:43:51 ----SD---- C:\WINDOWS\Tasks
2010-03-19 21:54:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-19 19:42:52 ----D---- C:\Documents and Settings\Alpi\Data aplikací\Spyware Terminator
2010-03-19 19:16:10 ----D---- C:\Documents and Settings\Alpi\Data aplikací\ICQ
2010-03-19 18:01:30 ----D---- C:\WINDOWS\security
2010-03-19 17:19:45 ----D---- C:\Documents and Settings\Alpi\Data aplikací\OpenOffice.org2
2010-03-19 15:45:50 ----A---- C:\WINDOWS\system.ini
2010-03-19 14:19:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-19 14:14:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-19 14:14:55 ----D---- C:\WINDOWS\system32\wbem
2010-03-19 14:14:55 ----D---- C:\WINDOWS\AppPatch
2010-03-19 14:14:54 ----D---- C:\WINDOWS\system32\Setup
2010-03-19 14:14:54 ----D---- C:\WINDOWS\system32\drivers
2010-03-19 11:58:18 ----A---- C:\WINDOWS\imsins.BAK
2010-03-19 11:55:27 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-19 11:53:51 ----D---- C:\Program Files\Movie Maker
2010-03-19 11:50:52 ----D---- C:\Program Files\Outlook Express
2010-03-19 11:46:46 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-03-19 11:40:02 ----A---- C:\WINDOWS\wincmd.ini
2010-03-19 11:02:31 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-03-18 19:39:11 ----D---- C:\WINDOWS\WinSxS
2010-03-18 17:32:46 ----D---- C:\Program Files\Spyware Terminator
2010-03-18 17:23:29 ----D---- C:\WINDOWS\system32\inetsrv
2010-03-18 17:22:28 ----A---- C:\WINDOWS\setuplog.txt
2010-03-18 13:16:33 ----RASH---- C:\boot.ini
2010-03-18 13:15:06 ----D---- C:\Program Files\Messenger
2010-03-18 13:15:01 ----D---- C:\WINDOWS\ime
2010-03-18 13:15:01 ----D---- C:\WINDOWS\Help
2010-03-18 13:14:22 ----D---- C:\Program Files\Windows Media Player
2010-03-18 13:14:19 ----D---- C:\WINDOWS\peernet
2010-03-18 13:08:45 ----D---- C:\Program Files\Internet Explorer
2010-03-18 13:08:43 ----D---- C:\WINDOWS\system32\Restore
2010-03-18 13:08:43 ----D---- C:\WINDOWS\system32\npp
2010-03-18 13:08:43 ----D---- C:\WINDOWS\msagent
2010-03-18 13:08:36 ----D---- C:\WINDOWS\srchasst
2010-03-18 13:08:31 ----D---- C:\Program Files\NetMeeting
2010-03-18 13:08:25 ----D---- C:\WINDOWS\system32\Com
2010-03-18 13:08:12 ----D---- C:\Program Files\Windows NT
2010-03-18 13:08:04 ----D---- C:\Program Files\Common Files\System
2010-03-18 13:07:36 ----D---- C:\WINDOWS\system32\oobe
2010-03-18 13:07:32 ----D---- C:\WINDOWS\system32\usmt
2010-03-18 13:07:29 ----D---- C:\WINDOWS\system
2010-03-18 13:05:33 ----RD---- C:\WINDOWS\Web
2010-03-18 13:04:17 ----RASH---- C:\NTDETECT.COM
2010-03-18 13:01:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-18 12:55:58 ----D---- C:\WINDOWS\EHome
2010-03-18 10:56:28 ----D---- C:\WINDOWS\Debug
2010-03-18 10:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2010-03-18 10:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2010-03-18 10:09:22 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2010-03-18 10:08:39 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2010-03-18 10:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2010-03-18 10:07:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2010-03-18 10:06:50 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2010-03-18 10:05:27 ----HDC---- C:\WINDOWS\$NtUninstallKB840374$
2010-03-18 10:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2010-03-18 10:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB835732$
2010-03-18 10:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2010-03-18 10:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2010-03-18 10:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB823182$
2010-03-18 09:58:35 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2010-03-18 09:57:59 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2010-03-18 09:57:28 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2010-03-18 09:57:01 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2010-03-18 09:56:33 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2010-03-18 09:56:06 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2010-03-18 09:55:41 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2010-03-18 09:55:19 ----HDC---- C:\WINDOWS\$NtUninstallQ329834$
2010-03-18 09:54:53 ----HDC---- C:\WINDOWS\$NtUninstallKB823559$
2010-03-18 09:54:01 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2010-03-18 09:53:21 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2010-03-18 09:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB885626$
2010-03-18 09:51:59 ----HDC---- C:\WINDOWS\$NtUninstallKB828035$
2010-03-18 09:51:08 ----HDC---- C:\WINDOWS\$NtUninstallKB840987$
2010-03-18 09:50:29 ----HDC---- C:\WINDOWS\$NtUninstallKB837001$
2010-03-18 09:49:51 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2010-03-18 09:48:38 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2010-03-18 09:48:04 ----HDC---- C:\WINDOWS\$NtUninstallQ810833$
2010-03-18 09:47:08 ----HDC---- C:\WINDOWS\$NtUninstallQ828026$
2010-03-18 09:46:15 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2010-03-18 09:45:53 ----HDC---- C:\WINDOWS\$NtUninstallKB905495$
2010-03-18 09:45:26 ----HDC---- C:\WINDOWS\$NtUninstallKB873376$
2010-03-18 09:44:24 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2010-03-18 09:43:52 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2010-03-18 09:43:28 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2010-03-18 09:43:02 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2010-03-18 09:41:49 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2010-03-18 09:41:21 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2010-03-18 09:40:49 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2010-03-18 09:40:20 ----HDC---- C:\WINDOWS\$NtUninstallKB841356$
2010-03-18 09:39:57 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2010-03-18 09:39:33 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2010-03-18 09:39:11 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2010-03-18 09:38:36 ----HDC---- C:\WINDOWS\$NtUninstallKB824105$
2010-03-18 09:37:48 ----HDC---- C:\WINDOWS\$NtUninstallQ814033$
2010-03-18 09:36:57 ----HDC---- C:\WINDOWS\$NtUninstallKB841533$
2010-03-18 09:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2010-03-18 09:35:53 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2010-03-18 09:35:16 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2010-03-18 09:34:42 ----HDC---- C:\WINDOWS\$NtUninstallQ810565$
2010-03-18 09:33:43 ----HDC---- C:\WINDOWS\$NtUninstallKB892944$
2010-03-18 09:31:23 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2010-03-18 09:30:59 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2010-03-18 09:30:30 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2010-03-18 09:29:38 ----HDC---- C:\WINDOWS\$NtUninstallQ815021$
2010-03-18 09:28:18 ----A---- C:\WINDOWS\iis6.BAK
2010-03-18 09:28:03 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2010-03-18 09:27:41 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2010-03-18 09:27:16 ----HDC---- C:\WINDOWS\$NtUninstallQ329170$
2010-03-18 09:26:28 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2010-03-18 09:26:06 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2010-03-18 09:25:47 ----HDC---- C:\WINDOWS\$NtUninstallKB835409$
2010-03-18 09:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2010-03-18 09:25:08 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2010-03-18 09:24:42 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2010-03-18 09:24:25 ----HDC---- C:\WINDOWS\$NtUninstallQ329115$
2010-03-18 09:24:09 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2010-03-18 09:23:49 ----HDC---- C:\WINDOWS\$NtUninstallQ329390$
2010-03-18 09:23:16 ----HDC---- C:\WINDOWS\$NtUninstallKB841873$
2010-03-18 09:08:18 ----D---- C:\WINDOWS\system32\1029
2010-03-18 09:08:15 ----D---- C:\WINDOWS\Media
2010-03-18 09:08:11 ----D---- C:\WINDOWS\twain_32
2010-03-18 09:07:47 ----D---- C:\WINDOWS\system32\icsxml
2010-03-18 09:07:11 ----D---- C:\WINDOWS\system32\1033
2010-03-18 09:05:52 ----D---- C:\WINDOWS\Driver Cache
2010-03-18 08:55:49 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-03-18 08:54:57 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2010-03-18 08:52:19 ----D---- C:\WINDOWS\SoftwareDistribution
2010-03-18 08:41:30 ----D---- C:\WINDOWS\nview
2010-03-18 08:39:57 ----A---- C:\WINDOWS\tsctv.ini
2010-03-18 08:34:56 ----SHD---- C:\System Volume Information
2010-03-18 08:34:21 ----D---- C:\WINDOWS\Registration
2010-03-18 08:31:09 ----D---- C:\WINDOWS\system32\config
2010-03-18 08:25:49 ----A---- C:\WINDOWS\win.ini
2010-03-18 08:25:18 ----A---- C:\WINDOWS\OEWABLog.txt
2010-03-18 08:25:14 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-18 08:25:11 ----A---- C:\WINDOWS\ODBCINST.INI
2010-03-18 08:24:50 ----D---- C:\WINDOWS\system32\ias
2010-03-18 08:24:12 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-03-18 08:14:38 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-03-17 10:38:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-03-16 19:17:57 ----SHD---- C:\WINDOWS\Installer
2010-03-15 20:26:52 ----D---- C:\Documents and Settings\Alpi\Data aplikací\Canon
2010-03-14 23:52:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\ABBYY
2010-03-14 23:45:57 ----D---- C:\Program Files\ABBYY FineReader 9.0
2010-03-14 23:42:05 ----D---- C:\Program Files\Common Files
2010-03-13 12:30:27 ----D---- C:\DATA (F)
2010-03-06 22:42:19 ----D---- C:\Downloads
2010-03-01 21:30:14 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-28 12:13:20 ----D---- C:\WINDOWS\system32\DirectX
2010-02-28 12:12:37 ----RSD---- C:\WINDOWS\assembly
2010-02-28 12:12:27 ----D---- C:\WINDOWS\Microsoft.NET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-03-09 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-03-09 95872]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-10-07 271360]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-03-09 139192]
R2 k;k; \??\C:\WINDOWS\system32\o.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-10-07 18048]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2008-06-01 34064]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-04-23 2167552]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-03-28 101120]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-11-04 43552]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 wsvad_driver;WS Audio Device; C:\WINDOWS\system32\drivers\VirtualAudio.sys [2008-08-18 16896]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-09 810120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2004-04-23 114755]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-06-12 606720]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-02-13 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-09 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[alpi]

Dobré poledne, postupoval jsem dle Vašeho návodu.

ComboFix:

ComboFix 10-03-19.08 - Alpi 20.03.2010 17:19:38.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.26 [GMT 1:00]
Spuštěný z: c:\documents and settings\Alpi\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-20 do 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-20 15:53 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-20 15:53 . 2009-12-21 19:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-20 15:53 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-20 15:53 . 2009-12-21 19:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-20 15:53 . 2009-12-21 19:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-03-20 15:53 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-20 15:53 . 2009-12-21 19:08 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-03-20 08:19 . 2010-03-20 08:21 -------- d-----w- c:\program files\trend micro
2010-03-20 08:19 . 2010-03-20 08:19 -------- d-----w- C:\rsit
2010-03-20 08:06 . 2010-03-20 10:52 -------- d-----w- c:\program files\Trojan Remover
2010-03-19 19:05 . 2010-03-20 08:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-19 19:01 . 2010-03-20 08:16 -------- d-----w- c:\program files\Lark Anti-Spyware
2010-03-19 18:56 . 2010-03-19 18:56 389632 ----a-w- c:\windows\system32\CF30936.exe
2010-03-19 18:55 . 2010-03-19 18:55 389632 ----a-w- c:\windows\system32\CF30772.exe
2010-03-19 15:16 . 2010-03-19 15:16 4736 ----a-w- c:\windows\system32\o.sys
2010-03-19 09:03 . 2010-03-19 09:53 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-03-19 08:55 . 2009-12-31 16:14 352640 -c----w- c:\windows\system32\dllcache\srv.sys
2010-03-19 08:54 . 2009-11-21 16:46 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-19 08:53 . 2009-12-09 10:28 2059904 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-03-19 08:53 . 2009-12-09 10:28 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-19 08:53 . 2005-07-26 04:42 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2010-03-19 08:53 . 2009-12-09 10:28 2182528 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-19 08:53 . 2009-03-06 14:47 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-03-19 08:53 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-03-19 08:53 . 2009-02-09 10:22 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-03-19 08:53 . 2009-02-09 10:22 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-03-19 08:52 . 2009-02-09 10:22 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-03-19 08:52 . 2009-02-09 10:11 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-03-19 08:52 . 2009-02-09 10:22 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-03-19 08:52 . 2009-02-09 10:22 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-03-19 08:52 . 2009-12-09 10:28 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-19 08:52 . 2009-06-21 22:07 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-03-19 08:51 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-19 08:49 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-03-19 08:49 . 2009-07-10 13:42 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-03-19 08:49 . 2008-04-11 18:51 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-03-19 08:47 . 2009-06-05 07:46 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-03-19 08:46 . 2008-04-21 21:28 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-03-18 12:15 . 2010-03-18 16:21 -------- d-----w- c:\windows\system32\wbem\Repository.001
2010-03-18 11:39 . 2004-08-02 13:20 4569 ------w- c:\windows\system32\secupd.dat
2010-03-18 09:03 . 2004-08-17 22:49 330240 ----a-w- c:\windows\system32\ipnathlp.dll
2010-03-18 09:03 . 2004-08-17 22:49 45568 ----a-w- c:\windows\system32\wbem\cmdevtgprov.dll
2010-03-18 09:03 . 2004-08-17 22:49 614912 ----a-w- c:\windows\system32\h323msp.dll
2010-03-18 08:59 . 2004-04-11 04:05 595968 -c----w- c:\windows\system32\dllcache\xpsp2res.dll
2010-03-18 08:51 . 2004-08-17 22:49 33792 ------w- c:\windows\system32\msgsvc.dll
2010-03-18 08:14 . 2004-08-17 22:49 12288 ----a-w- c:\windows\system32\mstinit.exe
2010-03-18 08:14 . 2004-08-17 22:49 190976 ------w- c:\windows\system32\schedsvc.dll
2010-03-18 08:14 . 2004-08-17 22:49 275968 ----a-w- c:\windows\system32\mstask.dll
2010-03-18 08:12 . 2004-09-01 22:27 209280 -c--a-w- c:\windows\system32\dllcache\update.sys
2010-03-18 08:12 . 2004-08-17 22:49 1083904 ----a-w- c:\windows\system32\esent.dll
2010-03-18 07:54 . 2009-08-25 09:49 352256 ----a-w- c:\windows\system32\winhttp.dll
2010-03-18 07:54 . 2004-08-17 22:49 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2010-03-18 07:28 . 2001-10-25 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-03-18 07:27 . 2001-10-25 12:00 20992 -c--a-w- c:\windows\system32\dllcache\permchk.dll
2010-03-18 07:26 . 2001-10-25 12:00 31744 -c--a-w- c:\windows\system32\dllcache\fxsroute.dll
2010-03-18 07:23 . 2001-10-25 12:00 28160 -c--a-w- c:\windows\system32\dllcache\msoobe.exe
2010-03-18 07:18 . 2004-08-04 06:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-03-18 07:18 . 2004-08-04 06:07 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-03-18 07:16 . 2004-08-04 05:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-03-18 07:16 . 2004-08-04 06:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-03-18 07:16 . 2004-08-17 22:43 58240 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-03-18 07:16 . 2004-08-04 05:31 20992 ----a-w- c:\windows\system32\drivers\rtl8139.sys
2010-03-18 07:15 . 2004-08-17 22:49 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-03-18 07:15 . 2004-08-04 06:01 196864 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-03-16 18:15 . 2010-03-16 18:15 -------- d-----w- c:\program files\ESET
2010-03-14 22:42 . 2010-03-14 22:42 -------- d-----w- c:\program files\Common Files\ABBYY
2010-03-14 22:34 . 2008-05-16 04:51 -------- d-----w- C:\FR90PE_VOL
2010-03-14 12:55 . 2010-03-14 13:06 -------- d-----w- c:\program files\ABBYY FineReader 7.0 Professional Edition
2010-03-14 12:53 . 2010-03-14 12:53 -------- d-----w- C:\FR70PRO
2010-03-09 09:13 . 2010-03-09 09:13 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-03-09 09:13 . 2010-03-09 09:13 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-09 09:11 . 2010-03-09 09:11 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-02-28 11:12 . 2008-07-31 09:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-02-28 11:11 . 2010-02-28 11:11 -------- d-----w- c:\windows\Logs
2010-02-27 16:00 . 2010-02-27 16:01 -------- d-----w- c:\program files\RapidDown

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 13:19 . 2001-10-25 12:00 78030 ----a-w- c:\windows\system32\perfc005.dat
2010-03-19 13:19 . 2001-10-25 12:00 429018 ----a-w- c:\windows\system32\perfh005.dat
2010-03-18 16:32 . 2008-10-01 12:58 -------- d-----w- c:\program files\Spyware Terminator
2010-03-18 07:25 . 2010-03-18 07:25 2678 ----a-w- c:\windows\java\Packages\Data\DVPV7D7D.DAT
2010-03-18 07:25 . 2010-03-18 07:25 2678 ----a-w- c:\windows\java\Packages\Data\ZBFPZFRN.DAT
2010-03-18 07:25 . 2010-03-18 07:25 2678 ----a-w- c:\windows\java\Packages\Data\V1BVLFXR.DAT
2010-03-18 07:25 . 2010-03-18 07:25 2678 ----a-w- c:\windows\java\Packages\Data\EPNDFTJP.DAT
2010-03-18 07:25 . 2010-03-18 07:25 2678 ----a-w- c:\windows\java\Packages\Data\CU4VRLZJ.DAT
2010-03-18 07:22 . 2008-10-01 12:24 22900 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-16 18:16 . 2010-03-16 18:16 33792 ----a-w- c:\windows\Fonts\L4u2ghX.com
2010-03-14 22:45 . 2009-02-27 13:59 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2010-02-13 15:56 . 2008-10-05 06:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-13 15:54 . 2010-02-13 15:54 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-02-04 22:21 . 2009-01-30 14:40 -------- d-----w- c:\program files\Postal2STP
2010-02-04 09:01 . 2010-02-28 11:13 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 09:01 . 2010-02-28 11:13 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 09:01 . 2010-02-28 11:13 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 09:01 . 2010-02-28 11:13 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-01-29 09:44 . 2010-01-29 09:44 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-29 09:41 . 2010-01-29 09:41 -------- d-----r- c:\program files\Skype
2010-01-29 09:41 . 2010-01-29 09:41 -------- d-----w- c:\program files\Common Files\Skype
2009-12-31 16:14 . 2001-10-25 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2006-06-23 12:27 916480 ----a-w- c:\windows\system32\wininet.dll
.

Kód: Vybrat vše

<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\ESET\ESET NOD32 Antivirus\egui .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2 .exe
c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg .exe
</pre>

------- Sigcheck -------

[-] 2008-04-14 . 278A14BEDEF58687EAF8BEC056A78D8B . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\wscntfy.exe
[-] 2008-04-14 . 278A14BEDEF58687EAF8BEC056A78D8B . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[7] 2004-08-17 . 93F75FF033BAA186D08115D73BFE3D32 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[7] 2004-08-17 . 93F75FF033BAA186D08115D73BFE3D32 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\wscntfy.exe

[-] 2008-04-14 . EAA4BB9EDB3FB10CF8979FE65E63658F . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\xmlprov.dll
[-] 2008-04-14 . EAA4BB9EDB3FB10CF8979FE65E63658F . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[7] 2004-08-17 . 9B835D4C64860B155A1701D5092EC9E4 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[7] 2004-08-17 . 9B835D4C64860B155A1701D5092EC9E4 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\xmlprov.dll

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\ip6fw.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-03-20_11.29.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-02 09:16 . 2009-01-07 16:20 26144 c:\windows\system32\spupdsvc.exe
+ 2008-10-02 09:16 . 2009-01-07 17:20 26144 c:\windows\system32\spupdsvc.exe
+ 2009-05-04 11:47 . 2009-01-07 17:20 17952 c:\windows\system32\spmsg.dll
- 2009-05-04 11:47 . 2009-01-07 16:20 17952 c:\windows\system32\spmsg.dll
+ 2002-09-20 16:04 . 2009-03-08 03:31 46592 c:\windows\system32\pngfilt.dll
- 2006-06-29 06:05 . 2009-01-07 16:20 23552 c:\windows\system32\normaliz.dll
+ 2006-06-29 06:05 . 2009-01-07 17:20 23552 c:\windows\system32\normaliz.dll
+ 2006-06-28 15:59 . 2009-01-07 17:20 24576 c:\windows\system32\nlsdl.dll
- 2006-06-28 15:59 . 2009-01-07 16:20 24576 c:\windows\system32\nlsdl.dll
+ 2002-09-20 16:01 . 2009-03-08 03:31 48128 c:\windows\system32\mshtmler.dll
+ 2002-09-20 16:04 . 2009-03-08 03:31 66560 c:\windows\system32\mshtmled.dll
+ 2001-10-25 12:00 . 2009-03-08 03:31 45568 c:\windows\system32\mshta.exe
- 2007-08-13 16:54 . 2009-10-29 07:43 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 16:54 . 2009-12-21 19:08 55296 c:\windows\system32\msfeedsbs.dll
+ 2002-09-20 16:04 . 2009-03-08 03:34 43008 c:\windows\system32\licmgr10.dll
+ 2001-10-25 12:00 . 2009-12-21 19:08 25600 c:\windows\system32\jsproxy.dll
+ 2002-09-20 16:04 . 2009-03-08 03:32 94720 c:\windows\system32\inseng.dll
+ 2002-09-20 16:03 . 2009-03-08 03:31 34816 c:\windows\system32\imgutil.dll
+ 2007-08-13 16:39 . 2009-03-08 03:32 36864 c:\windows\system32\ieudinit.exe
- 2007-08-13 16:39 . 2009-03-08 02:32 36864 c:\windows\system32\ieudinit.exe
+ 2002-09-20 16:03 . 2009-03-08 03:32 71680 c:\windows\system32\iesetup.dll
+ 2001-10-25 12:00 . 2009-03-08 03:32 55808 c:\windows\system32\iernonce.dll
+ 2006-06-29 06:05 . 2009-01-07 17:20 26112 c:\windows\system32\idndl.dll
- 2006-06-29 06:05 . 2009-01-07 16:20 26112 c:\windows\system32\idndl.dll
+ 2009-12-22 05:42 . 2009-03-08 03:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-03-08 03:31 . 2009-03-08 03:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2009-12-22 05:42 . 2009-03-08 03:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 03:31 . 2009-03-08 03:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2009-03-08 03:34 . 2009-03-08 03:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-12-22 05:42 . 2009-12-21 19:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-12-22 05:42 . 2009-03-08 03:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2009-03-08 03:31 . 2009-03-08 03:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2009-03-08 03:24 . 2009-03-08 03:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-03-08 03:33 . 2009-03-08 03:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2001-10-25 12:00 . 2009-03-08 03:33 18944 c:\windows\system32\corpol.dll
+ 2001-10-25 12:00 . 2009-03-08 03:32 72704 c:\windows\system32\admparse.dll
+ 2010-03-20 16:02 . 2009-10-29 07:43 12800 c:\windows\ie8updates\KB978207-IE8\xpshims.dll
+ 2010-03-20 16:02 . 2009-10-29 07:43 55296 c:\windows\ie8updates\KB978207-IE8\msfeedsbs.dll
+ 2010-03-20 16:02 . 2009-10-29 07:43 25600 c:\windows\ie8updates\KB978207-IE8\jsproxy.dll
+ 2009-06-08 14:26 . 2004-08-17 22:49 37888 c:\windows\ie8\url.dll
- 2009-06-08 14:28 . 2009-03-08 14:57 58448 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-06-08 14:28 . 2009-03-08 15:57 58448 c:\windows\ie8\spuninst\iecustom.dll
+ 2010-03-20 15:57 . 2009-12-22 05:42 39424 c:\windows\ie8\pngfilt.dll
+ 2010-03-20 15:57 . 2004-08-17 22:49 96768 c:\windows\ie8\occache.dll
+ 2010-03-20 15:57 . 2004-08-17 22:48 56832 c:\windows\ie8\mshtmler.dll
+ 2010-03-20 15:57 . 2004-08-17 22:49 29184 c:\windows\ie8\mshta.exe
+ 2010-03-20 15:57 . 2004-08-17 22:49 22016 c:\windows\ie8\licmgr10.dll
+ 2010-03-20 15:57 . 2009-12-22 05:42 16384 c:\windows\ie8\jsproxy.dll
+ 2010-03-20 15:57 . 2009-12-22 05:42 96768 c:\windows\ie8\inseng.dll
+ 2010-03-20 15:57 . 2004-08-17 22:49 35840 c:\windows\ie8\imgutil.dll
+ 2010-03-20 15:57 . 2004-08-17 22:49 93184 c:\windows\ie8\iexplore.exe
+ 2010-03-20 15:57 . 2004-08-17 22:49 62976 c:\windows\ie8\iesetup.dll
+ 2010-03-20 15:57 . 2004-08-17 22:49 48640 c:\windows\ie8\iernonce.dll
+ 2010-03-20 15:57 . 2009-12-22 05:42 81920 c:\windows\ie8\ieencode.dll
+ 2010-03-20 15:57 . 2004-08-17 22:49 34304 c:\windows\ie8\ie4uinit.exe
+ 2010-03-20 15:57 . 2004-08-17 22:49 38912 c:\windows\ie8\hmmapi.dll
- 2009-06-08 14:26 . 2008-04-14 03:21 35328 c:\windows\ie8\corpol.dll
+ 2010-03-20 15:57 . 2004-08-17 22:49 35328 c:\windows\ie8\corpol.dll
+ 2010-03-20 15:57 . 2004-08-17 22:49 61440 c:\windows\ie8\admparse.dll
- 2008-10-09 13:14 . 2009-01-07 16:21 121856 c:\windows\system32\xmllite.dll
+ 2008-10-09 13:14 . 2009-01-07 17:21 121856 c:\windows\system32\xmllite.dll
+ 2002-09-20 16:05 . 2009-03-08 03:34 236544 c:\windows\system32\webcheck.dll
+ 2002-09-20 16:04 . 2009-03-08 03:33 420352 c:\windows\system32\vbscript.dll
+ 2002-09-20 16:04 . 2009-03-08 03:34 105984 c:\windows\system32\url.dll
+ 2001-10-25 12:00 . 2009-12-21 19:08 206848 c:\windows\system32\occache.dll
+ 2002-09-20 16:04 . 2009-03-08 03:32 611840 c:\windows\system32\mstime.dll
+ 2002-09-20 16:04 . 2009-03-08 03:34 193536 c:\windows\system32\msrating.dll
+ 2001-10-25 12:00 . 2009-03-08 03:22 156160 c:\windows\system32\msls31.dll
- 2007-08-13 16:54 . 2009-10-29 07:43 594432 c:\windows\system32\msfeeds.dll
+ 2007-08-13 16:54 . 2009-12-21 19:08 594432 c:\windows\system32\msfeeds.dll
+ 2009-01-07 16:20 . 2009-01-07 17:20 265720 c:\windows\system32\msdbg2.dll
- 2009-01-07 16:20 . 2009-01-07 16:20 265720 c:\windows\system32\msdbg2.dll
+ 2001-10-25 12:00 . 2009-03-08 03:33 726528 c:\windows\system32\jscript.dll
+ 2002-09-20 16:03 . 2009-12-21 19:08 184320 c:\windows\system32\iepeers.dll
+ 2002-09-20 16:03 . 2009-12-21 19:08 387584 c:\windows\system32\iedkcs32.dll
+ 2001-10-25 12:00 . 2009-03-08 03:32 163840 c:\windows\system32\ieakui.dll
+ 2002-09-20 16:03 . 2009-03-08 03:33 229376 c:\windows\system32\ieaksie.dll
+ 2002-09-20 16:03 . 2009-03-08 03:33 125952 c:\windows\system32\ieakeng.dll
+ 2002-09-20 16:05 . 2009-12-21 13:18 173056 c:\windows\system32\ie4uinit.exe
+ 2002-09-20 16:03 . 2009-03-08 03:31 216064 c:\windows\system32\dxtrans.dll
+ 2002-09-20 16:03 . 2009-03-08 03:31 348160 c:\windows\system32\dxtmsft.dll
+ 2009-12-22 05:42 . 2009-12-21 19:08 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 03:34 . 2009-03-08 03:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2009-03-08 03:33 . 2009-03-08 03:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2007-12-18 14:43 . 2009-03-08 03:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2009-03-08 03:34 . 2009-03-08 03:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-03-08 03:34 . 2009-12-21 19:08 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-12-22 05:42 . 2009-03-08 03:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-12-22 05:42 . 2009-03-08 03:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2001-10-25 12:00 . 2009-03-08 03:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2001-10-25 12:00 . 2009-03-08 03:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-03-08 13:09 . 2009-03-08 13:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2009-12-22 05:42 . 2009-12-21 19:08 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 13:09 . 2009-12-21 19:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2001-10-25 12:00 . 2009-03-08 03:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2009-03-08 03:33 . 2009-03-08 03:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2009-03-08 03:33 . 2009-03-08 03:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-03-08 03:32 . 2009-12-21 13:18 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-12-22 05:42 . 2009-03-08 03:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-12-22 05:42 . 2009-03-08 03:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2002-09-20 16:03 . 2009-03-08 03:32 128512 c:\windows\system32\advpack.dll
+ 2010-03-20 16:02 . 2008-07-08 12:59 391032 c:\windows\ie8updates\KB978506-IE8\spuninst\updspapi.dll
+ 2010-03-20 16:02 . 2008-07-08 12:59 233848 c:\windows\ie8updates\KB978506-IE8\spuninst\spuninst.exe
+ 2010-03-20 16:02 . 2009-05-12 05:11 102912 c:\windows\ie8updates\KB978506-IE8\iecompat.dll
+ 2010-03-20 16:02 . 2009-10-29 07:43 916480 c:\windows\ie8updates\KB978207-IE8\wininet.dll
+ 2010-03-20 16:02 . 2009-05-26 11:40 391032 c:\windows\ie8updates\KB978207-IE8\spuninst\updspapi.dll
+ 2010-03-20 16:02 . 2008-07-08 12:59 233848 c:\windows\ie8updates\KB978207-IE8\spuninst\spuninst.exe
+ 2010-03-20 16:02 . 2009-10-29 07:43 206848 c:\windows\ie8updates\KB978207-IE8\occache.dll
+ 2010-03-20 16:02 . 2009-10-29 07:43 594432 c:\windows\ie8updates\KB978207-IE8\msfeeds.dll
+ 2010-03-20 16:02 . 2009-10-29 07:43 246272 c:\windows\ie8updates\KB978207-IE8\ieproxy.dll
+ 2010-03-20 16:02 . 2009-10-29 07:43 184320 c:\windows\ie8updates\KB978207-IE8\iepeers.dll
+ 2010-03-20 16:02 . 2009-10-29 07:43 387584 c:\windows\ie8updates\KB978207-IE8\iedkcs32.dll
+ 2010-03-20 16:02 . 2009-10-28 14:40 173056 c:\windows\ie8updates\KB978207-IE8\ie4uinit.exe
+ 2009-06-08 14:26 . 2009-12-22 05:42 663040 c:\windows\ie8\wininet.dll
+ 2009-06-08 14:26 . 2004-08-17 22:49 278528 c:\windows\ie8\webcheck.dll
+ 2009-06-08 14:26 . 2004-08-17 22:49 848384 c:\windows\ie8\vgx.dll
+ 2009-06-08 14:26 . 2007-12-18 14:43 417792 c:\windows\ie8\vbscript.dll
+ 2009-06-08 14:26 . 2009-12-22 05:42 625152 c:\windows\ie8\urlmon.dll
- 2009-06-08 14:28 . 2009-01-07 16:20 390688 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-06-08 14:28 . 2009-01-07 17:20 390688 c:\windows\ie8\spuninst\updspapi.dll
- 2009-06-08 14:28 . 2009-01-07 16:20 234016 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-06-08 14:28 . 2009-01-07 17:20 234016 c:\windows\ie8\spuninst\spuninst.exe
+ 2010-03-20 15:57 . 2009-12-22 05:42 532480 c:\windows\ie8\mstime.dll
+ 2010-03-20 15:57 . 2009-12-22 05:42 146432 c:\windows\ie8\msrating.dll
+ 2010-03-20 15:57 . 2001-10-25 12:00 146432 c:\windows\ie8\msls31.dll
+ 2010-03-20 15:57 . 2009-12-22 05:42 449024 c:\windows\ie8\mshtmled.dll
+ 2010-03-20 15:57 . 2009-08-21 06:52 450560 c:\windows\ie8\jscript.dll
+ 2010-03-20 15:57 . 2009-12-22 05:42 251392 c:\windows\ie8\iepeers.dll
+ 2010-03-20 15:57 . 2004-08-17 22:49 323584 c:\windows\ie8\iedkcs32.dll
+ 2010-03-20 15:57 . 2001-10-25 12:00 225280 c:\windows\ie8\ieakui.dll
+ 2010-03-20 15:57 . 2004-08-17 22:49 219136 c:\windows\ie8\ieaksie.dll
+ 2010-03-20 15:57 . 2004-08-17 22:49 139264 c:\windows\ie8\ieakeng.dll
+ 2010-03-20 15:57 . 2009-12-22 05:42 205312 c:\windows\ie8\dxtrans.dll
+ 2010-03-20 15:57 . 2009-12-22 05:42 357888 c:\windows\ie8\dxtmsft.dll
+ 2010-03-20 15:57 . 2004-08-17 22:49 100352 c:\windows\ie8\advpack.dll
+ 2006-08-31 06:55 . 2009-12-21 19:08 1208832 c:\windows\system32\urlmon.dll
+ 2002-09-20 16:04 . 2009-12-21 19:08 5942784 c:\windows\system32\mshtml.dll
- 2007-08-13 16:34 . 2009-10-29 07:43 1985536 c:\windows\system32\iertutil.dll
+ 2007-08-13 16:34 . 2009-12-21 19:08 1985536 c:\windows\system32\iertutil.dll
+ 2009-12-22 05:42 . 2009-12-21 19:08 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-12-22 05:42 . 2009-12-21 19:08 5942784 c:\windows\system32\dllcache\mshtml.dll
+ 2010-03-20 16:02 . 2009-10-29 07:43 1208832 c:\windows\ie8updates\KB978207-IE8\urlmon.dll
+ 2010-03-20 16:02 . 2009-10-29 07:43 5940736 c:\windows\ie8updates\KB978207-IE8\mshtml.dll
+ 2010-03-20 16:02 . 2009-10-29 07:43 1985536 c:\windows\ie8updates\KB978207-IE8\iertutil.dll
+ 2010-03-20 15:57 . 2009-12-22 05:42 3084800 c:\windows\ie8\mshtml.dll
+ 2007-08-13 16:54 . 2009-12-21 19:08 11070464 c:\windows\system32\ieframe.dll
+ 2010-03-20 16:02 . 2009-10-29 07:43 11069952 c:\windows\ie8updates\KB978207-IE8\ieframe.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-02-18 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-02-18 20:15 2349080 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-02-18 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-02-18 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM .exe -scheduler" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-04-23 3756032]
"nwiz"="nwiz.exe" [2004-04-23 831488]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-16 33792]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-04-23 46080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Milan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-5-30 393216]

c:\documents and settings\M ma\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-5-30 393216]

c:\documents and settings\Alpi\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 10:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.3.2010 10:13 95872]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 10:13 810120]
R2 k;k;c:\windows\system32\o.sys [19.3.2010 16:16 4736]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1.6.2008 8:13 34064]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [17.8.2005 23:00 7168]
S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [6.12.2008 13:31 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 14:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-03-20 c:\windows\Tasks\At10.job
- c:\windows\Fonts\L4u2ghX.com [2010-03-16 18:16]

2010-03-19 c:\windows\Tasks\At11.job
- c:\windows\Fonts\L4u2ghX.com [2010-03-16 18:16]

2010-03-19 c:\windows\Tasks\At12.job
- c:\windows\Fonts\L4u2ghX.com [2010-03-16 18:16]

2010-03-18 c:\windows\Tasks\At13.job
- c:\windows\Fonts\L4u2ghX.com [2010-03-16 18:16]

2010-03-20 c:\windows\Tasks\At14.job
- c:\windows\Fonts\L4u2ghX.com [2010-03-16 18:16]

2010-03-19 c:\windows\Tasks\At15.job
- c:\windows\Fonts\L4u2ghX.com [2010-03-16 18:16]

2010-03-19 c:\windows\Tasks\At16.job
- c:\windows\Fonts\L4u2ghX.com [2010-03-16 18:16]

2010-03-19 c:\windows\Tasks\At17.job
- c:\windows\Fonts\L4u2ghX.com [2010-03-16 18:16]

2010-03-19 c:\windows\Tasks\At18.job
- c:\windows\Fonts\L4u2ghX.com [2010-03-16 18:16]

2010-03-18 c:\windows\Tasks\At19.job
- c:\windows\Fonts\L4u2ghX.com [2010-03-16 18:16]

2010-03-19 c:\windows\Tasks\At20.job
- c:\windows\Fonts\L4u2ghX.com [2010-03-16 18:16]

2010-03-19 c:\windows\Tasks\At21.job
- c:\windows\Fonts\L4u2ghX.com [2010-03-16 18:16]

2010-03-19 c:\windows\Tasks\At22.job
- c:\windows\Fonts\L4u2ghX.com [2010-03-16 18:16]

2010-03-18 c:\windows\Tasks\At23.job
- c:\windows\Fonts\L4u2ghX.com [2010-03-16 18:16]

2010-03-18 c:\windows\Tasks\At24.job
- c:\windows\Fonts\L4u2ghX.com [2010-03-16 18:16]

2010-03-20 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SmartDraw 2009\Messages\SDNotify.exe [2009-01-22 05:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uInternet Settings,ProxyServer = 80.153.156.21:1080
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Alpi\Data aplikací\Mozilla\Firefox\Profiles\o53e31qp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - BS_Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://cs.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:cs:official
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=
FF - prefs.js: network.proxy.ftp - 200.31.42.3
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 200.31.42.3
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 200.31.42.3
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 200.31.42.3
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 200.31.42.3
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 17:26
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(18040)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
Celkový čas: 2010-03-20 17:30:32
ComboFix-quarantined-files.txt 2010-03-20 16:30
ComboFix2.txt 2010-03-20 11:32

Před spuštěním: 7 784 755 200
Po spuštění: 7 745 654 784

- - End Of File - - 48E469C002FA66D2BD10CF435D29E131

[alpi]

Rozhodl jsem se nahodit nejnovější IE (8) a už mi taky naskakují reklamy A to každých několik sekund ... to bude můj konec

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\o.sys
c:\windows\Fonts\L4u2ghX.com

RenV::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\ESET\ESET NOD32 Antivirus\egui .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2 .exe
c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg .exe

AtJob::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[alpi]

Pěkný večer, vykonáno dle Vašeho návodu:

ComboFix 10-03-19.08 - Alpi 20.03.2010 19:55:26.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.135 [GMT 1:00]
Spuštěný z: c:\documents and settings\Alpi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Alpi\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

file zipped: c:\windows\Fonts\L4u2ghX.com
file zipped: c:\windows\system32\o.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fonts\L4u2ghX.com
c:\windows\system32\o.sys
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At193.job
c:\windows\Tasks\At194.job
c:\windows\Tasks\At195.job
c:\windows\Tasks\At196.job
c:\windows\Tasks\At197.job
c:\windows\Tasks\At198.job
c:\windows\Tasks\At199.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At200.job
c:\windows\Tasks\At201.job
c:\windows\Tasks\At202.job
c:\windows\Tasks\At203.job
c:\windows\Tasks\At204.job
c:\windows\Tasks\At205.job
c:\windows\Tasks\At206.job
c:\windows\Tasks\At207.job
c:\windows\Tasks\At208.job
c:\windows\Tasks\At209.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At210.job
c:\windows\Tasks\At211.job
c:\windows\Tasks\At212.job
c:\windows\Tasks\At213.job
c:\windows\Tasks\At214.job
c:\windows\Tasks\At215.job
c:\windows\Tasks\At216.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_k
-------\Service_k


((((((((((((((((((((((((( Soubory vytvořené od 2010-02-20 do 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-20 15:53 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-20 15:53 . 2009-12-21 19:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-20 15:53 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-20 15:53 . 2009-12-21 19:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-20 15:53 . 2009-12-21 19:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-03-20 15:53 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-20 15:53 . 2009-12-21 19:08 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-03-20 08:19 . 2010-03-20 08:21 -------- d-----w- c:\program files\trend micro
2010-03-20 08:19 . 2010-03-20 08:19 -------- d-----w- C:\rsit
2010-03-20 08:06 . 2010-03-20 10:52 -------- d-----w- c:\program files\Trojan Remover
2010-03-19 19:05 . 2010-03-20 08:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-19 19:01 . 2010-03-20 08:16 -------- d-----w- c:\program files\Lark Anti-Spyware
2010-03-19 18:56 . 2010-03-19 18:56 389632 ----a-w- c:\windows\system32\CF30936.exe
2010-03-19 18:55 . 2010-03-19 18:55 389632 ----a-w- c:\windows\system32\CF30772.exe
2010-03-19 09:03 . 2010-03-19 09:53 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-03-19 08:55 . 2009-12-31 16:14 352640 -c----w- c:\windows\system32\dllcache\srv.sys
2010-03-19 08:54 . 2009-11-21 16:46 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-19 08:53 . 2009-12-09 10:28 2059904 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-03-19 08:53 . 2009-12-09 10:28 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-19 08:53 . 2005-07-26 04:42 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2010-03-19 08:53 . 2009-12-09 10:28 2182528 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-19 08:53 . 2009-03-06 14:47 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-03-19 08:53 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-03-19 08:53 . 2009-02-09 10:22 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-03-19 08:53 . 2009-02-09 10:22 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-03-19 08:52 . 2009-02-09 10:22 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-03-19 08:52 . 2009-02-09 10:11 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-03-19 08:52 . 2009-02-09 10:22 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-03-19 08:52 . 2009-02-09 10:22 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-03-19 08:52 . 2009-12-09 10:28 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-19 08:52 . 2009-06-21 22:07 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-03-19 08:51 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-19 08:49 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-03-19 08:49 . 2009-07-10 13:42 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-03-19 08:49 . 2008-04-11 18:51 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-03-19 08:47 . 2009-06-05 07:46 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-03-19 08:46 . 2008-04-21 21:28 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-03-18 12:15 . 2010-03-18 16:21 -------- d-----w- c:\windows\system32\wbem\Repository.001
2010-03-18 11:39 . 2004-08-02 13:20 4569 ------w- c:\windows\system32\secupd.dat
2010-03-18 09:03 . 2004-08-17 22:49 330240 ----a-w- c:\windows\system32\ipnathlp.dll
2010-03-18 09:03 . 2004-08-17 22:49 45568 ----a-w- c:\windows\system32\wbem\cmdevtgprov.dll
2010-03-18 09:03 . 2004-08-17 22:49 614912 ----a-w- c:\windows\system32\h323msp.dll
2010-03-18 08:59 . 2004-04-11 04:05 595968 -c----w- c:\windows\system32\dllcache\xpsp2res.dll
2010-03-18 08:51 . 2004-08-17 22:49 33792 ------w- c:\windows\system32\msgsvc.dll
2010-03-18 08:14 . 2004-08-17 22:49 12288 ----a-w- c:\windows\system32\mstinit.exe
2010-03-18 08:14 . 2004-08-17 22:49 190976 ------w- c:\windows\system32\schedsvc.dll
2010-03-18 08:14 . 2004-08-17 22:49 275968 ----a-w- c:\windows\system32\mstask.dll
2010-03-18 08:12 . 2004-09-01 22:27 209280 -c--a-w- c:\windows\system32\dllcache\update.sys
2010-03-18 08:12 . 2004-08-17 22:49 1083904 ----a-w- c:\windows\system32\esent.dll
2010-03-18 07:54 . 2009-08-25 09:49 352256 ----a-w- c:\windows\system32\winhttp.dll
2010-03-18 07:54 . 2004-08-17 22:49 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2010-03-18 07:28 . 2001-10-25 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-03-18 07:27 . 2001-10-25 12:00 20992 -c--a-w- c:\windows\system32\dllcache\permchk.dll
2010-03-18 07:26 . 2001-10-25 12:00 31744 -c--a-w- c:\windows\system32\dllcache\fxsroute.dll
2010-03-18 07:23 . 2001-10-25 12:00 28160 -c--a-w- c:\windows\system32\dllcache\msoobe.exe
2010-03-18 07:18 . 2004-08-04 06:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-03-18 07:18 . 2004-08-04 06:07 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-03-18 07:16 . 2004-08-04 05:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-03-18 07:16 . 2004-08-04 06:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-03-18 07:16 . 2004-08-17 22:43 58240 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-03-18 07:16 . 2004-08-04 05:31 20992 ----a-w- c:\windows\system32\drivers\rtl8139.sys
2010-03-18 07:15 . 2004-08-17 22:49 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-03-18 07:15 . 2004-08-04 06:01 196864 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-03-16 18:15 . 2010-03-16 18:15 -------- d-----w- c:\program files\ESET
2010-03-14 22:42 . 2010-03-14 22:42 -------- d-----w- c:\program files\Common Files\ABBYY
2010-03-14 22:34 . 2008-05-16 04:51 -------- d-----w- C:\FR90PE_VOL
2010-03-14 12:55 . 2010-03-14 13:06 -------- d-----w- c:\program files\ABBYY FineReader 7.0 Professional Edition
2010-03-14 12:53 . 2010-03-14 12:53 -------- d-----w- C:\FR70PRO
2010-03-09 09:13 . 2010-03-09 09:13 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-03-09 09:13 . 2010-03-09 09:13 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-09 09:11 . 2010-03-09 09:11 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-02-28 11:12 . 2008-07-31 09:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-02-28 11:11 . 2010-02-28 11:11 -------- d-----w- c:\windows\Logs
2010-02-27 16:00 . 2010-02-27 16:01 -------- d-----w- c:\program files\RapidDown

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 13:19 . 2001-10-25 12:00 78030 ----a-w- c:\windows\system32\perfc005.dat
2010-03-19 13:19 . 2001-10-25 12:00 429018 ----a-w- c:\windows\system32\perfh005.dat
2010-03-18 16:32 . 2008-10-01 12:58 -------- d-----w- c:\program files\Spyware Terminator
2010-03-18 07:25 . 2010-03-18 07:25 2678 ----a-w- c:\windows\java\Packages\Data\DVPV7D7D.DAT
2010-03-18 07:25 . 2010-03-18 07:25 2678 ----a-w- c:\windows\java\Packages\Data\ZBFPZFRN.DAT
2010-03-18 07:25 . 2010-03-18 07:25 2678 ----a-w- c:\windows\java\Packages\Data\V1BVLFXR.DAT
2010-03-18 07:25 . 2010-03-18 07:25 2678 ----a-w- c:\windows\java\Packages\Data\EPNDFTJP.DAT
2010-03-18 07:25 . 2010-03-18 07:25 2678 ----a-w- c:\windows\java\Packages\Data\CU4VRLZJ.DAT
2010-03-18 07:22 . 2008-10-01 12:24 22900 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-14 22:45 . 2009-02-27 13:59 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2010-02-13 15:56 . 2008-10-05 06:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-13 15:54 . 2010-02-13 15:54 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-02-04 22:21 . 2009-01-30 14:40 -------- d-----w- c:\program files\Postal2STP
2010-02-04 09:01 . 2010-02-28 11:13 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 09:01 . 2010-02-28 11:13 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 09:01 . 2010-02-28 11:13 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 09:01 . 2010-02-28 11:13 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-01-29 09:44 . 2010-01-29 09:44 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-29 09:41 . 2010-01-29 09:41 -------- d-----r- c:\program files\Skype
2010-01-29 09:41 . 2010-01-29 09:41 -------- d-----w- c:\program files\Common Files\Skype
2009-12-31 16:14 . 2001-10-25 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2006-06-23 12:27 916480 ------w- c:\windows\system32\wininet.dll
.

Kód: Vybrat vše

<pre>
c:\program files\ESET\ESET NOD32 Antivirus\egui .exe
c:\program files\Messenger\msmsgs .exe
</pre>

------- Sigcheck -------

[-] 2008-04-14 . 278A14BEDEF58687EAF8BEC056A78D8B . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\wscntfy.exe
[-] 2008-04-14 . 278A14BEDEF58687EAF8BEC056A78D8B . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[7] 2004-08-17 . 93F75FF033BAA186D08115D73BFE3D32 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[7] 2004-08-17 . 93F75FF033BAA186D08115D73BFE3D32 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\wscntfy.exe

[-] 2008-04-14 . EAA4BB9EDB3FB10CF8979FE65E63658F . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\xmlprov.dll
[-] 2008-04-14 . EAA4BB9EDB3FB10CF8979FE65E63658F . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[7] 2004-08-17 . 9B835D4C64860B155A1701D5092EC9E4 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[7] 2004-08-17 . 9B835D4C64860B155A1701D5092EC9E4 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\xmlprov.dll

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\ip6fw.sys
.
((((((((((((((((((((((((((((( SnapShot_2010-03-20_16.27.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-18 17:46 . 2002-12-11 22:14 46592 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-02-18 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-02-18 20:15 2349080 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-02-18 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-02-18 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM .exe -scheduler" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-04-23 3756032]
"nwiz"="nwiz.exe" [2004-04-23 831488]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-16 33792]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-04-23 46080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Milan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-5-30 393216]

c:\documents and settings\M ma\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-5-30 393216]

c:\documents and settings\Alpi\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 10:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.3.2010 10:13 95872]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 10:13 810120]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1.6.2008 8:13 34064]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [17.8.2005 23:00 7168]
S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [6.12.2008 13:31 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 14:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-03-20 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SmartDraw 2009\Messages\SDNotify.exe [2009-01-22 05:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uInternet Settings,ProxyServer = 80.153.156.21:1080
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Alpi\Data aplikací\Mozilla\Firefox\Profiles\o53e31qp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - BS_Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://cs.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:cs:official
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=
FF - prefs.js: network.proxy.ftp - 200.31.42.3
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 200.31.42.3
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 200.31.42.3
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 200.31.42.3
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 200.31.42.3
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 20:05
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3372)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\msi.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\documents and settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM .exe
c:\program files\ESET\ESET NOD32 Antivirus\egui .exe
c:\docume~1\Alpi\LOCALS~1\Temp\hki165.exe
c:\documents and settings\All Users\Data aplikací\O6FcLkNi.exe
c:\documents and settings\All Users\Data aplikací\O6FcLkNi.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Celkový čas: 2010-03-20 20:10:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-20 19:10
ComboFix2.txt 2010-03-20 16:30
ComboFix3.txt 2010-03-20 11:32

Před spuštěním: 7 763 447 808
Po spuštění: 7 648 014 336

- - End Of File - - 43AA85497539DC63151AC2915F5B0FB1

[Rudy]

Vše smazáno. Ještě vykoušejte funkce antiviru NOD. Pokud by něco nefungovalo, přeinstalujte.

[alpi]

Dobrý den,
velmi se omlouvám, že znovu obtěžuji. Zpomalení PC se již nekoná, samovolně se ale otevírá okno IE s odkazem "http://ad.yieldmanager.com/support/click_error.html"

[Rudy]

Smažte cache a historii prohlížeče.