Win32/Lukicsel.G

[jasanek]

Co prosím s tímto:

V operační paměti nalezen trojský kůň Win32/Lukicsel.G ! Tento soubor může být smazán. Před zahájením akce se ujistěte, že máte zálohu důležitých dat. Nelze vykonat žádnou akci na infekci v paměti. Klikněte na tlačítko Ponechat a spusťte léčení všech pevných disků počítače. Operační paměť byla infikována ze souboru C:\WINDOWS\system32\kbupdate.dll.

Děkuji.

[Caroprd111]

Zdravím

Dejte log z RSIT http://www.viry.cz/forum/viewtopic.php?f=13&t=82743

[Ostapulos]

Mam uplne stejny problem s Lukicsel.G, log z RSIT uvadim nize, prosim o kontrolu:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Lenka at 2010-03-31 20:25:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (27%) free of 29 GB
Total RAM: 1526 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:50, on 31.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\Lenka\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Eset\nod32.exe
C:\Documents and Settings\Lenka\Plocha\RSIT.exe
C:\Program Files\trend micro\Lenka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://online.marykay.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: kbupdate - C:\WINDOWS\SYSTEM32\kbupdate.dll
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8789 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-14 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-02-22 106496]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"LaunchApp"=Alaunch []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-28 16248320]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-12-21 53248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761946]
"ADMTray.exe"=C:\Acer\Empowering Technology\admtray.exe [2005-10-24 2462208]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2005-12-27 69632]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-18 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-08-10 352256]
"Acer ePower Management"=C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe [2006-05-22 3080704]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-07-20 593920]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2006-01-24 397312]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe [2003-03-26 172032]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-02-22 921600]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2002-12-17 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -minimize []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2006-05-15 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-09-03 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-14 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2002-09-25 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kbupdate]
C:\WINDOWS\system32\kbupdate.dll [2010-03-23 46592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Program Files\DC++\StrongDC.exe"="C:\Program Files\DC++\StrongDC.exe:*:Enabled:StrongDC++"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc69b066-ec67-11dc-9aea-0050fca7eb44}]
shell\Auto\command - tel.xls.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe


======List of files/folders created in the last 1 months======

2010-03-31 20:25:44 ----D---- C:\rsit
2010-03-31 20:25:44 ----D---- C:\Program Files\trend micro
2010-03-23 22:49:18 ----A---- C:\WINDOWS\system32\kbsnd32.dll
2010-03-23 22:49:18 ----A---- C:\WINDOWS\system32\kbddta.dll
2010-03-23 22:49:18 ----A---- C:\WINDOWS\system32\kbdatat4.dll
2010-03-23 22:49:17 ----A---- C:\WINDOWS\system32\kbupdate.dll
2010-03-23 22:49:16 ----A---- C:\WINDOWS\system32\crt4.dll
2010-03-21 10:16:14 ----D---- C:\filmy
2010-03-11 23:09:22 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-11 07:21:03 ----HD---- C:\WINDOWS\$NtUninstallKB975561$

======List of files/folders modified in the last 1 months======

2010-03-31 20:20:32 ----A---- C:\WINDOWS\system32\eRLog.ini
2010-03-31 20:19:54 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2010-03-30 23:10:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-28 23:25:24 ----A---- C:\WINDOWS\wincmd.ini
2010-03-21 10:07:42 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2007-01-17 82380]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-10-31 45312]
R3 Cam5603D;Acer OrbiCam; C:\WINDOWS\System32\Drivers\BisonCam.sys [2006-06-30 775936]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-06-16 61056]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-06-16 40064]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-06-16 74752]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-24 218496]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 ND;ND; \??\C:\WINDOWS\system32\drivers\nd.sys []
R3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2005-09-13 4392]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-08-28 6144]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192672]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\adusbser.sys [2006-10-23 93440]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2003-01-29 6841]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-05-02 9600]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2005-10-31 46080]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-27 1427968]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\admServ.exe [2005-10-24 1314816]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-14 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-18 49152]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-02-22 507904]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-10-12 604416]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-10-12 361216]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[jasanek]

Nechtělo by to vlastní téma?

Log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by admin at 2010-03-31 20:39:32
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 14 GB (28%) free of 50 GB
Total RAM: 1535 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:49, on 31.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gKbStatus.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Java\jre1.6.0_01\launch4j-tmp\frd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\admin\Plocha\RSIT.exe
C:\Program Files\trend micro\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FreeRapid 0.83u1.lnk = C:\Documents and Settings\admin\Plocha\mash\FreeRapid\frd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B6D6DB2-1911-4A41-B8D3-9B75806F2EA5}: NameServer = 192.168.5.1
O20 - Winlogon Notify: kbupdate - C:\WINDOWS\SYSTEM32\kbupdate.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 4022 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2010-03-22 949376]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2002-07-23 477184]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-11 61440]
"ioCentre"=C:\Genius\ioCentre\gTaskBar.exe [2007-12-17 61440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2007-11-13 2585360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2005-12-10 133016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
C:\WINDOWS\FixCamera.exe [2007-07-11 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
C:\WINDOWS\system32\nvraidservice.exe [2004-06-11 83968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
C:\WINDOWS\vsnp2std.exe [2007-09-28 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
C:\WINDOWS\tsnp2std.exe [2007-05-12 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
C:\WINDOWS\tsnpstd3.exe [2005-12-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2006-06-21 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-02-16 384512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ScanPanel.lnk]
C:\SCANPA~1\ScnPanel.exe [2002-05-09 1941504]

C:\Documents and Settings\admin\Nabídka Start\Programy\Po spuštění
FreeRapid 0.83u1.lnk - C:\Documents and Settings\admin\Plocha\mash\FreeRapid\frd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kbupdate]
C:\WINDOWS\system32\kbupdate.dll [2010-03-24 46592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Totalcmd\TOTALCMD.EXE"="C:\Program Files\Totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\GetWare\WebCam Live\WebCam.exe"="C:\Program Files\GetWare\WebCam Live\WebCam.exe:*:Enabled:WebCam Live"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ba16fef-35f9-11df-b2a5-806d6172696f}]
shell\AutoRun\command - J:\atisetup.exe
shell\launch\command - J:\atisetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ba16ff0-35f9-11df-b2a5-806d6172696f}]
shell\AutoRun\command - K:\Setup.exe


======List of files/folders created in the last 1 months======

2010-03-31 20:39:33 ----D---- C:\Program Files\trend micro
2010-03-31 20:39:32 ----D---- C:\rsit
2010-03-31 15:17:43 ----D---- C:\Documents and Settings\admin\Data aplikací\Google
2010-03-31 15:14:26 ----D---- C:\Program Files\Google
2010-03-29 16:53:14 ----D---- C:\games
2010-03-29 16:36:40 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-03-29 16:36:37 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-03-29 16:35:16 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-03-29 16:34:26 ----D---- C:\Genius
2010-03-29 15:59:12 ----D---- C:\Documents and Settings\admin\Data aplikací\OpenOffice.org
2010-03-29 15:56:38 ----D---- C:\Program Files\OpenOffice.org 3
2010-03-28 21:09:25 ----D---- C:\Program Files\ImTOO
2010-03-28 20:55:13 ----D---- C:\Program Files\FLVPlayer
2010-03-27 17:30:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2010-03-27 17:28:18 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2010-03-27 17:27:39 ----D---- C:\Program Files\ATI Technologies
2010-03-27 17:26:49 ----D---- C:\ATI
2010-03-27 17:23:09 ----A---- C:\WINDOWS\WININIT.INI
2010-03-27 01:01:14 ----A---- C:\WINDOWS\Instit.ini
2010-03-27 01:01:14 ----A---- C:\WINDOWS\InstIt.exe
2010-03-27 01:01:13 ----A---- C:\WINDOWS\mHotkey.exe
2010-03-27 01:01:12 ----A---- C:\WINDOWS\HKNTDLL.dll
2010-03-26 20:05:38 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2010-03-26 19:53:13 ----D---- C:\Program Files\Sierra
2010-03-26 19:49:50 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2010-03-26 19:49:49 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2010-03-26 19:49:49 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2010-03-26 19:49:43 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-03-26 19:49:42 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2010-03-26 19:49:42 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2010-03-26 19:49:42 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2010-03-26 19:49:41 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2010-03-26 19:49:41 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2010-03-26 19:49:41 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2010-03-26 19:49:41 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2010-03-26 19:49:40 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2010-03-26 19:49:40 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2010-03-26 19:14:59 ----D---- C:\Program Files\Capitalism II
2010-03-26 19:12:11 ----D---- C:\Program Files\DaemonTools_WhenUSaveNow_Installer
2010-03-26 15:48:58 ----D---- C:\Documents and Settings\admin\Data aplikací\GetWare
2010-03-25 22:02:54 ----D---- C:\Documents and Settings\admin\Data aplikací\ATI
2010-03-25 21:51:59 ----D---- C:\WINDOWS\Minidump
2010-03-25 15:52:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Hagel Technologies
2010-03-25 15:52:15 ----D---- C:\Program Files\DU Meter
2010-03-24 22:22:03 ----D---- C:\WINDOWS\system32\appmgmt
2010-03-24 22:21:43 ----D---- C:\WINDOWS\SxsCaPendDel
2010-03-24 19:05:37 ----D---- C:\Documents and Settings\admin\Data aplikací\WinRAR
2010-03-24 19:05:16 ----D---- C:\Program Files\WinRAR
2010-03-24 16:11:18 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-24 08:58:31 ----A---- C:\WINDOWS\system32\kbupdate.dll
2010-03-24 08:58:31 ----A---- C:\WINDOWS\system32\kbsnd32.dll
2010-03-24 08:58:31 ----A---- C:\WINDOWS\system32\kbddta.dll
2010-03-24 08:58:31 ----A---- C:\WINDOWS\system32\kbdatat4.dll
2010-03-24 08:58:31 ----A---- C:\WINDOWS\system32\crt4.dll
2010-03-24 08:58:21 ----D---- C:\WINDOWS\Sun
2010-03-23 21:48:48 ----D---- C:\Documents and Settings\admin\Data aplikací\VitySoft
2010-03-23 20:06:14 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-03-23 16:15:25 ----D---- C:\WINDOWS\system32\Lang
2010-03-23 16:10:40 ----A---- C:\WINDOWS\MyHeritage.INI
2010-03-23 16:10:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\MyHeritage
2010-03-23 16:10:23 ----D---- C:\Documents and Settings\admin\Data aplikací\MyHeritage
2010-03-23 16:07:14 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll
2010-03-23 16:07:12 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL
2010-03-23 16:07:11 ----D---- C:\Program Files\PDFCreator
2010-03-23 16:01:36 ----D---- C:\Documents and Settings\admin\Data aplikací\Macromedia
2010-03-23 16:01:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2010-03-23 15:43:54 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-03-22 23:35:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Farm Frenzy
2010-03-22 23:35:11 ----A---- C:\WINDOWS\system32\h323log.txt
2010-03-22 23:33:32 ----A---- C:\WINDOWS\system32\wshirda.dll
2010-03-22 23:33:32 ----A---- C:\WINDOWS\system32\irmon.dll
2010-03-22 23:33:32 ----A---- C:\WINDOWS\system32\irftp.exe
2010-03-22 23:33:07 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-03-22 23:32:21 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2010-03-22 23:32:21 ----A---- C:\WINDOWS\system32\ati3duag.dll
2010-03-22 23:32:21 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2010-03-22 23:32:20 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2010-03-22 23:32:20 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2010-03-22 23:32:02 ----A---- C:\WINDOWS\system32\usbui.dll
2010-03-22 23:30:41 ----A---- C:\WINDOWS\imsins.BAK
2010-03-22 23:30:37 ----SHD---- C:\WINDOWS\Installer
2010-03-22 23:30:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-22 23:30:36 ----D---- C:\Program Files\Common Files\ODBC
2010-03-22 23:30:36 ----A---- C:\WINDOWS\ODBCINST.INI
2010-03-22 23:30:33 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-03-22 23:30:32 ----RD---- C:\Program Files
2010-03-22 23:30:32 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-22 23:30:32 ----D---- C:\Program Files\Common Files
2010-03-22 23:30:28 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-03-22 23:30:28 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-03-22 23:30:28 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-03-22 23:30:26 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-03-22 23:30:26 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-03-22 23:30:26 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-03-22 23:30:26 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-03-22 23:30:26 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-03-22 23:30:26 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-03-22 23:30:26 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-03-22 23:30:25 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-03-22 23:30:25 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-03-22 23:30:25 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-03-22 23:30:25 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-03-22 23:30:25 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-03-22 23:30:23 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-03-22 23:30:23 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-03-22 23:30:23 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-03-22 23:30:23 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-03-22 23:30:23 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-03-22 23:30:23 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-03-22 23:30:23 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-03-22 23:30:21 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-03-22 23:30:21 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-03-22 23:30:21 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-03-22 23:30:21 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-03-22 23:30:21 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\kbdycl.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\kbdsl.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\kbdro.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\kbdpl.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\kbdhu.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\kbdcr.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2010-03-22 23:30:15 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-03-22 23:30:15 ----A---- C:\WINDOWS\system32\irclass.dll
2010-03-22 23:30:15 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-03-22 23:30:15 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-03-22 23:30:14 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-03-22 23:30:12 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-03-22 23:30:12 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-03-22 23:30:12 ----A---- C:\WINDOWS\system32\batt.dll
2010-03-22 23:30:11 ----A---- C:\WINDOWS\NOTEPAD.EXE
2010-03-22 23:30:10 ----A---- C:\WINDOWS\system32\storprop.dll
2010-03-22 23:30:03 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-03-22 23:29:58 ----RA---- C:\WINDOWS\SET8.tmp
2010-03-22 23:29:56 ----RA---- C:\WINDOWS\SET4.tmp
2010-03-22 23:29:54 ----RA---- C:\WINDOWS\SET3.tmp
2010-03-22 23:29:50 ----D---- C:\Documents and Settings\admin\Data aplikací\Adobe
2010-03-22 23:29:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-22 23:29:49 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-22 23:29:43 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-03-22 23:29:26 ----A---- C:\WINDOWS\setuplog.txt
2010-03-22 23:29:20 ----D---- C:\Documents and Settings
2010-03-22 23:29:19 ----SHD---- C:\System Volume Information
2010-03-22 23:28:38 ----SH---- C:\boot.ini
2010-03-22 23:24:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-22 23:24:42 ----RSD---- C:\WINDOWS\Fonts
2010-03-22 23:24:42 ----RD---- C:\WINDOWS\Web
2010-03-22 23:24:42 ----HD---- C:\WINDOWS\inf
2010-03-22 23:24:42 ----D---- C:\WINDOWS\WinSxS
2010-03-22 23:24:42 ----D---- C:\WINDOWS\twain_32
2010-03-22 23:24:42 ----D---- C:\WINDOWS\Temp
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\wins
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\wbem
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\usmt
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\spool
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\ShellExt
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\Setup
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\ras
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\oobe
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\npp
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\mui
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\inetsrv
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\IME
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\icsxml
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\ias
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\export
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\drivers
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\dhcp
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\config
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\3com_dmi
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\3076
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\2052
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\1054
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\1042
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\1041
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\1037
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\1033
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\1031
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\1029
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\1028
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\1025
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system
2010-03-22 23:24:42 ----D---- C:\WINDOWS\security
2010-03-22 23:24:42 ----D---- C:\WINDOWS\Resources
2010-03-22 23:24:42 ----D---- C:\WINDOWS\repair
2010-03-22 23:24:42 ----D---- C:\WINDOWS\Provisioning
2010-03-22 23:24:42 ----D---- C:\WINDOWS\pchealth
2010-03-22 23:24:42 ----D---- C:\WINDOWS\PeerNet
2010-03-22 23:24:42 ----D---- C:\WINDOWS\mui
2010-03-22 23:24:42 ----D---- C:\WINDOWS\msapps
2010-03-22 23:24:42 ----D---- C:\WINDOWS\msagent
2010-03-22 23:24:42 ----D---- C:\WINDOWS\Media
2010-03-22 23:24:42 ----D---- C:\WINDOWS\java
2010-03-22 23:24:42 ----D---- C:\WINDOWS\ime
2010-03-22 23:24:42 ----D---- C:\WINDOWS\Help
2010-03-22 23:24:42 ----D---- C:\WINDOWS\ehome
2010-03-22 23:24:42 ----D---- C:\WINDOWS\Driver Cache
2010-03-22 23:24:42 ----D---- C:\WINDOWS\Debug
2010-03-22 23:24:42 ----D---- C:\WINDOWS\Cursors
2010-03-22 23:24:42 ----D---- C:\WINDOWS\Connection Wizard
2010-03-22 23:24:42 ----D---- C:\WINDOWS\Config
2010-03-22 23:24:42 ----D---- C:\WINDOWS\AppPatch
2010-03-22 23:24:42 ----D---- C:\WINDOWS\addins
2010-03-22 23:24:42 ----D---- C:\WINDOWS
2010-03-22 23:22:19 ----N---- C:\WINDOWS\vsnpstd3.exe
2010-03-22 23:22:19 ----N---- C:\WINDOWS\tsnpstd3.exe
2010-03-22 23:22:19 ----N---- C:\WINDOWS\snpstd3.ini
2010-03-22 23:22:16 ----N---- C:\WINDOWS\usnpstd3.exe
2010-03-22 23:22:16 ----N---- C:\WINDOWS\system32\vsnpstd3.dll
2010-03-22 23:22:16 ----N---- C:\WINDOWS\system32\rsnpstd3.dll
2010-03-22 23:22:16 ----N---- C:\WINDOWS\system32\csnpstd3.dll
2010-03-22 23:22:15 ----D---- C:\Program Files\Common Files\snpstd3
2010-03-22 23:20:48 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2010-03-22 23:20:11 ----A---- C:\WINDOWS\FixCamera.exe
2010-03-22 23:20:11 ----A---- C:\WINDOWS\amcap.exe
2010-03-22 23:20:10 ----A---- C:\WINDOWS\WindowsXP-KB822603-x86.exe
2010-03-22 23:20:09 ----A---- C:\WINDOWS\vsnp2std.exe
2010-03-22 23:20:09 ----A---- C:\WINDOWS\tsnp2std.exe
2010-03-22 23:20:09 ----A---- C:\WINDOWS\snp2std.ini
2010-03-22 23:20:05 ----D---- C:\Program Files\Common Files\snp2std
2010-03-22 23:20:05 ----A---- C:\WINDOWS\system32\vsnp2std.dll
2010-03-22 23:20:05 ----A---- C:\WINDOWS\system32\rsnp2std.dll
2010-03-22 23:20:05 ----A---- C:\WINDOWS\system32\csnp2std.dll
2010-03-22 23:19:47 ----D---- C:\Documents and Settings\admin\Data aplikací\InstallShield
2010-03-22 23:17:56 ----D---- C:\Program Files\Vi-Soft
2010-03-22 23:15:25 ----D---- C:\Program Files\Koch Media
2010-03-22 23:11:17 ----D---- C:\Documents and Settings\admin\Data aplikací\Talkback
2010-03-22 23:11:07 ----D---- C:\Documents and Settings\admin\Data aplikací\Thunderbird
2010-03-22 23:10:34 ----D---- C:\Documents and Settings\admin\Data aplikací\Mozilla
2010-03-22 23:10:07 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2010-03-22 23:07:38 ----RSD---- C:\WINDOWS\assembly
2010-03-22 23:07:38 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-22 23:07:37 ----D---- C:\WINDOWS\system32\URTTemp
2010-03-22 23:03:35 ----D---- C:\Program Files\DAEMON Tools
2010-03-22 23:01:51 ----D---- C:\My Documents
2010-03-22 23:01:42 ----A---- C:\WINDOWS\hpbafd.ini
2010-03-22 23:01:24 ----N---- C:\WINDOWS\system32\hppapts0.dll
2010-03-22 23:01:24 ----N---- C:\WINDOWS\system32\hppapml0.exe
2010-03-22 23:01:24 ----N---- C:\WINDOWS\system32\hppapml0.dll
2010-03-22 23:01:24 ----N---- C:\WINDOWS\system32\hppanet0.exe
2010-03-22 23:01:24 ----N---- C:\WINDOWS\system32\hppadt40.dll
2010-03-22 23:01:21 ----N---- C:\WINDOWS\system32\roboex32.dll
2010-03-22 23:01:21 ----N---- C:\WINDOWS\system32\hppamon0.dll
2010-03-22 23:01:21 ----N---- C:\WINDOWS\system32\hpdcmon.dll
2010-03-22 23:00:53 ----D---- C:\Program Files\Hewlett-Packard
2010-03-22 23:00:41 ----D---- C:\Program Files\GetWare
2010-03-22 23:00:34 ----A---- C:\WINDOWS\IsUn0405.exe
2010-03-22 22:59:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-03-22 22:59:09 ----D---- C:\Program Files\JPEG Resampler
2010-03-22 22:59:08 ----D---- C:\Program Files\Common Files\Adobe
2010-03-22 22:59:08 ----D---- C:\Program Files\Adobe
2010-03-22 22:58:26 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-22 22:58:26 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-22 22:58:26 ----A---- C:\WINDOWS\system32\java.exe
2010-03-22 22:58:03 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2010-03-22 22:58:00 ----N---- C:\WINDOWS\system32\TwnLib4.dll
2010-03-22 22:58:00 ----N---- C:\WINDOWS\system32\ImagXRA7.dll
2010-03-22 22:58:00 ----N---- C:\WINDOWS\system32\ImagXR7.dll
2010-03-22 22:57:59 ----N---- C:\WINDOWS\system32\ImagXpr7.dll
2010-03-22 22:57:59 ----N---- C:\WINDOWS\system32\ImagX7.dll
2010-03-22 22:57:59 ----D---- C:\Program Files\Java
2010-03-22 22:57:57 ----N---- C:\WINDOWS\system32\picn20.dll
2010-03-22 22:57:57 ----D---- C:\Program Files\Common Files\Java
2010-03-22 22:57:49 ----D---- C:\Program Files\Common Files\Ahead
2010-03-22 22:57:49 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2010-03-22 22:57:44 ----D---- C:\Program Files\Ahead
2010-03-22 22:57:43 ----D---- C:\Documents and Settings\admin\Data aplikací\Sun
2010-03-22 22:57:21 ----D---- C:\Program Files\OpenTTD
2010-03-22 22:57:08 ----D---- C:\Program Files\TTDX
2010-03-22 22:56:44 ----D---- C:\Program Files\Dir2Mht
2010-03-22 22:56:22 ----RA---- C:\WINDOWS\system32\nvuide.exe
2010-03-22 22:56:22 ----RA---- C:\WINDOWS\system32\NvRaidWizardEnu.dll
2010-03-22 22:56:22 ----RA---- C:\WINDOWS\system32\NvRaidSvEnu.dll
2010-03-22 22:56:22 ----RA---- C:\WINDOWS\system32\nvraidservice.exe
2010-03-22 22:56:22 ----RA---- C:\WINDOWS\system32\NvRaidEnu.dll
2010-03-22 22:56:21 ----RA---- C:\WINDOWS\system32\NvRaidWizard.dll
2010-03-22 22:56:21 ----RA---- C:\WINDOWS\system32\NvRaidMan.exe
2010-03-22 22:56:18 ----A---- C:\WINDOWS\system32\nvraidco.dll
2010-03-22 22:56:11 ----RA---- C:\WINDOWS\system32\idecoi.dll
2010-03-22 22:55:32 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-03-22 22:55:32 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-03-22 22:55:32 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2010-03-22 22:55:32 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2010-03-22 22:55:32 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-03-22 22:55:32 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2010-03-22 22:55:31 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-03-22 22:55:31 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-03-22 22:55:31 ----N---- C:\WINDOWS\system32\px.dll
2010-03-22 22:55:13 ----D---- C:\Program Files\Winamp
2010-03-22 22:55:12 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-03-22 22:55:09 ----D---- C:\Program Files\Realtek Sound Manager
2010-03-22 22:55:07 ----N---- C:\WINDOWS\avrack.ini
2010-03-22 22:55:07 ----D---- C:\Program Files\AvRack
2010-03-22 22:55:01 ----A---- C:\WINDOWS\system32\RTLCPAPI.dll
2010-03-22 22:55:01 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2010-03-22 22:55:00 ----N---- C:\WINDOWS\system32\ChCfg.exe
2010-03-22 22:54:57 ----A---- C:\WINDOWS\system32\RTLCPL.EXE
2010-03-22 22:54:50 ----N---- C:\WINDOWS\alcupd.exe
2010-03-22 22:54:50 ----N---- C:\WINDOWS\alcrmv.exe
2010-03-22 22:54:23 ----D---- C:\Program Files\AMD
2010-03-22 22:53:54 ----A---- C:\WINDOWS\system32\imon.dll
2010-03-22 22:53:09 ----D---- C:\Program Files\ESET
2010-03-22 22:52:47 ----D---- C:\WINDOWS\pss
2010-03-22 22:51:28 ----RA---- C:\WINDOWS\system32\fdco1.dll
2010-03-22 22:51:24 ----RA---- C:\WINDOWS\system32\nvconrm.dll
2010-03-22 22:51:24 ----RA---- C:\WINDOWS\system32\bdco1.dll
2010-03-22 22:51:24 ----A---- C:\WINDOWS\system32\nvunrm.exe
2010-03-22 22:51:22 ----RA---- C:\WINDOWS\system32\nvusmb.exe
2010-03-22 22:51:22 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2010-03-22 22:51:17 ----A---- C:\WINDOWS\system32\nvugart.exe
2010-03-22 22:51:17 ----A---- C:\WINDOWS\ScnPanel.ini
2010-03-22 22:51:17 ----A---- C:\WINDOWS\Ausba5.ini
2010-03-22 22:51:17 ----A---- C:\WINDOWS\AstraPro.ini
2010-03-22 22:51:16 ----A---- C:\WINDOWS\system32\Remove4010.exe
2010-03-22 22:51:14 ----RA---- C:\WINDOWS\system32\NVCOG.DLL
2010-03-22 22:51:14 ----D---- C:\Program Files\Mozilla Thunderbird
2010-03-22 22:51:06 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-22 22:50:46 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-22 22:50:43 ----RA---- C:\WINDOWS\system32\ProMicro.dll
2010-03-22 22:50:43 ----D---- C:\ScanPanel
2010-03-22 22:50:42 ----RA---- C:\WINDOWS\GetKey5.dll
2010-03-22 22:50:42 ----N---- C:\WINDOWS\Ausba5.dll
2010-03-22 22:50:41 ----RA---- C:\WINDOWS\A5.dll
2010-03-22 22:50:39 ----D---- C:\Program Files\Mozilla Firefox
2010-03-22 22:50:34 ----N---- C:\WINDOWS\AstraPro305.ini
2010-03-22 22:50:28 ----D---- C:\Program Files\Common Files\InstallShield
2010-03-22 22:47:10 ----A---- C:\WINDOWS\WINCMD.INI
2010-03-22 22:46:17 ----SHD---- C:\RECYCLER
2010-03-22 22:45:43 ----D---- C:\Documents and Settings\admin\Data aplikací\Identities
2010-03-22 22:45:42 ----HD---- C:\Program Files\Uninstall Information
2010-03-22 22:45:36 ----SD---- C:\Documents and Settings\admin\Data aplikací\Microsoft
2010-03-22 22:45:36 ----ASH---- C:\Documents and Settings\admin\Data aplikací\desktop.ini
2010-03-22 22:44:45 ----D---- C:\WINDOWS\SoftwareDistribution
2010-03-22 22:44:42 ----D---- C:\WINDOWS\Prefetch
2010-03-22 22:44:41 ----SD---- C:\WINDOWS\system32\Microsoft
2010-03-22 22:44:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-22 22:41:16 ----D---- C:\WINDOWS\system32\xircom
2010-03-22 22:41:16 ----D---- C:\Program Files\xerox
2010-03-22 22:41:16 ----D---- C:\Program Files\microsoft frontpage
2010-03-22 22:40:57 ----A---- C:\WINDOWS\control.ini
2010-03-22 22:40:57 ----A---- C:\AUTOEXEC.BAT
2010-03-22 22:40:41 ----A---- C:\WINDOWS\OEWABLog.txt
2010-03-22 22:40:36 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-03-22 22:39:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-22 22:39:44 ----RD---- C:\WINDOWS\Offline Web Pages
2010-03-22 22:39:44 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-03-22 22:39:37 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-03-22 22:39:31 ----HD---- C:\Program Files\WindowsUpdate
2010-03-22 22:39:27 ----D---- C:\Program Files\Online Services
2010-03-22 22:39:09 ----D---- C:\WINDOWS\system32\DirectX
2010-03-22 22:38:48 ----A---- C:\WINDOWS\system32\atrace.dll
2010-03-22 22:38:46 ----A---- C:\WINDOWS\system32\desktop.ini
2010-03-22 22:38:46 ----A---- C:\WINDOWS\desktop.ini
2010-03-22 22:38:39 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-03-22 22:38:38 ----A---- C:\WINDOWS\system32\acctres.dll
2010-03-22 22:38:37 ----D---- C:\Program Files\Common Files\Services
2010-03-22 22:38:35 ----SD---- C:\WINDOWS\Tasks
2010-03-22 22:38:35 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-03-22 22:38:33 ----D---- C:\Program Files\Common Files\MSSoap
2010-03-22 22:38:30 ----D---- C:\WINDOWS\srchasst
2010-03-22 22:38:29 ----D---- C:\WINDOWS\system32\Macromed
2010-03-22 22:38:26 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-03-22 22:38:26 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-03-22 22:38:26 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-03-22 22:38:26 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-03-22 22:38:26 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-03-22 22:38:25 ----A---- C:\WINDOWS\system32\wups.dll
2010-03-22 22:38:25 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-03-22 22:38:25 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-03-22 22:38:25 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-03-22 22:38:25 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-03-22 22:38:25 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-03-22 22:38:25 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-03-22 22:38:25 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-03-22 22:38:21 ----D---- C:\Program Files\Movie Maker
2010-03-22 22:38:17 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-03-22 22:38:17 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-03-22 22:38:17 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-03-22 22:38:17 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-03-22 22:38:14 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-03-22 22:38:14 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-03-22 22:38:13 ----D---- C:\WINDOWS\system32\Restore
2010-03-22 22:38:13 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-03-22 22:38:13 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-03-22 22:38:13 ----A---- C:\WINDOWS\system32\srclient.dll
2010-03-22 22:38:12 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-03-22 22:38:12 ----A---- C:\WINDOWS\system32\msconf.dll
2010-03-22 22:38:12 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-03-22 22:38:12 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-03-22 22:38:12 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-03-22 22:38:12 ----A---- C:\WINDOWS\system32\ils.dll
2010-03-22 22:38:09 ----D---- C:\Program Files\NetMeeting
2010-03-22 22:38:09 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-03-22 22:38:09 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-03-22 22:38:08 ----A---- C:\WINDOWS\system32\inetres.dll
2010-03-22 22:38:08 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-03-22 22:38:06 ----D---- C:\Program Files\Outlook Express
2010-03-22 22:38:06 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-03-22 22:38:06 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-03-22 22:38:06 ----A---- C:\WINDOWS\system32\mstask.dll
2010-03-22 22:38:05 ----A---- C:\WINDOWS\system32\isign32.dll
2010-03-22 22:38:05 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-03-22 22:38:05 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-03-22 22:38:05 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-03-22 22:37:59 ----D---- C:\Program Files\Common Files\System
2010-03-22 22:37:57 ----D---- C:\Program Files\Internet Explorer
2010-03-22 22:37:24 ----D---- C:\Program Files\ComPlus Applications
2010-03-22 22:37:22 ----A---- C:\WINDOWS\vbaddin.ini
2010-03-22 22:37:22 ----A---- C:\WINDOWS\vb.ini
2010-03-22 22:37:16 ----D---- C:\WINDOWS\Registration
2010-03-22 22:37:08 ----D---- C:\Program Files\Windows Media Player
2010-03-22 22:37:02 ----D---- C:\Program Files\Messenger
2010-03-22 22:36:59 ----D---- C:\Program Files\MSN Gaming Zone
2010-03-22 22:36:59 ----A---- C:\WINDOWS\system32\write.exe
2010-03-22 22:36:48 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-03-22 22:36:48 ----A---- C:\WINDOWS\system32\hticons.dll
2010-03-22 22:36:47 ----A---- C:\WINDOWS\system32\winchat.exe
2010-03-22 22:36:47 ----A---- C:\WINDOWS\system32\avwav.dll
2010-03-22 22:36:47 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-03-22 22:36:47 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-03-22 22:36:39 ----A---- C:\WINDOWS\system32\sol.exe
2010-03-22 22:36:39 ----A---- C:\WINDOWS\system32\charmap.exe
2010-03-22 22:36:39 ----A---- C:\WINDOWS\system32\getuname.dll
2010-03-22 22:36:39 ----A---- C:\WINDOWS\system32\calc.exe
2010-03-22 22:36:38 ----A---- C:\WINDOWS\system32\winmine.exe
2010-03-22 22:36:38 ----A---- C:\WINDOWS\system32\reset.exe
2010-03-22 22:36:38 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-03-22 22:36:38 ----A---- C:\WINDOWS\system32\freecell.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\tskill.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\tscon.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\shadow.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\regini.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\msg.exe
2010-03-22 22:36:36 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-03-22 22:36:36 ----A---- C:\WINDOWS\system32\logoff.exe
2010-03-22 22:36:36 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-03-22 22:36:35 ----A---- C:\WINDOWS\system32\stclient.dll
2010-03-22 22:36:35 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-03-22 22:36:35 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-03-22 22:36:35 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-03-22 22:36:35 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-03-22 22:36:35 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-03-22 22:36:35 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-03-22 22:36:35 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-03-22 22:36:29 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-03-22 22:36:28 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-03-22 22:36:28 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-03-22 22:36:28 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-03-22 22:36:28 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-03-22 22:36:27 ----D---- C:\Program Files\Windows NT
2010-03-22 22:36:27 ----A---- C:\WINDOWS\system32\spider.exe
2010-03-22 22:36:27 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-03-22 22:36:27 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-03-22 22:36:26 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-03-22 22:36:26 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-03-22 22:36:26 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-03-22 22:36:26 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-03-22 22:36:25 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-03-22 22:36:25 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-03-22 22:36:25 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-03-22 22:36:25 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-03-22 22:36:25 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-03-22 22:36:25 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-03-22 22:36:25 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-03-22 22:36:25 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-03-22 22:36:25 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-03-22 22:36:25 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-03-22 22:36:24 ----D---- C:\WINDOWS\system32\MsDtc
2010-03-22 22:36:24 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-03-22 22:36:24 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-03-22 22:36:24 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-03-22 22:36:24 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-03-22 22:36:24 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-03-22 22:36:23 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-03-22 22:36:23 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-03-22 22:36:23 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-03-22 22:36:23 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-03-22 22:36:22 ----D---- C:\WINDOWS\system32\Com
2010-03-22 22:36:22 ----A---- C:\WINDOWS\system32\colbact.dll
2010-03-22 22:36:22 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-03-22 22:36:22 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-03-22 22:36:22 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-03-22 22:36:22 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-03-22 22:36:21 ----A---- C:\WINDOWS\system32\comuid.dll
2010-03-22 22:36:21 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-03-22 22:36:21 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-03-22 22:36:13 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-03-22 22:36:13 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-03-22 22:36:13 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-03-22 22:36:13 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-03-22 21:46:40 ----RD---- C:\__Program Files
2010-03-21 10:13:19 ----D---- C:\Program Files\MyHeritage
2010-03-13 19:32:15 ----D---- C:\Program Files\MyPlayCity.com

======List of files/folders modified in the last 1 months======

2010-03-31 15:24:50 ----A---- C:\WINDOWS\win.ini
2010-03-31 15:24:50 ----A---- C:\WINDOWS\system.ini
2010-03-29 21:21:04 ----D---- C:\Temp
2010-03-23 16:11:42 ----RD---- C:\_Program Files
2010-03-22 21:52:26 ----D---- C:\Program Files\IrfanView
2010-03-21 16:40:37 ----D---- C:\Temp2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2010-03-22 15424]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2010-03-22 512096]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-04 100992]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
R3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
R3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2010-03-22 223128]
R3 DtvAudio;DtvAudio; C:\WINDOWS\system32\DRIVERS\DtvAudio.sys [2004-02-26 10330]
R3 DtvVideo;DtvVideo; C:\WINDOWS\system32\DRIVERS\DtvVideo.sys [2004-02-26 26730]
R3 gHidPnp;USB Device Enhanced Function Driver; C:\WINDOWS\System32\Drivers\gHidPnp.Sys [2009-04-28 19456]
R3 gMouUsb;USB Mouse Device Drv; C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [2009-03-04 11520]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-07-29 33024]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-07-29 12928]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-09-05 12212864]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 SKYNET;B2C2 Broadband Receiver PCI Adapter; C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2004-01-06 446884]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2007-11-10 1382672]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2010-03-22 552064]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-31 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

-----------------EOF-----------------

[Caroprd111]

Ostapulos

Založte si prosím, své vlastní téma.


jasanek

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

[jasanek]

ComboFix 10-03-29.04 - admin 31.03.2010 21:16:41.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1535.1176 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\admin\LOCALS~1\Temp\tmp2.tmp
c:\windows\system32\crt.dat
c:\windows\system32\crt4.dll
c:\windows\system32\Drivers\nd.sys
c:\windows\system32\ieuinit.inf
c:\windows\system32\kbdatat4.dll
c:\windows\system32\kbddta.dll
c:\windows\system32\kboem32.dat
c:\windows\system32\kbupdate.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DUMETERSVC
-------\Service_DUMeterSvc


((((((((((((((((((((((((( Soubory vytvořené od 2010-02-28 do 2010-03-31 )))))))))))))))))))))))))))))))
.

2010-03-31 18:39 . 2010-03-31 18:39 -------- d-----w- c:\program files\trend micro
2010-03-31 18:39 . 2010-03-31 18:39 -------- d-----w- C:\rsit
2010-03-31 13:14 . 2010-03-31 13:17 -------- d-----w- c:\program files\Google
2010-03-31 06:24 . 2010-03-31 06:24 61440 ----a-w- c:\windows\1200White.dat
2010-03-31 06:24 . 2010-03-31 06:24 61440 ----a-w- c:\windows\1200Dark.dat
2010-03-31 06:24 . 2010-03-31 06:24 6 ----a-w- c:\windows\1200Expou.dat
2010-03-31 06:24 . 2010-03-31 06:24 3 ----a-w- c:\windows\1200Offsetu.dat
2010-03-31 06:24 . 2010-03-31 06:24 3 ----a-w- c:\windows\1200Gain6.dat
2010-03-29 14:53 . 2010-03-29 14:53 -------- d-----w- C:\games
2010-03-29 14:36 . 2009-04-28 16:27 19456 ----a-w- c:\windows\system32\drivers\gHidPnp.sys
2010-03-29 14:36 . 2009-03-04 07:55 11520 ----a-w- c:\windows\system32\drivers\gMouUsb.sys
2010-03-29 14:34 . 2010-03-29 14:34 -------- d-----w- C:\Genius
2010-03-29 13:56 . 2010-03-29 13:56 -------- d-----w- c:\program files\OpenOffice.org 3
2010-03-28 19:09 . 2010-03-28 19:09 -------- d-----w- c:\program files\ImTOO
2010-03-28 18:55 . 2010-03-28 18:55 -------- d-----w- c:\program files\FLVPlayer
2010-03-27 15:28 . 2010-02-10 20:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-03-27 15:27 . 2010-03-27 15:29 -------- d-----w- c:\program files\ATI Technologies
2010-03-27 15:26 . 2010-03-27 15:26 -------- d-----w- C:\ATI
2010-03-27 11:02 . 2010-03-27 11:02 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-26 23:01 . 2002-08-02 15:04 3329 ----a-w- c:\windows\2K.reg
2010-03-26 23:01 . 2002-08-02 15:04 3323 ----a-w- c:\windows\MeXP.reg
2010-03-26 23:01 . 2002-08-02 15:04 3333 ----a-w- c:\windows\NT4_98.reg
2010-03-26 23:01 . 2001-09-06 19:45 233472 ----a-w- c:\windows\InstIt.exe
2010-03-26 23:01 . 2002-07-23 10:09 477184 ----a-w- c:\windows\mHotkey.exe
2010-03-26 23:01 . 2001-07-02 19:36 24576 ----a-w- c:\windows\HKNTDLL.dll
2010-03-26 18:05 . 2010-03-26 18:05 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-26 17:53 . 2010-03-26 17:53 -------- d-----w- c:\program files\Sierra
2010-03-26 17:14 . 2010-03-26 17:35 -------- d-----w- c:\program files\Capitalism II
2010-03-26 17:12 . 2010-03-26 17:12 -------- d-----w- c:\program files\DaemonTools_WhenUSaveNow_Installer
2010-03-25 15:46 . 2001-08-17 20:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-03-25 15:46 . 2001-08-17 20:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2010-03-25 13:52 . 2010-03-25 13:53 -------- d-----w- c:\program files\DU Meter
2010-03-24 20:21 . 2010-03-25 04:31 -------- d-----w- c:\windows\SxsCaPendDel
2010-03-24 06:58 . 2010-03-24 06:58 111616 ----a-w- c:\windows\system32\kbsnd32.dll
2010-03-24 06:58 . 2010-03-24 06:58 -------- d-----w- c:\windows\Sun
2010-03-23 14:15 . 2010-03-23 14:15 -------- d-----w- c:\windows\system32\Lang
2010-03-23 14:07 . 2001-10-28 16:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-03-23 14:07 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-03-23 14:07 . 2010-03-23 14:07 -------- d-----w- c:\program files\PDFCreator
2010-03-23 13:43 . 2004-08-17 13:49 221184 ----a-w- c:\windows\system32\wmpns.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 19:16 . 2001-10-25 14:00 70786 ----a-w- c:\windows\system32\perfc005.dat
2010-03-31 19:16 . 2001-10-25 14:00 393822 ----a-w- c:\windows\system32\perfh005.dat
2010-03-31 18:38 . 2010-03-22 20:51 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-29 14:34 . 2010-03-22 20:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-25 19:58 . 2010-03-22 20:50 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-25 07:11 . 2010-03-22 20:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-25 07:11 . 2010-03-22 20:40 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-25 07:10 . 2010-03-22 20:40 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-03-23 19:50 . 2010-03-22 20:53 -------- d-----w- c:\program files\ESET
2010-03-22 21:22 . 2010-03-22 21:22 -------- d-----w- c:\program files\Common Files\snpstd3
2010-03-22 21:20 . 2010-03-22 21:20 -------- d-----w- c:\program files\Common Files\snp2std
2010-03-22 21:17 . 2010-03-22 21:17 -------- d-----w- c:\program files\Vi-Soft
2010-03-22 21:15 . 2010-03-22 21:15 -------- d-----w- c:\program files\Koch Media
2010-03-22 21:10 . 2010-03-22 21:10 0 ----a-w- c:\windows\nsreg.dat
2010-03-22 21:04 . 2010-03-22 21:03 -------- d-----w- c:\program files\DAEMON Tools
2010-03-22 21:03 . 2010-03-22 21:03 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
2010-03-22 21:02 . 2010-03-22 21:02 96256 ----a-w- c:\windows\system32\drivers\sptd3261.sys
2010-03-22 21:02 . 2010-03-22 21:02 642560 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-22 21:00 . 2010-03-22 21:00 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-22 21:00 . 2010-03-22 21:00 -------- d-----w- c:\program files\GetWare
2010-03-22 20:59 . 2010-03-22 20:59 -------- d-----w- c:\program files\JPEG Resampler
2010-03-22 20:59 . 2010-03-22 20:59 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-22 20:58 . 2010-03-22 20:57 -------- d-----w- c:\program files\Java
2010-03-22 20:58 . 2010-03-22 20:57 -------- d-----w- c:\program files\Ahead
2010-03-22 20:57 . 2010-03-22 20:57 -------- d-----w- c:\program files\Common Files\Java
2010-03-22 20:57 . 2010-03-22 20:57 -------- d-----w- c:\program files\Common Files\Ahead
2010-03-22 20:57 . 2010-03-22 20:57 -------- d-----w- c:\program files\OpenTTD
2010-03-22 20:57 . 2010-03-22 20:57 -------- d-----w- c:\program files\TTDX
2010-03-22 20:56 . 2010-03-22 20:56 -------- d-----w- c:\program files\Dir2Mht
2010-03-22 20:56 . 2010-03-22 20:55 -------- d-----w- c:\program files\Winamp
2010-03-22 20:55 . 2010-03-22 20:55 -------- d-----w- c:\program files\Realtek Sound Manager
2010-03-22 20:55 . 2010-03-22 20:55 -------- d-----w- c:\program files\AvRack
2010-03-22 20:54 . 2010-03-22 20:54 -------- d-----w- c:\program files\AMD
2010-03-22 20:53 . 2010-03-22 20:53 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2010-03-22 20:53 . 2010-03-22 20:53 298104 ----a-w- c:\windows\system32\imon.dll
2010-03-22 20:53 . 2010-03-22 20:53 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2010-03-22 20:41 . 2010-03-22 20:41 -------- d-----w- c:\program files\microsoft frontpage
2010-03-22 20:37 . 2010-03-22 20:37 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-22 19:52 . 2009-12-05 23:29 -------- d-----w- c:\program files\IrfanView
2010-03-21 08:28 . 2010-03-21 08:13 -------- d-----w- c:\program files\MyHeritage
2010-03-13 17:32 . 2010-03-13 17:32 -------- d-----w- c:\program files\MyPlayCity.com
2010-02-27 15:28 . 2010-02-27 15:26 -------- d-----w- c:\program files\010 Editor v3
2010-02-21 23:37 . 2010-02-21 23:34 -------- d-----w- c:\program files\SiMoCoxx
2010-02-11 07:38 . 2010-03-22 21:32 3565056 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-02-11 05:17 . 2010-02-11 05:17 11845632 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-11 05:07 . 2010-02-11 05:07 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2010-02-11 04:46 . 2010-02-11 04:46 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-11 04:45 . 2010-03-22 21:32 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2010-02-11 04:37 . 2010-02-11 04:37 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2010-02-11 04:36 . 2010-02-11 04:36 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-11 04:35 . 2010-02-11 04:35 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-11 04:35 . 2010-02-11 04:35 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-02-11 04:35 . 2010-02-11 04:35 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-11 04:35 . 2010-02-11 04:35 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2010-02-11 04:33 . 2010-02-11 04:33 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-02-11 04:32 . 2010-02-11 04:32 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-02-11 04:25 . 2010-03-22 21:32 3818144 ----a-w- c:\windows\system32\ati3duag.dll
2010-02-11 04:23 . 2010-02-11 04:23 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-11 04:22 . 2010-02-11 04:22 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-11 04:21 . 2010-02-11 04:21 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-11 04:19 . 2010-02-11 04:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-11 04:12 . 2010-03-22 21:32 2670592 ----a-w- c:\windows\system32\ativvaxx.dll
2010-02-11 04:12 . 2010-02-11 04:12 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-02-11 04:12 . 2010-02-11 04:12 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2010-02-11 03:59 . 2010-02-11 03:59 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-11 03:55 . 2010-02-11 03:55 475136 ----a-w- c:\windows\system32\atikvmag.dll
2010-02-11 03:54 . 2010-02-11 03:54 126976 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-11 03:53 . 2010-02-11 03:53 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-02-11 03:47 . 2010-03-22 21:32 626688 ----a-w- c:\windows\system32\ati2cqag.dll
2010-02-03 19:30 . 2009-12-19 10:58 -------- d-----w- c:\program files\ProgDVB
2010-01-31 16:10 . 2010-01-31 16:07 -------- d-----w- c:\program files\SiMoCox
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2007-11-13 2585360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-03-22 949376]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"CHotkey"="mHotkey.exe" [2002-07-23 477184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
FreeRapid 0.83u1.lnk - c:\documents and settings\admin\Plocha\mash\FreeRapid\frd.exe [2009-12-6 35840]

[HKLM\~\startupfolder\C:^Documents and Settings^admin^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\admin\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ScanPanel.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ScanPanel.lnk
backup=c:\windows\pss\ScanPanel.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-17 13:49 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-17 13:49 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-12-10 14:57 133016 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-07-11 15:09 20480 ----a-w- c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
2004-06-11 03:15 83968 ----a-r- c:\windows\system32\nvraidservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
2007-09-28 15:32 344064 ----a-w- c:\windows\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 02:43 83608 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
2007-05-12 10:19 270336 ----a-w- c:\windows\tsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2005-12-20 13:39 94208 ------w- c:\windows\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-06-21 17:14 35328 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\GetWare\\WebCam Live\\WebCam.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.3.2010 23:02 642560]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [22.3.2010 22:53 15424]
R3 DtvAudio;DtvAudio;c:\windows\system32\drivers\DtvAudio.sys [22.3.2010 23:24 10330]
R3 DtvVideo;DtvVideo;c:\windows\system32\drivers\DtvVideo.sys [22.3.2010 23:25 26730]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [29.3.2010 16:36 19456]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [29.3.2010 16:36 11520]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.3.2010 15:14 136176]
S3 SKYNET;B2C2 Broadband Receiver PCI Adapter;c:\windows\system32\drivers\SkyNET.sys [22.3.2010 23:26 446884]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 13:14]

2010-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 13:14]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
LSP: c:\windows\system32\imon.dll
TCP: {1B6D6DB2-1911-4A41-B8D3-9B75806F2EA5} = 192.168.5.1
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\o4bkulsl.default\
FF - prefs.js: browser.search.selectedEngine - SluneÄŤnice
FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-31 21:21
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A29BEB0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x8a29beb0
\Driver\ACPI -> ACPI.sys @ 0xb9e97cb8
\Driver\atapi -> atapi.sys @ 0xb9e1d2f0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
ParseProcedure -> ntkrnlpa.exe @ 0x80576964
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
ParseProcedure -> ntkrnlpa.exe @ 0x80576964
NDIS: Bluetooth Device (Personal Area Network) -> SendCompleteHandler -> NDIS.sys @ 0xb9d11ba0
PacketIndicateHandler -> NDIS.sys @ 0xb9d00a0b
SendHandler -> NDIS.sys @ 0xb9d14b31
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(916)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(1560)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
c:\windows\mHotkey.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Eset\nod32krn.exe
c:\program files\Java\jre1.6.0_01\launch4j-tmp\frd.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-03-31 21:24:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-31 19:24

Před spuštěním: Volných bajtů: 14 469 156 864
Po spuštění: Volných bajtů: 14 986 522 624

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 913AAE0751E7AC1D2CEE217DB84947A7

[Caroprd111]

Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

[jasanek]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys
kernel: MBR read successfully
user & kernel MBR OK

[Caroprd111]

Najděte a smažte:
c:\windows\system32\kbsnd32.dll


Jak to vypadá s PC

[jasanek]

Pc jde a šlo dobře i předtím. Akorát ten antivir na mě začal pokřikovat že je tam trojský kůň. Jinak jsem ani tak žádné větší problémy nepozoroval.

[Caroprd111]

Poprosím o nový log z RSIT.

[jasanek]

Logfile of random's system information tool 1.06 (written by random/random)
Run by admin at 2010-03-31 22:19:56
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 15 GB (31%) free of 50 GB
Total RAM: 1535 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:03, on 31.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gKbStatus.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Java\jre1.6.0_01\launch4j-tmp\frd.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\GetWare\WebCam Live\WebCam.exe
C:\Documents and Settings\admin\Plocha\RSIT.exe
C:\Program Files\trend micro\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FreeRapid 0.83u1.lnk = C:\Documents and Settings\admin\Plocha\mash\FreeRapid\frd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B6D6DB2-1911-4A41-B8D3-9B75806F2EA5}: NameServer = 192.168.5.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 3930 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2010-03-22 949376]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2002-07-23 477184]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-11 61440]
"ioCentre"=C:\Genius\ioCentre\gTaskBar.exe [2007-12-17 61440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2007-11-13 2585360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
C:\WINDOWS\FixCamera.exe [2007-07-11 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
C:\WINDOWS\system32\nvraidservice.exe [2004-06-11 83968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
C:\WINDOWS\vsnp2std.exe [2007-09-28 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
C:\WINDOWS\tsnp2std.exe [2007-05-12 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
C:\WINDOWS\tsnpstd3.exe [2005-12-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2006-06-21 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-02-16 384512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ScanPanel.lnk]
C:\SCANPA~1\ScnPanel.exe [2002-05-09 1941504]

C:\Documents and Settings\admin\Nabídka Start\Programy\Po spuštění
FreeRapid 0.83u1.lnk - C:\Documents and Settings\admin\Plocha\mash\FreeRapid\frd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Totalcmd\TOTALCMD.EXE"="C:\Program Files\Totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\GetWare\WebCam Live\WebCam.exe"="C:\Program Files\GetWare\WebCam Live\WebCam.exe:*:Enabled:WebCam Live"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-31 21:24:28 ----D---- C:\WINDOWS\temp
2010-03-31 21:24:26 ----A---- C:\ComboFix.txt
2010-03-31 21:15:29 ----A---- C:\Boot.bak
2010-03-31 21:15:24 ----RASHD---- C:\cmdcons
2010-03-31 21:12:09 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-31 21:12:09 ----A---- C:\WINDOWS\MBR.exe
2010-03-31 21:12:08 ----A---- C:\WINDOWS\zip.exe
2010-03-31 21:12:08 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-31 21:12:08 ----A---- C:\WINDOWS\SWSC.exe
2010-03-31 21:12:08 ----A---- C:\WINDOWS\SWREG.exe
2010-03-31 21:12:08 ----A---- C:\WINDOWS\sed.exe
2010-03-31 21:12:08 ----A---- C:\WINDOWS\PEV.exe
2010-03-31 21:12:08 ----A---- C:\WINDOWS\grep.exe
2010-03-31 21:11:57 ----D---- C:\WINDOWS\ERDNT
2010-03-31 21:10:46 ----D---- C:\ComboFix
2010-03-31 21:08:25 ----D---- C:\Qoobox
2010-03-31 20:39:33 ----D---- C:\Program Files\trend micro
2010-03-31 20:39:32 ----D---- C:\rsit
2010-03-31 15:17:43 ----D---- C:\Documents and Settings\admin\Data aplikací\Google
2010-03-31 15:14:26 ----D---- C:\Program Files\Google
2010-03-29 16:53:14 ----D---- C:\games
2010-03-29 16:36:40 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-03-29 16:36:37 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-03-29 16:35:16 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-03-29 16:34:26 ----D---- C:\Genius
2010-03-29 15:59:12 ----D---- C:\Documents and Settings\admin\Data aplikací\OpenOffice.org
2010-03-29 15:56:38 ----D---- C:\Program Files\OpenOffice.org 3
2010-03-28 21:09:25 ----D---- C:\Program Files\ImTOO
2010-03-28 20:55:13 ----D---- C:\Program Files\FLVPlayer
2010-03-27 17:30:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2010-03-27 17:28:18 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2010-03-27 17:27:39 ----D---- C:\Program Files\ATI Technologies
2010-03-27 17:26:49 ----D---- C:\ATI
2010-03-27 17:23:09 ----A---- C:\WINDOWS\WININIT.INI
2010-03-27 01:01:14 ----A---- C:\WINDOWS\Instit.ini
2010-03-27 01:01:14 ----A---- C:\WINDOWS\InstIt.exe
2010-03-27 01:01:13 ----A---- C:\WINDOWS\mHotkey.exe
2010-03-27 01:01:12 ----A---- C:\WINDOWS\HKNTDLL.dll
2010-03-26 20:05:38 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2010-03-26 19:53:13 ----D---- C:\Program Files\Sierra
2010-03-26 19:49:50 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2010-03-26 19:49:49 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2010-03-26 19:49:49 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2010-03-26 19:49:43 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-03-26 19:49:42 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2010-03-26 19:49:42 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2010-03-26 19:49:42 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2010-03-26 19:49:41 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2010-03-26 19:49:41 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2010-03-26 19:49:41 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2010-03-26 19:49:41 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2010-03-26 19:49:40 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2010-03-26 19:49:40 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2010-03-26 19:14:59 ----D---- C:\Program Files\Capitalism II
2010-03-26 19:12:11 ----D---- C:\Program Files\DaemonTools_WhenUSaveNow_Installer
2010-03-26 15:48:58 ----D---- C:\Documents and Settings\admin\Data aplikací\GetWare
2010-03-25 22:02:54 ----D---- C:\Documents and Settings\admin\Data aplikací\ATI
2010-03-25 21:51:59 ----D---- C:\WINDOWS\Minidump
2010-03-25 15:52:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Hagel Technologies
2010-03-25 15:52:15 ----D---- C:\Program Files\DU Meter
2010-03-24 22:22:03 ----D---- C:\WINDOWS\system32\appmgmt
2010-03-24 22:21:43 ----D---- C:\WINDOWS\SxsCaPendDel
2010-03-24 19:05:37 ----D---- C:\Documents and Settings\admin\Data aplikací\WinRAR
2010-03-24 19:05:16 ----D---- C:\Program Files\WinRAR
2010-03-24 16:11:18 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-24 08:58:21 ----D---- C:\WINDOWS\Sun
2010-03-23 21:48:48 ----D---- C:\Documents and Settings\admin\Data aplikací\VitySoft
2010-03-23 20:06:14 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-03-23 16:15:25 ----D---- C:\WINDOWS\system32\Lang
2010-03-23 16:10:40 ----A---- C:\WINDOWS\MyHeritage.INI
2010-03-23 16:10:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\MyHeritage
2010-03-23 16:10:23 ----D---- C:\Documents and Settings\admin\Data aplikací\MyHeritage
2010-03-23 16:07:14 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll
2010-03-23 16:07:12 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL
2010-03-23 16:07:11 ----D---- C:\Program Files\PDFCreator
2010-03-23 16:01:36 ----D---- C:\Documents and Settings\admin\Data aplikací\Macromedia
2010-03-23 16:01:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2010-03-23 15:43:54 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-03-22 23:35:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Farm Frenzy
2010-03-22 23:35:11 ----A---- C:\WINDOWS\system32\h323log.txt
2010-03-22 23:33:32 ----A---- C:\WINDOWS\system32\wshirda.dll
2010-03-22 23:33:32 ----A---- C:\WINDOWS\system32\irmon.dll
2010-03-22 23:33:32 ----A---- C:\WINDOWS\system32\irftp.exe
2010-03-22 23:33:07 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-03-22 23:32:21 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2010-03-22 23:32:21 ----A---- C:\WINDOWS\system32\ati3duag.dll
2010-03-22 23:32:21 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2010-03-22 23:32:20 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2010-03-22 23:32:20 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2010-03-22 23:32:02 ----A---- C:\WINDOWS\system32\usbui.dll
2010-03-22 23:30:41 ----A---- C:\WINDOWS\imsins.BAK
2010-03-22 23:30:37 ----SHD---- C:\WINDOWS\Installer
2010-03-22 23:30:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-22 23:30:36 ----D---- C:\Program Files\Common Files\ODBC
2010-03-22 23:30:36 ----A---- C:\WINDOWS\ODBCINST.INI
2010-03-22 23:30:33 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-03-22 23:30:32 ----RD---- C:\Program Files
2010-03-22 23:30:32 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-22 23:30:32 ----D---- C:\Program Files\Common Files
2010-03-22 23:30:28 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-03-22 23:30:28 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-03-22 23:30:28 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-03-22 23:30:26 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-03-22 23:30:26 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-03-22 23:30:26 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-03-22 23:30:26 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-03-22 23:30:26 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-03-22 23:30:26 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-03-22 23:30:26 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-03-22 23:30:25 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-03-22 23:30:25 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-03-22 23:30:25 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-03-22 23:30:25 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-03-22 23:30:25 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-03-22 23:30:23 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-03-22 23:30:23 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-03-22 23:30:23 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-03-22 23:30:23 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-03-22 23:30:23 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-03-22 23:30:23 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-03-22 23:30:23 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-03-22 23:30:21 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-03-22 23:30:21 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-03-22 23:30:21 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-03-22 23:30:21 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-03-22 23:30:21 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\kbdycl.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\kbdsl.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\kbdro.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\kbdpl.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\kbdhu.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\kbdcr.dll
2010-03-22 23:30:16 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2010-03-22 23:30:15 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-03-22 23:30:15 ----A---- C:\WINDOWS\system32\irclass.dll
2010-03-22 23:30:15 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-03-22 23:30:15 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-03-22 23:30:14 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-03-22 23:30:12 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-03-22 23:30:12 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-03-22 23:30:12 ----A---- C:\WINDOWS\system32\batt.dll
2010-03-22 23:30:11 ----A---- C:\WINDOWS\NOTEPAD.EXE
2010-03-22 23:30:10 ----A---- C:\WINDOWS\system32\storprop.dll
2010-03-22 23:30:03 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-03-22 23:29:58 ----RA---- C:\WINDOWS\SET8.tmp
2010-03-22 23:29:56 ----RA---- C:\WINDOWS\SET4.tmp
2010-03-22 23:29:54 ----RA---- C:\WINDOWS\SET3.tmp
2010-03-22 23:29:50 ----D---- C:\Documents and Settings\admin\Data aplikací\Adobe
2010-03-22 23:29:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-22 23:29:49 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-22 23:29:43 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-03-22 23:29:26 ----A---- C:\WINDOWS\setuplog.txt
2010-03-22 23:29:20 ----D---- C:\Documents and Settings
2010-03-22 23:29:19 ----SHD---- C:\System Volume Information
2010-03-22 23:28:38 ----RASH---- C:\boot.ini
2010-03-22 23:24:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-22 23:24:42 ----RSD---- C:\WINDOWS\Fonts
2010-03-22 23:24:42 ----RD---- C:\WINDOWS\Web
2010-03-22 23:24:42 ----HD---- C:\WINDOWS\inf
2010-03-22 23:24:42 ----D---- C:\WINDOWS\WinSxS
2010-03-22 23:24:42 ----D---- C:\WINDOWS\twain_32
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\wins
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\wbem
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\usmt
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\spool
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\ShellExt
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\Setup
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\ras
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\oobe
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\npp
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\mui
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\inetsrv
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\IME
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\icsxml
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\ias
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\export
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\drivers
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\dhcp
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\config
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\3com_dmi
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\3076
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\2052
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\1054
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\1042
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\1041
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\1037
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\1033
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\1031
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\1029
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\1028
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32\1025
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system32
2010-03-22 23:24:42 ----D---- C:\WINDOWS\system
2010-03-22 23:24:42 ----D---- C:\WINDOWS\security
2010-03-22 23:24:42 ----D---- C:\WINDOWS\Resources
2010-03-22 23:24:42 ----D---- C:\WINDOWS\repair
2010-03-22 23:24:42 ----D---- C:\WINDOWS\Provisioning
2010-03-22 23:24:42 ----D---- C:\WINDOWS\pchealth
2010-03-22 23:24:42 ----D---- C:\WINDOWS\PeerNet
2010-03-22 23:24:42 ----D---- C:\WINDOWS\mui
2010-03-22 23:24:42 ----D---- C:\WINDOWS\msapps
2010-03-22 23:24:42 ----D---- C:\WINDOWS\msagent
2010-03-22 23:24:42 ----D---- C:\WINDOWS\Media
2010-03-22 23:24:42 ----D---- C:\WINDOWS\java
2010-03-22 23:24:42 ----D---- C:\WINDOWS\ime
2010-03-22 23:24:42 ----D---- C:\WINDOWS\Help
2010-03-22 23:24:42 ----D---- C:\WINDOWS\ehome
2010-03-22 23:24:42 ----D---- C:\WINDOWS\Driver Cache
2010-03-22 23:24:42 ----D---- C:\WINDOWS\Debug
2010-03-22 23:24:42 ----D---- C:\WINDOWS\Cursors
2010-03-22 23:24:42 ----D---- C:\WINDOWS\Connection Wizard
2010-03-22 23:24:42 ----D---- C:\WINDOWS\Config
2010-03-22 23:24:42 ----D---- C:\WINDOWS\AppPatch
2010-03-22 23:24:42 ----D---- C:\WINDOWS\addins
2010-03-22 23:24:42 ----D---- C:\WINDOWS
2010-03-22 23:22:19 ----N---- C:\WINDOWS\vsnpstd3.exe
2010-03-22 23:22:19 ----N---- C:\WINDOWS\tsnpstd3.exe
2010-03-22 23:22:19 ----N---- C:\WINDOWS\snpstd3.ini
2010-03-22 23:22:16 ----N---- C:\WINDOWS\usnpstd3.exe
2010-03-22 23:22:16 ----N---- C:\WINDOWS\system32\vsnpstd3.dll
2010-03-22 23:22:16 ----N---- C:\WINDOWS\system32\rsnpstd3.dll
2010-03-22 23:22:16 ----N---- C:\WINDOWS\system32\csnpstd3.dll
2010-03-22 23:22:15 ----D---- C:\Program Files\Common Files\snpstd3
2010-03-22 23:20:48 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2010-03-22 23:20:11 ----A---- C:\WINDOWS\FixCamera.exe
2010-03-22 23:20:11 ----A---- C:\WINDOWS\amcap.exe
2010-03-22 23:20:10 ----A---- C:\WINDOWS\WindowsXP-KB822603-x86.exe
2010-03-22 23:20:09 ----A---- C:\WINDOWS\vsnp2std.exe
2010-03-22 23:20:09 ----A---- C:\WINDOWS\tsnp2std.exe
2010-03-22 23:20:09 ----A---- C:\WINDOWS\snp2std.ini
2010-03-22 23:20:05 ----D---- C:\Program Files\Common Files\snp2std
2010-03-22 23:20:05 ----A---- C:\WINDOWS\system32\vsnp2std.dll
2010-03-22 23:20:05 ----A---- C:\WINDOWS\system32\rsnp2std.dll
2010-03-22 23:20:05 ----A---- C:\WINDOWS\system32\csnp2std.dll
2010-03-22 23:19:47 ----D---- C:\Documents and Settings\admin\Data aplikací\InstallShield
2010-03-22 23:17:56 ----D---- C:\Program Files\Vi-Soft
2010-03-22 23:15:25 ----D---- C:\Program Files\Koch Media
2010-03-22 23:11:17 ----D---- C:\Documents and Settings\admin\Data aplikací\Talkback
2010-03-22 23:11:07 ----D---- C:\Documents and Settings\admin\Data aplikací\Thunderbird
2010-03-22 23:10:34 ----D---- C:\Documents and Settings\admin\Data aplikací\Mozilla
2010-03-22 23:10:07 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2010-03-22 23:07:38 ----RSD---- C:\WINDOWS\assembly
2010-03-22 23:07:38 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-22 23:07:37 ----D---- C:\WINDOWS\system32\URTTemp
2010-03-22 23:01:51 ----D---- C:\My Documents
2010-03-22 23:01:42 ----A---- C:\WINDOWS\hpbafd.ini
2010-03-22 23:01:24 ----N---- C:\WINDOWS\system32\hppapts0.dll
2010-03-22 23:01:24 ----N---- C:\WINDOWS\system32\hppapml0.exe
2010-03-22 23:01:24 ----N---- C:\WINDOWS\system32\hppapml0.dll
2010-03-22 23:01:24 ----N---- C:\WINDOWS\system32\hppanet0.exe
2010-03-22 23:01:24 ----N---- C:\WINDOWS\system32\hppadt40.dll
2010-03-22 23:01:21 ----N---- C:\WINDOWS\system32\roboex32.dll
2010-03-22 23:01:21 ----N---- C:\WINDOWS\system32\hppamon0.dll
2010-03-22 23:01:21 ----N---- C:\WINDOWS\system32\hpdcmon.dll
2010-03-22 23:00:53 ----D---- C:\Program Files\Hewlett-Packard
2010-03-22 23:00:41 ----D---- C:\Program Files\GetWare
2010-03-22 23:00:34 ----A---- C:\WINDOWS\IsUn0405.exe
2010-03-22 22:59:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-03-22 22:59:09 ----D---- C:\Program Files\JPEG Resampler
2010-03-22 22:59:08 ----D---- C:\Program Files\Common Files\Adobe
2010-03-22 22:59:08 ----D---- C:\Program Files\Adobe
2010-03-22 22:58:26 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-22 22:58:26 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-22 22:58:26 ----A---- C:\WINDOWS\system32\java.exe
2010-03-22 22:58:03 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2010-03-22 22:58:00 ----N---- C:\WINDOWS\system32\TwnLib4.dll
2010-03-22 22:58:00 ----N---- C:\WINDOWS\system32\ImagXRA7.dll
2010-03-22 22:58:00 ----N---- C:\WINDOWS\system32\ImagXR7.dll
2010-03-22 22:57:59 ----N---- C:\WINDOWS\system32\ImagXpr7.dll
2010-03-22 22:57:59 ----N---- C:\WINDOWS\system32\ImagX7.dll
2010-03-22 22:57:59 ----D---- C:\Program Files\Java
2010-03-22 22:57:57 ----N---- C:\WINDOWS\system32\picn20.dll
2010-03-22 22:57:57 ----D---- C:\Program Files\Common Files\Java
2010-03-22 22:57:49 ----D---- C:\Program Files\Common Files\Ahead
2010-03-22 22:57:49 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2010-03-22 22:57:44 ----D---- C:\Program Files\Ahead
2010-03-22 22:57:43 ----D---- C:\Documents and Settings\admin\Data aplikací\Sun
2010-03-22 22:57:21 ----D---- C:\Program Files\OpenTTD
2010-03-22 22:57:08 ----D---- C:\Program Files\TTDX
2010-03-22 22:56:44 ----D---- C:\Program Files\Dir2Mht
2010-03-22 22:56:22 ----RA---- C:\WINDOWS\system32\nvuide.exe
2010-03-22 22:56:22 ----RA---- C:\WINDOWS\system32\NvRaidWizardEnu.dll
2010-03-22 22:56:22 ----RA---- C:\WINDOWS\system32\NvRaidSvEnu.dll
2010-03-22 22:56:22 ----RA---- C:\WINDOWS\system32\nvraidservice.exe
2010-03-22 22:56:22 ----RA---- C:\WINDOWS\system32\NvRaidEnu.dll
2010-03-22 22:56:21 ----RA---- C:\WINDOWS\system32\NvRaidWizard.dll
2010-03-22 22:56:21 ----RA---- C:\WINDOWS\system32\NvRaidMan.exe
2010-03-22 22:56:18 ----A---- C:\WINDOWS\system32\nvraidco.dll
2010-03-22 22:56:11 ----RA---- C:\WINDOWS\system32\idecoi.dll
2010-03-22 22:55:32 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-03-22 22:55:32 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-03-22 22:55:32 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2010-03-22 22:55:32 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2010-03-22 22:55:32 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-03-22 22:55:32 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2010-03-22 22:55:31 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-03-22 22:55:31 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-03-22 22:55:31 ----N---- C:\WINDOWS\system32\px.dll
2010-03-22 22:55:13 ----D---- C:\Program Files\Winamp
2010-03-22 22:55:12 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-03-22 22:55:09 ----D---- C:\Program Files\Realtek Sound Manager
2010-03-22 22:55:07 ----N---- C:\WINDOWS\avrack.ini
2010-03-22 22:55:07 ----D---- C:\Program Files\AvRack
2010-03-22 22:55:01 ----A---- C:\WINDOWS\system32\RTLCPAPI.dll
2010-03-22 22:55:01 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2010-03-22 22:55:00 ----N---- C:\WINDOWS\system32\ChCfg.exe
2010-03-22 22:54:57 ----A---- C:\WINDOWS\system32\RTLCPL.EXE
2010-03-22 22:54:50 ----N---- C:\WINDOWS\alcupd.exe
2010-03-22 22:54:50 ----N---- C:\WINDOWS\alcrmv.exe
2010-03-22 22:54:23 ----D---- C:\Program Files\AMD
2010-03-22 22:53:54 ----A---- C:\WINDOWS\system32\imon.dll
2010-03-22 22:53:09 ----D---- C:\Program Files\ESET
2010-03-22 22:52:47 ----D---- C:\WINDOWS\pss
2010-03-22 22:51:28 ----RA---- C:\WINDOWS\system32\fdco1.dll
2010-03-22 22:51:24 ----RA---- C:\WINDOWS\system32\nvconrm.dll
2010-03-22 22:51:24 ----RA---- C:\WINDOWS\system32\bdco1.dll
2010-03-22 22:51:24 ----A---- C:\WINDOWS\system32\nvunrm.exe
2010-03-22 22:51:22 ----RA---- C:\WINDOWS\system32\nvusmb.exe
2010-03-22 22:51:22 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2010-03-22 22:51:17 ----A---- C:\WINDOWS\system32\nvugart.exe
2010-03-22 22:51:17 ----A---- C:\WINDOWS\ScnPanel.ini
2010-03-22 22:51:17 ----A---- C:\WINDOWS\Ausba5.ini
2010-03-22 22:51:17 ----A---- C:\WINDOWS\AstraPro.ini
2010-03-22 22:51:16 ----A---- C:\WINDOWS\system32\Remove4010.exe
2010-03-22 22:51:14 ----RA---- C:\WINDOWS\system32\NVCOG.DLL
2010-03-22 22:51:14 ----D---- C:\Program Files\Mozilla Thunderbird
2010-03-22 22:51:06 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-22 22:50:46 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-22 22:50:43 ----RA---- C:\WINDOWS\system32\ProMicro.dll
2010-03-22 22:50:43 ----D---- C:\ScanPanel
2010-03-22 22:50:42 ----RA---- C:\WINDOWS\GetKey5.dll
2010-03-22 22:50:42 ----N---- C:\WINDOWS\Ausba5.dll
2010-03-22 22:50:41 ----RA---- C:\WINDOWS\A5.dll
2010-03-22 22:50:39 ----D---- C:\Program Files\Mozilla Firefox
2010-03-22 22:50:34 ----N---- C:\WINDOWS\AstraPro305.ini
2010-03-22 22:50:28 ----D---- C:\Program Files\Common Files\InstallShield
2010-03-22 22:47:10 ----A---- C:\WINDOWS\WINCMD.INI
2010-03-22 22:45:43 ----D---- C:\Documents and Settings\admin\Data aplikací\Identities
2010-03-22 22:45:42 ----HD---- C:\Program Files\Uninstall Information
2010-03-22 22:45:36 ----SD---- C:\Documents and Settings\admin\Data aplikací\Microsoft
2010-03-22 22:45:36 ----ASH---- C:\Documents and Settings\admin\Data aplikací\desktop.ini
2010-03-22 22:44:45 ----D---- C:\WINDOWS\SoftwareDistribution
2010-03-22 22:44:42 ----D---- C:\WINDOWS\Prefetch
2010-03-22 22:44:41 ----SD---- C:\WINDOWS\system32\Microsoft
2010-03-22 22:44:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-22 22:41:16 ----D---- C:\WINDOWS\system32\xircom
2010-03-22 22:41:16 ----D---- C:\Program Files\xerox
2010-03-22 22:41:16 ----D---- C:\Program Files\microsoft frontpage
2010-03-22 22:40:57 ----A---- C:\WINDOWS\control.ini
2010-03-22 22:40:57 ----A---- C:\AUTOEXEC.BAT
2010-03-22 22:40:41 ----A---- C:\WINDOWS\OEWABLog.txt
2010-03-22 22:40:36 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-03-22 22:39:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-22 22:39:44 ----RD---- C:\WINDOWS\Offline Web Pages
2010-03-22 22:39:44 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-03-22 22:39:37 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-03-22 22:39:31 ----HD---- C:\Program Files\WindowsUpdate
2010-03-22 22:39:27 ----D---- C:\Program Files\Online Services
2010-03-22 22:39:09 ----D---- C:\WINDOWS\system32\DirectX
2010-03-22 22:38:48 ----A---- C:\WINDOWS\system32\atrace.dll
2010-03-22 22:38:46 ----A---- C:\WINDOWS\system32\desktop.ini
2010-03-22 22:38:46 ----A---- C:\WINDOWS\desktop.ini
2010-03-22 22:38:39 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-03-22 22:38:38 ----A---- C:\WINDOWS\system32\acctres.dll
2010-03-22 22:38:37 ----D---- C:\Program Files\Common Files\Services
2010-03-22 22:38:35 ----SD---- C:\WINDOWS\Tasks
2010-03-22 22:38:35 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-03-22 22:38:33 ----D---- C:\Program Files\Common Files\MSSoap
2010-03-22 22:38:30 ----D---- C:\WINDOWS\srchasst
2010-03-22 22:38:29 ----D---- C:\WINDOWS\system32\Macromed
2010-03-22 22:38:26 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-03-22 22:38:26 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-03-22 22:38:26 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-03-22 22:38:26 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-03-22 22:38:26 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-03-22 22:38:25 ----N---- C:\WINDOWS\system32\wuauclt.exe
2010-03-22 22:38:25 ----N---- C:\WINDOWS\system32\qmgr.dll
2010-03-22 22:38:25 ----A---- C:\WINDOWS\system32\wups.dll
2010-03-22 22:38:25 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-03-22 22:38:25 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-03-22 22:38:25 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-03-22 22:38:25 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-03-22 22:38:25 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-03-22 22:38:21 ----D---- C:\Program Files\Movie Maker
2010-03-22 22:38:17 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-03-22 22:38:17 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-03-22 22:38:17 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-03-22 22:38:17 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-03-22 22:38:14 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-03-22 22:38:14 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-03-22 22:38:13 ----N---- C:\WINDOWS\system32\srsvc.dll
2010-03-22 22:38:13 ----D---- C:\WINDOWS\system32\Restore
2010-03-22 22:38:13 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-03-22 22:38:13 ----A---- C:\WINDOWS\system32\srclient.dll
2010-03-22 22:38:12 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-03-22 22:38:12 ----A---- C:\WINDOWS\system32\msconf.dll
2010-03-22 22:38:12 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-03-22 22:38:12 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-03-22 22:38:12 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-03-22 22:38:12 ----A---- C:\WINDOWS\system32\ils.dll
2010-03-22 22:38:09 ----D---- C:\Program Files\NetMeeting
2010-03-22 22:38:09 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-03-22 22:38:09 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-03-22 22:38:08 ----A---- C:\WINDOWS\system32\inetres.dll
2010-03-22 22:38:08 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-03-22 22:38:06 ----N---- C:\WINDOWS\system32\schedsvc.dll
2010-03-22 22:38:06 ----D---- C:\Program Files\Outlook Express
2010-03-22 22:38:06 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-03-22 22:38:06 ----A---- C:\WINDOWS\system32\mstask.dll
2010-03-22 22:38:05 ----A---- C:\WINDOWS\system32\isign32.dll
2010-03-22 22:38:05 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-03-22 22:38:05 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-03-22 22:38:05 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-03-22 22:37:59 ----D---- C:\Program Files\Common Files\System
2010-03-22 22:37:57 ----D---- C:\Program Files\Internet Explorer
2010-03-22 22:37:24 ----D---- C:\Program Files\ComPlus Applications
2010-03-22 22:37:22 ----A---- C:\WINDOWS\vbaddin.ini
2010-03-22 22:37:22 ----A---- C:\WINDOWS\vb.ini
2010-03-22 22:37:16 ----D---- C:\WINDOWS\Registration
2010-03-22 22:37:08 ----D---- C:\Program Files\Windows Media Player
2010-03-22 22:37:02 ----D---- C:\Program Files\Messenger
2010-03-22 22:36:59 ----D---- C:\Program Files\MSN Gaming Zone
2010-03-22 22:36:59 ----A---- C:\WINDOWS\system32\write.exe
2010-03-22 22:36:48 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-03-22 22:36:48 ----A---- C:\WINDOWS\system32\hticons.dll
2010-03-22 22:36:47 ----A---- C:\WINDOWS\system32\winchat.exe
2010-03-22 22:36:47 ----A---- C:\WINDOWS\system32\avwav.dll
2010-03-22 22:36:47 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-03-22 22:36:47 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-03-22 22:36:39 ----A---- C:\WINDOWS\system32\sol.exe
2010-03-22 22:36:39 ----A---- C:\WINDOWS\system32\charmap.exe
2010-03-22 22:36:39 ----A---- C:\WINDOWS\system32\getuname.dll
2010-03-22 22:36:39 ----A---- C:\WINDOWS\system32\calc.exe
2010-03-22 22:36:38 ----A---- C:\WINDOWS\system32\winmine.exe
2010-03-22 22:36:38 ----A---- C:\WINDOWS\system32\reset.exe
2010-03-22 22:36:38 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-03-22 22:36:38 ----A---- C:\WINDOWS\system32\freecell.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\tskill.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\tscon.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\shadow.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\regini.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-03-22 22:36:37 ----A---- C:\WINDOWS\system32\msg.exe
2010-03-22 22:36:36 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-03-22 22:36:36 ----A---- C:\WINDOWS\system32\logoff.exe
2010-03-22 22:36:36 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-03-22 22:36:35 ----A---- C:\WINDOWS\system32\stclient.dll
2010-03-22 22:36:35 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-03-22 22:36:35 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-03-22 22:36:35 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-03-22 22:36:35 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-03-22 22:36:35 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-03-22 22:36:35 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-03-22 22:36:35 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-03-22 22:36:29 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-03-22 22:36:28 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-03-22 22:36:28 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-03-22 22:36:28 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-03-22 22:36:28 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-03-22 22:36:27 ----D---- C:\Program Files\Windows NT
2010-03-22 22:36:27 ----A---- C:\WINDOWS\system32\spider.exe
2010-03-22 22:36:27 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-03-22 22:36:27 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-03-22 22:36:26 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-03-22 22:36:26 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-03-22 22:36:26 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-03-22 22:36:26 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-03-22 22:36:25 ----N---- C:\WINDOWS\system32\termsrv.dll
2010-03-22 22:36:25 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-03-22 22:36:25 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-03-22 22:36:25 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-03-22 22:36:25 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-03-22 22:36:25 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-03-22 22:36:25 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-03-22 22:36:25 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-03-22 22:36:25 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-03-22 22:36:25 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-03-22 22:36:24 ----D---- C:\WINDOWS\system32\MsDtc
2010-03-22 22:36:24 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-03-22 22:36:24 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-03-22 22:36:24 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-03-22 22:36:24 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-03-22 22:36:24 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-03-22 22:36:23 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-03-22 22:36:23 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-03-22 22:36:23 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-03-22 22:36:23 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-03-22 22:36:22 ----D---- C:\WINDOWS\system32\Com
2010-03-22 22:36:22 ----A---- C:\WINDOWS\system32\colbact.dll
2010-03-22 22:36:22 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-03-22 22:36:22 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-03-22 22:36:22 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-03-22 22:36:22 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-03-22 22:36:21 ----A---- C:\WINDOWS\system32\comuid.dll
2010-03-22 22:36:21 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-03-22 22:36:21 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-03-22 22:36:13 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-03-22 22:36:13 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-03-22 22:36:13 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-03-22 22:36:13 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-03-22 21:46:40 ----RD---- C:\__Program Files
2010-03-21 10:13:19 ----D---- C:\Program Files\MyHeritage
2010-03-13 19:32:15 ----D---- C:\Program Files\MyPlayCity.com

======List of files/folders modified in the last 1 months======

2010-03-31 21:21:46 ----A---- C:\WINDOWS\system.ini
2010-03-31 15:24:50 ----A---- C:\WINDOWS\win.ini
2010-03-29 21:21:04 ----D---- C:\Temp
2010-03-23 16:11:42 ----RD---- C:\_Program Files
2010-03-22 21:52:26 ----D---- C:\Program Files\IrfanView
2010-03-21 16:40:37 ----D---- C:\Temp2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2010-03-22 15424]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2010-03-22 512096]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-04 100992]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
R3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
R3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
R3 DtvAudio;DtvAudio; C:\WINDOWS\system32\DRIVERS\DtvAudio.sys [2004-02-26 10330]
R3 DtvVideo;DtvVideo; C:\WINDOWS\system32\DRIVERS\DtvVideo.sys [2004-02-26 26730]
R3 gHidPnp;USB Device Enhanced Function Driver; C:\WINDOWS\System32\Drivers\gHidPnp.Sys [2009-04-28 19456]
R3 gMouUsb;USB Mouse Device Drv; C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [2009-03-04 11520]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-07-29 33024]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-07-29 12928]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-09-05 12212864]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2010-03-22 223128]
S3 mbr;mbr; \??\C:\DOCUME~1\admin\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 SKYNET;B2C2 Broadband Receiver PCI Adapter; C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2004-01-06 446884]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2010-03-22 552064]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-31 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

-----------------EOF-----------------

[Caroprd111]

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

• Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
• Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

• Spusťte.
• Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

• Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
  
  Záložka Čistič
• Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
  
  Záložka Registry
• Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
  OK Zavřít

V logu nevidím firewall, doinstalujte Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

[jasanek]

Ok. Hotovo. Takže jestli je již vše tak velice moc děkuji. Pokud ještě něco. Bude se tomu věnovat až zítra. Ráno stávám brzo do práce. Jinak dá se firewalle nastavit tak aby chránil jen internet a druhý pc pustil do pc? Internet mám přiveden do hub a z něj do dvou pc. A já bych chtěl aby šlo z jednoho pc vstupovat do složek toho druhého. Ještě dodatek, to druhý pc přivezu až zítra, takže jsem nezkoušel jen zjišťuji teorii. Takže ještě jednou díky.

[Caroprd111]

Určitě nastavit půjde, ode mě je to vše.