prosim o kontrolu logu

[andres]

pred par dny se mi dostaly do pc nejaky viry. google chrome uplne zkolaboval a po preinstalaci nejde nacist zadna stranka. opera jede taky nejak podivne. obcas nechce stahnout soubor. obcas kdyz jsem na netu, tak firewall nortonu zachyti nejakej utok. pise se tam, ze me napadla nejaka stranka, ale ze utok byl zablokovan a neni treba provadet zadne akce. uz jsem z toho trochu zoufalej. projizdel jsem to nekolika antispyware programama jako: ad-aware, spyware doctor, spybot, spyware terminator, nakonec nortonem a nic moc to nenaslo a porad to nejede, jak ma. predem diky za pomoc. posilam log:



Logfile of random's system information tool 1.06 (written by random/random)
Run by Ondra at 2010-04-15 21:35:26
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (3%) free of 73 GB
Total RAM: 1022 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:50, on 15.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seznam.cz\postak.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TC UP\TOTALCMD.EXE
C:\Downloads\RSIT.exe
C:\Program Files\trend micro\Ondra.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15187&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.1.0.32\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Seznam.cz\core.2.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Uninstall_CToolbar] "C:\DOCUME~1\Ondra\LOCALS~1\Temp\CUninst.exe" "/remove"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2774378140
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe

--
End of file - 13438 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{0119A157-9792-4445-B4B6-DEA2DEEA0584}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll [2010-03-26 394608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\4.1.0.32\IPSBHO.DLL [2009-11-17 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Seznam.cz\core.2.dll [2009-05-18 1039000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll [2010-03-26 394608]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-11-10 176128]
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 40960]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-12-21 39424]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"niDevMon"=C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe [2007-07-14 106064]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2009-10-03 38768]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2009-10-03 640376]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-10-23 233472]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-04-15 2176512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-03-01 451224]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-04-15 3037696]
"Uninstall_CToolbar"=C:\DOCUME~1\Ondra\LOCALS~1\Temp\CUninst.exe [2010-04-14 2367336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="acaptuser32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\Czech\setup.exe"="C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\Czech\setup.exe:*:Enabled:Kaspersky Anti-Virus 2009 Setup"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:LocalSubNet:Enabled:Pinnacle Streaming Server"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Documents and Settings\Ondra\Local Settings\Temp\java_ee_sdk-5_07-windows-ml.exe2\package\jre\bin\javaw.exe"="C:\Documents and Settings\Ondra\Local Settings\Temp\java_ee_sdk-5_07-windows-ml.exe2\package\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Sun\SDK\jdk\bin\java.exe"="C:\Sun\SDK\jdk\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\Ondra\Local Settings\Temp\java_app_platform_sdk-5_07-windows-ml.exe2\package\jre\bin\javaw.exe"="C:\Documents and Settings\Ondra\Local Settings\Temp\java_app_platform_sdk-5_07-windows-ml.exe2\package\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jdk1.6.0_13\bin\java.exe"="C:\Program Files\Java\jdk1.6.0_13\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\Ondra\QIP\qip.exe"="C:\Documents and Settings\Ondra\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\WINDOWS\system32\mshta.exe"="C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft (R) HTML Application host"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Opera 10.50 Beta\opera.exe"="C:\Program Files\Opera 10.50 Beta\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\PCTV Systems\TVCenter\TVCenter.exe"="C:\Program Files\PCTV Systems\TVCenter\TVCenter.exe:*:Enabled:PCTV Systems TVCenter"
"C:\Program Files\Common Files\PCTV Systems\PVR\VideoControl.exe"="C:\Program Files\Common Files\PCTV Systems\PVR\VideoControl.exe:*:Enabled:PCTV Systems VideoControl"
"C:\Program Files\Common Files\PCTV Systems\StreamingServer\StrmServer.exe"="C:\Program Files\Common Files\PCTV Systems\StreamingServer\StrmServer.exe:*:Enabled:PCTV Systems DistanTV classic"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-04-15 21:35:27 ----D---- C:\Program Files\trend micro
2010-04-15 21:35:26 ----D---- C:\rsit
2010-04-15 18:28:03 ----D---- C:\Program Files\Crawler
2010-04-15 18:27:48 ----D---- C:\Documents and Settings\Ondra\Data aplikací\Spyware Terminator
2010-04-15 18:27:34 ----D---- C:\Program Files\Spyware Terminator
2010-04-15 18:27:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-04-14 15:44:23 ----A---- C:\WINDOWS\pxisys.ini
2010-04-14 11:19:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 07:32:28 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 07:32:16 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 07:28:05 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 07:27:37 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 07:26:46 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-13 22:53:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-04-13 22:42:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-04-12 23:11:54 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-04-11 19:06:14 ----D---- C:\Program Files\CCleaner
2010-04-11 16:22:40 ----HD---- C:\Program Files\InstallJammer Registry
2010-04-11 16:22:28 ----D---- C:\Program Files\Esmska
2010-04-11 11:28:47 ----A---- C:\WINDOWS\WININIT.INI
2010-04-11 08:29:35 ----A---- C:\WINDOWS\system32\AxEImage.dll
2010-04-11 08:29:34 ----D---- C:\Program Files\AutoDWG
2010-04-11 08:29:34 ----A---- C:\WINDOWS\system32\PDF2DWG.dll
2010-04-11 08:29:34 ----A---- C:\WINDOWS\system32\FreeImage.dll
2010-04-11 08:12:57 ----A---- C:\WINDOWS\system32\gdiplus.dll
2010-04-11 08:12:53 ----D---- C:\WINDOWS\system32\PS
2010-04-10 12:46:50 ----D---- C:\Program Files\PSpad
2010-04-05 13:15:04 ----A---- C:\WINDOWS\BDTSupport.dll
2010-04-05 13:15:03 ----A---- C:\WINDOWS\SGDetectionTool.dll
2010-04-05 13:15:03 ----A---- C:\WINDOWS\PCTBDRes.dll
2010-04-05 13:15:03 ----A---- C:\WINDOWS\PCTBDCore.dll
2010-04-05 13:11:30 ----D---- C:\Program Files\Spyware Doctor
2010-04-05 13:11:30 ----D---- C:\Program Files\Common Files\PC Tools
2010-04-05 13:11:30 ----D---- C:\Documents and Settings\Ondra\Data aplikací\PC Tools
2010-04-05 13:11:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2010-04-05 13:09:38 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-03-31 20:13:52 ----D---- C:\Program Files\QuickTime
2010-03-31 20:13:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-03-30 18:32:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-03-30 18:32:48 ----D---- C:\Program Files\Common Files\Java
2010-03-30 18:32:17 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-30 18:32:17 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-30 18:32:17 ----A---- C:\WINDOWS\system32\java.exe
2010-03-27 19:15:11 ----D---- C:\Program Files\Guitar Pro 5
2010-03-27 12:26:29 ----D---- C:\Documents and Settings\Ondra\Data aplikací\Media Player Classic
2010-03-27 12:24:52 ----A---- C:\WINDOWS\system32\unrar.dll
2010-03-27 12:24:49 ----D---- C:\Program Files\K-Lite Codec Pack
2010-03-24 16:05:29 ----D---- C:\Lyrics
2010-03-24 16:05:14 ----D---- C:\Program Files\Minilyrics
2010-03-24 01:32:59 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-21 14:17:12 ----D---- C:\Program Files\PCTV Systems
2010-03-21 14:17:12 ----D---- C:\Program Files\Common Files\PCTV Systems
2010-03-20 00:09:32 ----RA---- C:\WINDOWS\system32\GEARAspi.dll
2010-03-20 00:09:16 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2010-03-20 00:09:15 ----D---- C:\Program Files\Symantec
2010-03-20 00:09:15 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-03-20 00:08:05 ----D---- C:\Program Files\Norton 360
2010-03-20 00:08:04 ----D---- C:\Program Files\Windows Sidebar
2010-03-20 00:06:31 ----D---- C:\Program Files\NortonInstaller

======List of files/folders modified in the last 1 months======

2010-04-15 21:35:27 ----RD---- C:\Program Files
2010-04-15 21:35:13 ----D---- C:\WINDOWS\Prefetch
2010-04-15 21:35:02 ----D---- C:\WINDOWS\Temp
2010-04-15 21:34:54 ----D---- C:\Downloads
2010-04-15 21:19:01 ----SD---- C:\WINDOWS\Tasks
2010-04-15 21:04:37 ----D---- C:\WINDOWS\Debug
2010-04-15 21:04:36 ----D---- C:\WINDOWS
2010-04-15 20:39:54 ----D---- C:\Documents and Settings\Ondra\Data aplikací\Opera
2010-04-15 19:31:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-15 19:30:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-15 18:27:57 ----D---- C:\WINDOWS\system32\drivers
2010-04-15 18:01:25 ----D---- C:\WINDOWS\system32
2010-04-15 18:01:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-15 17:57:42 ----A---- C:\WINDOWS\pxiesys.ini
2010-04-15 17:55:23 ----SHD---- C:\System Volume Information
2010-04-14 23:32:11 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-04-14 20:43:41 ----D---- C:\Documents and Settings\Ondra\Data aplikací\uTorrent
2010-04-14 15:49:26 ----SHD---- C:\WINDOWS\Installer
2010-04-14 15:49:08 ----D---- C:\Program Files\Opera
2010-04-14 11:19:17 ----HD---- C:\WINDOWS\inf
2010-04-14 07:33:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-04-14 07:32:23 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 07:27:27 ----D---- C:\WINDOWS\ie8updates
2010-04-11 19:07:15 ----D---- C:\WINDOWS\Minidump
2010-04-11 18:32:22 ----D---- C:\Documents and Settings\Ondra\Data aplikací\esmska
2010-04-11 11:27:30 ----D---- C:\Program Files\ATI Technologies
2010-04-11 11:26:55 ----RSD---- C:\WINDOWS\assembly
2010-04-11 11:26:50 ----D---- C:\WINDOWS\WinSxS
2010-04-11 10:30:12 ----D---- C:\Documents and Settings\Ondra\Data aplikací\DMCache
2010-04-11 09:36:37 ----D---- C:\Documents and Settings\Ondra\Data aplikací\Winamp
2010-04-11 08:29:34 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-07 22:48:01 ----D---- C:\WINDOWS\system32\config
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-05 22:16:41 ----D---- C:\Program Files\HP
2010-04-05 13:11:30 ----D---- C:\Program Files\Common Files
2010-04-05 11:01:31 ----D---- C:\Program Files\Ask.com
2010-04-05 10:07:08 ----D---- C:\Program Files\Mozilla Firefox
2010-03-31 14:40:45 ----D---- C:\Program Files\Internet Explorer
2010-03-30 18:31:50 ----D---- C:\Program Files\Java
2010-03-27 19:15:12 ----RSD---- C:\WINDOWS\Fonts
2010-03-24 16:03:20 ----D---- C:\Program Files\Winamp
2010-03-22 22:07:56 ----D---- C:\Documents and Settings\Ondra\Data aplikací\Skype
2010-03-22 22:04:33 ----D---- C:\Documents and Settings\Ondra\Data aplikací\skypePM
2010-03-21 15:20:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\PCTV Systems
2010-03-21 14:25:14 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-21 14:20:09 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-21 14:19:13 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-21 11:49:10 ----SD---- C:\Documents and Settings\Ondra\Data aplikací\Microsoft
2010-03-20 00:08:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-03-20 00:01:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-05-20 82380]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\system32\drivers\N360\0401000.020\ccHPx86.sys [2010-02-26 501888]
R1 cdrblock;cdrblock; C:\WINDOWS\system32\DRIVERS\cdrblock.sys [2008-05-30 27704]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\N360\0401000.020\SRTSP.SYS [2010-02-27 325680]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\N360\0401000.020\SRTSPX.SYS [2010-02-27 43696]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\N360\0401000.020\Ironx86.SYS [2010-02-27 116784]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\N360\0401000.020\SYMTDI.SYS [2009-11-22 362032]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2007-11-06 131672]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2007-11-06 32080]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aksfridge;aksfridge; \??\C:\WINDOWS\system32\drivers\aksfridge.sys []
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2007-07-24 4096]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 nipxirmk;nipxirmk; \??\C:\WINDOWS\system32\drivers\nipxirmkl.sys []
R2 NiViPxiK;NI-VISA PXI Driver; C:\WINDOWS\System32\drivers\NiViPxiKl.sys [2007-07-19 11360]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-11-22 1121536]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-26 3565568]
R3 azvusb;Virtual USB Hub; C:\WINDOWS\system32\DRIVERS\azvusb.sys [2009-08-24 44544]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-01 176640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-19 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100409.001\IDSxpx86.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100415.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100415.003\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nidimk;nidimk; \??\C:\WINDOWS\system32\drivers\nidimkl.sys []
R3 nimdbgk;nimdbgk; \??\C:\WINDOWS\system32\drivers\nimdbgkl.sys []
R3 nimru2k;nimru2k; \??\C:\WINDOWS\system32\drivers\nimru2kl.sys []
R3 nimstsk;nimstsk; \??\C:\WINDOWS\system32\drivers\nimstskl.sys []
R3 nimxdfk;nimxdfk; \??\C:\WINDOWS\system32\drivers\nimxdfkl.sys []
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 anensi64;anensi64; C:\WINDOWS\system32\drivers\anensi64.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 lvalarmk;lvalarmk; \??\C:\WINDOWS\system32\drivers\lvalarmk.sys []
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 ni1006k;NI PXI-1006 Chassis Pilot; \??\C:\WINDOWS\system32\drivers\ni1006k.sys []
S3 ni1045k;NI PXI-1045 Chassis Pilot; \??\C:\WINDOWS\system32\drivers\ni1045kl.sys []
S3 ni1065k;NI PXIe-1065 Chassis Pilot; \??\C:\WINDOWS\system32\drivers\ni1065k.sys []
S3 ni488lock;NI-488.2 Locking Service; \??\C:\WINDOWS\system32\drivers\ni488lock.sys []
S3 nicdrk;nicdrk; \??\C:\WINDOWS\system32\drivers\nicdrkl.sys []
S3 nidmxfk;nidmxfk; \??\C:\WINDOWS\system32\drivers\nidmxfkl.sys []
S3 nidsark;nidsark; \??\C:\WINDOWS\system32\drivers\nidsarkl.sys []
S3 niemrk;niemrk; \??\C:\WINDOWS\system32\drivers\niemrkl.sys []
S3 niesrk;niesrk; \??\C:\WINDOWS\system32\drivers\niesrkl.sys []
S3 nifslk;nifslk; \??\C:\WINDOWS\system32\drivers\nifslkl.sys []
S3 nimsdrk;nimsdrk; \??\C:\WINDOWS\system32\drivers\nimsdrkl.sys []
S3 nimslk;nimslk; \??\C:\WINDOWS\system32\drivers\nimslk.dll []
S3 nimsrlk;nimsrlk; \??\C:\WINDOWS\system32\drivers\nimsrlk.dll []
S3 nimxpk;nimxpk; \??\C:\WINDOWS\system32\drivers\nimxpkl.sys []
S3 ninshsdk;ninshsdk; \??\C:\WINDOWS\system32\drivers\ninshsdkl.sys []
S3 niorbk;niorbk; \??\C:\WINDOWS\system32\drivers\niorbkl.sys []
S3 nipalfwedl;nipalfwedl; C:\WINDOWS\System32\drivers\nipalfwedl.sys [2007-07-18 11904]
S3 nipalusbedl;nipalusbedl; C:\WINDOWS\System32\drivers\nipalusbedl.sys [2007-07-18 11896]
S3 nipxigpk;NI PXI Generic Chassis Pilot; \??\C:\WINDOWS\system32\drivers\nipxigpk.sys []
S3 niscdk;niscdk; \??\C:\WINDOWS\system32\drivers\niscdkl.sys []
S3 nisdigk;nisdigk; \??\C:\WINDOWS\system32\drivers\nisdigkl.sys []
S3 nisftk;nisftk; \??\C:\WINDOWS\system32\drivers\nisftkl.sys []
S3 nispdk;nispdk; \??\C:\WINDOWS\system32\drivers\nispdkl.sys []
S3 nissrk;nissrk; \??\C:\WINDOWS\system32\drivers\nissrkl.sys []
S3 nistc2k;nistc2k; \??\C:\WINDOWS\system32\drivers\nistc2kl.sys []
S3 nistcrk;nistcrk; \??\C:\WINDOWS\system32\drivers\nistcrkl.sys []
S3 niswdk;niswdk; \??\C:\WINDOWS\system32\drivers\niswdkl.sys []
S3 nitiork;nitiork; \??\C:\WINDOWS\system32\drivers\nitiorkl.sys []
S3 NiViFWK;NI-VISA FireWire Driver; C:\WINDOWS\System32\drivers\NiViFWKl.sys [2007-07-19 11384]
S3 NiViPciK;NI-VISA PCI Driver; C:\WINDOWS\System32\drivers\NiViPciKl.sys [2007-07-19 11360]
S3 niwfrk;niwfrk; \??\C:\WINDOWS\system32\drivers\niwfrkl.sys []
S3 nixsrk;nixsrk; \??\C:\WINDOWS\system32\drivers\nixsrkl.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 pctplsg;pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usb6xxxk;usb6xxxk; \??\C:\WINDOWS\system32\drivers\usb6xxxkl.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-25 602112]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2007-06-14 145504]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2008-04-24 2562048]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 LkCitadelServer;Lookout Citadel Server; C:\WINDOWS\system32\lkcitdl.exe [2007-03-21 695136]
R2 lkClassAds;National Instruments PSP Server Locator; C:\WINDOWS\system32\lkads.exe [2007-07-16 40488]
R2 lkTimeSync;National Instruments Time Synchronization; C:\WINDOWS\system32\lktsrv.exe [2007-07-16 50736]
R2 mxssvr;NI Configuration Manager; C:\Program Files\National Instruments\MAX\nimxs.exe [2007-03-08 12696]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [2010-02-26 126392]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 ni488enumsvc;NI-488.2 Enumeration Service; C:\WINDOWS\system32\nipalsm.exe [2007-02-16 12696]
R2 nipxirmu;NI PXI Resource Manager; C:\WINDOWS\system32\nipalsm.exe [2007-02-16 12696]
R2 niSvcLoc;NI Service Locator; C:\WINDOWS\system32\nisvcloc.exe [2007-07-19 48704]
R2 NITaggerService;National Instruments Variable Engine; C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2007-07-23 609384]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-04-15 488960]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920]
S2 nidevldu;NI Device Loader; C:\WINDOWS\system32\nipalsm.exe [2007-02-16 12696]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-07 867080]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-11 1265264]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NILM License Manager;NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2007-01-29 1007616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 OpcEnum;OpcEnum; C:\WINDOWS\system32\OpcEnum.exe [2007-05-09 98304]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-03-15 1142224]
S3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2010-02-02 70928]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe [2009-03-16 6562432]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 .1242767254;1242767254; C:\Program Files\1242767254\Ondra1242767254L.exe []
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[andres]

ComboFix 10-04-14.04 - Ondra 16.04.2010 1:45.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.436 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ondra\Plocha\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2319122013-2655523666-2769771994-1001
c:\$recycle.bin\S-1-5-21-2373945187-1184808608-836260548-1001
c:\windows\Downloaded Program Files\IDropPTB.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-15 do 2010-04-15 )))))))))))))))))))))))))))))))
.

2010-04-15 19:35 . 2010-04-15 19:35 -------- d-----w- c:\program files\trend micro
2010-04-15 19:35 . 2010-04-15 19:35 -------- d-----w- C:\rsit
2010-04-15 16:27 . 2010-04-15 16:27 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-04-15 16:27 . 2010-04-15 18:02 -------- d-----w- c:\program files\Spyware Terminator
2010-04-14 05:25 . 2010-04-14 05:25 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-04-13 21:37 . 2010-04-13 21:37 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-13 20:53 . 2010-04-13 20:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-12 21:11 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-11 17:06 . 2010-04-11 17:06 -------- d-----w- c:\program files\CCleaner
2010-04-11 14:22 . 2010-04-11 14:22 -------- d--h--w- c:\program files\InstallJammer Registry
2010-04-11 14:22 . 2010-04-11 14:22 -------- d-----w- c:\program files\Esmska
2010-04-11 14:22 . 2010-04-11 14:22 -------- d-----w- c:\documents and settings\Ondra\WINDOWS
2010-04-11 06:29 . 2009-02-06 12:39 839680 ----a-w- c:\windows\system32\AxEImage.dll
2010-04-11 06:29 . 2010-04-11 06:29 -------- d-----w- c:\program files\AutoDWG
2010-04-11 06:29 . 2009-06-23 12:17 9560064 ----a-w- c:\windows\system32\PDF2DWG.dll
2010-04-11 06:29 . 2002-04-22 06:45 663552 ----a-w- c:\windows\system32\FreeImage.dll
2010-04-11 06:12 . 2001-08-22 10:25 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2010-04-11 06:12 . 2010-04-11 06:12 -------- d-----w- c:\windows\system32\PS
2010-04-10 10:46 . 2010-04-10 10:46 -------- d-----w- c:\program files\PSpad
2010-04-05 11:29 . 2010-02-02 08:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-04-05 11:29 . 2010-02-02 08:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-04-05 11:29 . 2010-02-02 08:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-04-05 11:15 . 2010-01-22 07:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-05 11:15 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-05 11:15 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-05 11:15 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-05 11:15 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-05 11:15 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-04-05 11:12 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-05 11:12 . 2010-03-10 09:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-05 11:12 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-05 11:11 . 2010-02-05 07:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-05 11:11 . 2010-04-15 23:30 -------- d-----w- c:\program files\Spyware Doctor
2010-04-05 11:11 . 2010-04-05 11:15 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-31 18:13 . 2010-03-31 18:14 -------- d-----w- c:\program files\QuickTime
2010-03-30 16:32 . 2010-03-30 16:32 -------- d-----w- c:\program files\Common Files\Java
2010-03-27 17:15 . 2010-03-27 17:15 -------- d-----w- c:\program files\Guitar Pro 5
2010-03-27 10:24 . 2010-02-10 17:13 165376 ----a-w- c:\windows\system32\unrar.dll
2010-03-27 10:24 . 2010-03-27 10:25 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-24 14:05 . 2010-03-29 19:09 -------- d-----w- C:\Lyrics
2010-03-24 14:05 . 2010-04-11 07:57 -------- d-----w- c:\program files\Minilyrics
2010-03-21 12:17 . 2010-03-21 12:18 -------- d-----w- c:\program files\Common Files\PCTV Systems
2010-03-21 12:17 . 2010-03-21 12:17 -------- d-----w- c:\program files\PCTV Systems
2010-03-19 22:09 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-19 22:09 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-03-19 22:09 . 2010-03-19 22:09 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-19 22:09 . 2010-03-19 22:09 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-19 22:09 . 2010-03-19 22:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-19 22:09 . 2010-03-19 22:09 -------- d-----w- c:\program files\Symantec
2010-03-19 22:08 . 2010-04-07 13:56 -------- d-----w- c:\windows\system32\drivers\N360
2010-03-19 22:08 . 2010-03-19 22:08 -------- d-----w- c:\program files\Norton 360
2010-03-19 22:08 . 2010-03-19 22:08 -------- d-----w- c:\program files\Windows Sidebar
2010-03-19 22:06 . 2010-03-19 22:06 -------- d-----w- c:\program files\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 23:40 . 2001-10-25 12:00 82440 ----a-w- c:\windows\system32\perfc005.dat
2010-04-15 23:40 . 2001-10-25 12:00 437056 ----a-w- c:\windows\system32\perfh005.dat
2010-04-15 17:30 . 2001-10-24 11:54 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-04-14 13:49 . 2009-05-19 23:59 -------- d-----w- c:\program files\Opera
2010-04-11 09:27 . 2009-05-19 23:28 -------- d-----w- c:\program files\ATI Technologies
2010-04-11 06:29 . 2009-05-19 22:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 20:16 . 2009-05-22 06:51 -------- d-----w- c:\program files\HP
2010-04-05 09:01 . 2010-03-07 18:56 -------- d-----w- c:\program files\Ask.com
2010-03-30 16:31 . 2009-05-20 19:32 -------- d-----w- c:\program files\Java
2010-03-24 14:03 . 2009-05-21 10:20 -------- d-----w- c:\program files\Winamp
2010-03-19 22:09 . 2010-03-19 22:09 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-19 22:09 . 2010-03-19 22:09 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-14 13:43 . 2010-03-14 13:34 -------- d-----w- c:\program files\MissKlient
2010-03-14 13:36 . 2010-03-14 13:36 -------- d-----w- c:\program files\BDE5Setup
2010-03-14 13:36 . 2010-03-14 13:36 -------- d-----w- c:\program files\Borland
2010-03-11 21:43 . 2010-03-11 21:43 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-11 21:43 . 2010-03-11 23:00 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-11 20:24 . 2010-03-11 20:24 -------- d-----w- c:\program files\Lavasoft
2010-03-10 18:37 . 2009-05-20 11:24 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-10 06:17 . 2001-10-25 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2009-05-20 19:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-07 09:14 . 2009-05-20 09:44 -------- d-----w- c:\program files\uTorrent
2010-03-07 09:10 . 2009-05-20 11:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-06 14:55 . 2010-03-06 14:55 -------- d-----w- c:\program files\Panasonic
2010-03-03 11:16 . 2009-08-25 21:39 -------- d-----w- c:\program files\Seznam.cz
2010-02-25 06:18 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2001-10-25 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2001-10-25 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2001-10-24 11:46 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 18:59 . 2010-02-16 18:59 -------- d-----w- c:\program files\FileZilla FTP Client
2010-02-15 19:12 . 2010-02-08 18:17 -------- d-----w- c:\program files\SeaMonkey
2010-02-12 04:35 . 2001-10-25 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2001-10-25 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-08 18:09 . 2010-02-08 18:09 31232 ----a-w- c:\windows\system32\maplec.dll
2010-02-08 18:09 . 2010-02-08 18:09 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2010-02-08 18:09 . 2010-02-08 18:09 20480 ----a-w- c:\windows\system32\maplecompat.dll
2010-02-04 15:53 . 2010-03-11 21:43 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-04 09:01 . 2010-02-10 21:52 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 09:01 . 2010-02-10 21:52 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 09:01 . 2010-02-10 21:52 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 09:01 . 2010-02-10 21:52 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2004-03-15 16:51 . 2004-03-15 16:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2006-01-23 09:32 . 2006-01-23 09:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 09:48 . 2007-02-08 09:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 18:03 . 2007-07-24 18:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2009-05-29 17:03 . 2009-05-20 11:00 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-03-01 451224]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-04-15 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-10 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-21 39424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"niDevMon"="c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2007-07-14 106064]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-15 2176512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Czech\\setup.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Sun\\SDK\\jdk\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_13\\bin\\java.exe"=
"c:\\Documents and Settings\\Ondra\\QIP\\qip.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\PCTV Systems\\TVCenter\\TVCenter.exe"=
"c:\\Program Files\\Common Files\\PCTV Systems\\PVR\\VideoControl.exe"=
"c:\\Program Files\\Common Files\\PCTV Systems\\StreamingServer\\StrmServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [29.5.2009 19:42 40560]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11.3.2010 23:43 64288]
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [10.7.2007 21:08 15448]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5.4.2010 13:12 217032]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\symds.sys [6.4.2010 23:22 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\symefa.sys [6.4.2010 23:22 172592]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [5.4.2010 13:29 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [5.4.2010 13:29 59664]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [24.3.2010 22:38 536112]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [20.5.2009 23:30 27704]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [5.4.2010 13:12 233136]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [15.4.2010 18:27 142592]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\ironx86.sys [6.4.2010 23:22 116784]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [5.4.2010 13:15 112592]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.1.0.32\ccsvchst.exe [6.4.2010 23:21 126392]
R2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe [16.2.2007 12:21 12696]
R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [16.2.2007 12:21 12696]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [22.2.2007 13:18 11552]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [19.7.2007 12:56 11360]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 13:31 92008]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [20.5.2009 15:15 1121536]
R3 azvusb;Virtual USB Hub;c:\windows\system32\drivers\azvusb.sys [24.8.2009 10:14 44544]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [20.3.2010 0:17 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100409.001\IDSXpx86.sys [12.4.2010 23:21 329592]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [12.7.2007 19:18 11360]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [24.7.2007 13:19 11360]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [13.7.2007 21:00 11360]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.5.2009 10:49 691696]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1265264]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [11.1.2007 11:18 20256]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [22.2.2007 13:40 25888]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [22.2.2007 13:43 11552]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [25.5.2007 14:26 22360]
S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [26.2.2007 13:40 16672]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [15.7.2007 18:44 11352]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [13.7.2007 23:38 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [19.7.2007 4:06 11344]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [24.7.2007 20:37 11336]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [24.7.2007 20:37 11336]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [15.7.2007 19:31 11352]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [18.7.2007 11:47 11392]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [21.6.2007 1:19 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [21.6.2007 1:19 151683]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [13.7.2007 21:01 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [19.7.2007 14:49 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [18.7.2007 22:11 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [18.7.2007 22:12 11896]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [22.2.2007 13:45 20768]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [19.7.2007 3:32 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [17.7.2007 1:27 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [16.7.2007 13:52 11344]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [19.7.2007 3:32 11376]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [24.7.2007 20:37 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [15.7.2007 17:48 11312]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [15.7.2007 18:50 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [17.7.2007 5:18 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [18.7.2007 23:15 11360]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [19.7.2007 12:48 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [19.7.2007 12:56 11360]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [24.7.2007 20:37 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [24.7.2007 20:38 11336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [29.6.2009 20:08 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [29.6.2009 20:08 8320]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [5.4.2010 13:11 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5.4.2010 13:11 366840]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [5.4.2010 13:29 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\usb6xxxkl.sys --> c:\windows\system32\drivers\usb6xxxkl.sys [?]
S4 .1242767254;1242767254;c:\program files\1242767254\Ondra1242767254L.exe --> c:\program files\1242767254\Ondra1242767254L.exe [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 20:43]

2010-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-15 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 14:50]

2010-04-15 c:\windows\Tasks\User_Feed_Synchronization-{0119A157-9792-4445-B4B6-DEA2DEEA0584}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ask.com?o=15187&l=dis
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\10ddi11t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\10ddi11t.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv85win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-16 02:03
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7845f038-1192-4a94-ab24-2adfe40715f8}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ed
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):24,13,d7,94,01,e4,92,d9,4c,85,72,c9,2f,d9,30,a6,36,58,75,a2,89,
b4,0b,d4,2a,c3,d3,2b,49,74,d9,b5,db,5d,b3,f4,af,71,c8,0a,00,00,00,00,00,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(984)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Celkový čas: 2010-04-16 02:05:08
ComboFix-quarantined-files.txt 2010-04-16 00:05

Před spuštěním: 892 702 720
Po spuštění: 886 865 920

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /FASTDETECT /NOEXECUTE=OPTIN

- - End Of File - - A2838004217628E1EEBC1AB8AE487E08

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\Ask.com

Collect::
c:\program files\1242767254\Ondra1242767254L.exe

Driver::
.1242767254

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Uložte nas plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. Cf se spustí a vykoná příkazy ze skriptu.

[andres]

udelal jsem vse, jak jste rekl, ale problemy porad pretrvavaji.

chrome porad nenacita stranky. zajimave je, ze nenacte ani svoji historii a rozsireni (extensions). vubec nic nedela. rikal jsem si, ze by mohl byt problem ve flashi nebo jave. ale i kdyz jsem je preinstaloval na nejnovejsi verzi, tak chrome porad nejede. pritom je uplne cistej, preinstalovanej.

opera obcas nechce stahnout soubor (napriklad javu z java.com), takze musim stahovat pres firefox.

porad se objevuji utoky, ktere firewall nortona zachyti. v priloze prikladam, co to pise.

tady je log z combofixu (udelal jsem to jak jste mi rekl)

ComboFix 10-04-14.04 - Ondra 17.04.2010 11:37:38.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.492 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ondra\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ondra\Plocha\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_.1242767254


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-17 do 2010-04-17 )))))))))))))))))))))))))))))))
.

2010-04-16 11:36 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-16 11:34 . 2010-04-16 11:34 -------- d-----w- c:\program files\Windows Defender
2010-04-15 19:35 . 2010-04-15 19:35 -------- d-----w- c:\program files\trend micro
2010-04-15 19:35 . 2010-04-15 19:35 -------- d-----w- C:\rsit
2010-04-15 16:27 . 2010-04-15 16:27 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-04-15 16:27 . 2010-04-15 18:02 -------- d-----w- c:\program files\Spyware Terminator
2010-04-14 05:25 . 2010-04-14 05:25 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-04-13 21:37 . 2010-04-13 21:37 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-13 20:53 . 2010-04-13 20:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-12 21:11 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-11 17:06 . 2010-04-11 17:06 -------- d-----w- c:\program files\CCleaner
2010-04-11 14:22 . 2010-04-11 14:22 -------- d--h--w- c:\program files\InstallJammer Registry
2010-04-11 14:22 . 2010-04-11 14:22 -------- d-----w- c:\program files\Esmska
2010-04-11 14:22 . 2010-04-11 14:22 -------- d-----w- c:\documents and settings\Ondra\WINDOWS
2010-04-11 06:29 . 2009-02-06 12:39 839680 ----a-w- c:\windows\system32\AxEImage.dll
2010-04-11 06:29 . 2010-04-11 06:29 -------- d-----w- c:\program files\AutoDWG
2010-04-11 06:29 . 2009-06-23 12:17 9560064 ----a-w- c:\windows\system32\PDF2DWG.dll
2010-04-11 06:29 . 2002-04-22 06:45 663552 ----a-w- c:\windows\system32\FreeImage.dll
2010-04-11 06:12 . 2001-08-22 10:25 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2010-04-11 06:12 . 2010-04-11 06:12 -------- d-----w- c:\windows\system32\PS
2010-04-10 10:46 . 2010-04-10 10:46 -------- d-----w- c:\program files\PSpad
2010-03-31 18:13 . 2010-03-31 18:14 -------- d-----w- c:\program files\QuickTime
2010-03-30 16:32 . 2010-03-30 16:32 -------- d-----w- c:\program files\Common Files\Java
2010-03-27 17:15 . 2010-03-27 17:15 -------- d-----w- c:\program files\Guitar Pro 5
2010-03-27 10:24 . 2010-02-10 17:13 165376 ----a-w- c:\windows\system32\unrar.dll
2010-03-27 10:24 . 2010-03-27 10:25 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-24 14:05 . 2010-03-29 19:09 -------- d-----w- C:\Lyrics
2010-03-24 14:05 . 2010-04-11 07:57 -------- d-----w- c:\program files\Minilyrics
2010-03-21 12:17 . 2010-03-21 12:18 -------- d-----w- c:\program files\Common Files\PCTV Systems
2010-03-21 12:17 . 2010-03-21 12:17 -------- d-----w- c:\program files\PCTV Systems
2010-03-19 22:09 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-19 22:09 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-03-19 22:09 . 2010-03-19 22:09 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-19 22:09 . 2010-03-19 22:09 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-19 22:09 . 2010-03-19 22:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-19 22:09 . 2010-03-19 22:09 -------- d-----w- c:\program files\Symantec
2010-03-19 22:08 . 2010-04-07 13:56 -------- d-----w- c:\windows\system32\drivers\N360
2010-03-19 22:08 . 2010-03-19 22:08 -------- d-----w- c:\program files\Norton 360
2010-03-19 22:08 . 2010-03-19 22:08 -------- d-----w- c:\program files\Windows Sidebar
2010-03-19 22:06 . 2010-03-19 22:06 -------- d-----w- c:\program files\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 10:08 . 2001-10-25 12:00 82440 ----a-w- c:\windows\system32\perfc005.dat
2010-04-17 10:08 . 2001-10-25 12:00 437056 ----a-w- c:\windows\system32\perfh005.dat
2010-04-15 17:30 . 2001-10-24 11:54 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-04-14 13:49 . 2009-05-19 23:59 -------- d-----w- c:\program files\Opera
2010-04-11 09:27 . 2009-05-19 23:28 -------- d-----w- c:\program files\ATI Technologies
2010-04-11 06:29 . 2009-05-19 22:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 20:16 . 2009-05-22 06:51 -------- d-----w- c:\program files\HP
2010-03-30 16:31 . 2009-05-20 19:32 -------- d-----w- c:\program files\Java
2010-03-24 14:03 . 2009-05-21 10:20 -------- d-----w- c:\program files\Winamp
2010-03-19 22:09 . 2010-03-19 22:09 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-19 22:09 . 2010-03-19 22:09 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-14 13:43 . 2010-03-14 13:34 -------- d-----w- c:\program files\MissKlient
2010-03-14 13:36 . 2010-03-14 13:36 -------- d-----w- c:\program files\BDE5Setup
2010-03-14 13:36 . 2010-03-14 13:36 -------- d-----w- c:\program files\Borland
2010-03-11 21:43 . 2010-03-11 21:43 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-11 21:43 . 2010-03-11 23:00 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-11 20:24 . 2010-03-11 20:24 -------- d-----w- c:\program files\Lavasoft
2010-03-10 18:37 . 2009-05-20 11:24 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-10 06:17 . 2001-10-25 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2009-05-20 19:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-07 09:14 . 2009-05-20 09:44 -------- d-----w- c:\program files\uTorrent
2010-03-07 09:10 . 2009-05-20 11:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-06 14:55 . 2010-03-06 14:55 -------- d-----w- c:\program files\Panasonic
2010-03-03 11:16 . 2009-08-25 21:39 -------- d-----w- c:\program files\Seznam.cz
2010-02-25 06:18 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2001-10-25 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2001-10-25 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2001-10-24 11:46 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 18:59 . 2010-02-16 18:59 -------- d-----w- c:\program files\FileZilla FTP Client
2010-02-12 04:35 . 2001-10-25 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2001-10-25 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-08 18:09 . 2010-02-08 18:09 31232 ----a-w- c:\windows\system32\maplec.dll
2010-02-08 18:09 . 2010-02-08 18:09 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2010-02-08 18:09 . 2010-02-08 18:09 20480 ----a-w- c:\windows\system32\maplecompat.dll
2010-02-04 15:53 . 2010-03-11 21:43 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-04 09:01 . 2010-02-10 21:52 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 09:01 . 2010-02-10 21:52 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 09:01 . 2010-02-10 21:52 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 09:01 . 2010-02-10 21:52 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2004-03-15 16:51 . 2004-03-15 16:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2006-01-23 09:32 . 2006-01-23 09:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 09:48 . 2007-02-08 09:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 18:03 . 2007-07-24 18:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2009-05-29 17:03 . 2009-05-20 11:00 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-04-15_23.59.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-17 09:56 . 2010-04-17 09:56 16384 c:\windows\Temp\Perflib_Perfdata_7e0.dat
+ 2010-04-17 09:57 . 2010-04-17 09:57 16384 c:\windows\Temp\Perflib_Perfdata_1fc.dat
+ 2001-10-25 12:00 . 2010-04-17 10:08 71002 c:\windows\system32\perfc009.dat
- 2001-10-25 12:00 . 2010-04-15 23:40 71002 c:\windows\system32\perfc009.dat
+ 2005-09-22 21:48 . 2005-09-22 21:48 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-22 21:48 . 2005-09-22 21:48 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-22 21:48 . 2005-09-22 21:48 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2001-10-25 12:00 . 2010-04-17 10:08 440684 c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2010-04-15 23:40 440684 c:\windows\system32\perfh009.dat
+ 2010-04-16 11:34 . 2010-04-16 11:34 1123840 c:\windows\Installer\983095.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-03-01 451224]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-04-15 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-10 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-21 39424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"niDevMon"="c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2007-07-14 106064]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-15 2176512]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Czech\\setup.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Sun\\SDK\\jdk\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_13\\bin\\java.exe"=
"c:\\Documents and Settings\\Ondra\\QIP\\qip.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\PCTV Systems\\TVCenter\\TVCenter.exe"=
"c:\\Program Files\\Common Files\\PCTV Systems\\PVR\\VideoControl.exe"=
"c:\\Program Files\\Common Files\\PCTV Systems\\StreamingServer\\StrmServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [29.5.2009 19:42 40560]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11.3.2010 23:43 64288]
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [10.7.2007 21:08 15448]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.5.2009 10:49 691696]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\symds.sys [6.4.2010 23:22 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\symefa.sys [6.4.2010 23:22 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [24.3.2010 22:38 536112]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [20.5.2009 23:30 27704]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [15.4.2010 18:27 142592]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\ironx86.sys [6.4.2010 23:22 116784]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.1.0.32\ccsvchst.exe [6.4.2010 23:21 126392]
R2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe [16.2.2007 12:21 12696]
R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [16.2.2007 12:21 12696]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [22.2.2007 13:18 11552]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [19.7.2007 12:56 11360]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 13:31 92008]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [20.5.2009 15:15 1121536]
R3 azvusb;Virtual USB Hub;c:\windows\system32\drivers\azvusb.sys [24.8.2009 10:14 44544]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [20.3.2010 0:17 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100415.001\IDSXpx86.sys [17.4.2010 11:22 329592]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [12.7.2007 19:18 11360]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [24.7.2007 13:19 11360]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [13.7.2007 21:00 11360]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1265264]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [11.1.2007 11:18 20256]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [22.2.2007 13:40 25888]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [22.2.2007 13:43 11552]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [25.5.2007 14:26 22360]
S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [26.2.2007 13:40 16672]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [15.7.2007 18:44 11352]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [13.7.2007 23:38 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [19.7.2007 4:06 11344]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [24.7.2007 20:37 11336]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [24.7.2007 20:37 11336]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [15.7.2007 19:31 11352]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [18.7.2007 11:47 11392]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [21.6.2007 1:19 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [21.6.2007 1:19 151683]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [13.7.2007 21:01 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [19.7.2007 14:49 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [18.7.2007 22:11 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [18.7.2007 22:12 11896]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [22.2.2007 13:45 20768]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [19.7.2007 3:32 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [17.7.2007 1:27 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [16.7.2007 13:52 11344]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [19.7.2007 3:32 11376]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [24.7.2007 20:37 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [15.7.2007 17:48 11312]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [15.7.2007 18:50 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [17.7.2007 5:18 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [18.7.2007 23:15 11360]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [19.7.2007 12:48 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [19.7.2007 12:56 11360]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [24.7.2007 20:37 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [24.7.2007 20:38 11336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [29.6.2009 20:08 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [29.6.2009 20:08 8320]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\usb6xxxkl.sys --> c:\windows\system32\drivers\usb6xxxkl.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 20:43]

2010-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-04-17 c:\windows\Tasks\User_Feed_Synchronization-{0119A157-9792-4445-B4B6-DEA2DEEA0584}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ask.com?o=15187&l=dis
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\10ddi11t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\10ddi11t.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv85win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 12:07
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8639EAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7674f28
\Driver\ACPI -> ACPI.sys @ 0xf73dccb8
\Driver\atapi -> atapi.sys @ 0xf7371b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) PRO/1000 PL Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf71f7bb0
PacketIndicateHandler -> NDIS.sys @ 0xf71e6a0d
SendHandler -> NDIS.sys @ 0xf71fab40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7845f038-1192-4a94-ab24-2adfe40715f8}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ed
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):24,13,d7,94,01,e4,92,d9,4c,85,72,c9,2f,d9,30,a6,36,58,75,a2,89,
b4,0b,d4,2a,c3,d3,2b,49,74,d9,b5,db,5d,b3,f4,af,71,c8,0a,00,00,00,00,00,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(680)
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\bgsvcgen.exe
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\National Instruments\MAX\nimxs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nisvcloc.exe
c:\program files\National Instruments\Shared\Tagger\tagsrv.exe
c:\program files\Spyware Terminator\sp_rsser.exe
.
**************************************************************************
.
Celkový čas: 2010-04-17 12:18:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-17 10:18
ComboFix2.txt 2010-04-16 00:05

Před spuštěním: 686 678 016
Po spuštění: 561 917 952

- - End Of File - - D7E7FEB3BB28DE74D08E7323CF0BEA11

[Rudy]

Udělejte sken IceSword: http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 a dejte logy Process a KernelModule.

[andres]

Process:

System Idle Process
System
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\Norton 360\Engine\4.1.0.32\ccsvchst.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\csrss.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Ondra\QIP\qip.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Maple 13\bin.win\cwmaple.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton 360\Engine\4.1.0.32\ccsvchst.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\Maple 13\bin.win\mserver.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\IceSword122en\IceSword.exe
C:\Program Files\TC UP\TOTALCMD.EXE
C:\Program Files\Norton 360\Engine\4.1.0.32\mcui32.exe



Kernel Module:

\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
nipbcfk.sys
spgj.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SCSIPORT.SYS
ACPI.sys
pci.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
SYMDS.SYS
sr.sys
Lbd.sys
SYMEFA.SYS
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Combo-Fix.sys
nipalk.sys
\WINDOWS\System32\drivers\TDI.SYS
Mup.sys
hotcore3.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e5132.sys
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\3xHybrid.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\System32\DRIVERS\nic1394.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\cdrbsdrv.SYS
\SystemRoot\System32\Drivers\AFS2K.SYS
\SystemRoot\system32\DRIVERS\cdrblock.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\axqvc38c.SYS
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\MarvinBus.sys
\SystemRoot\system32\DRIVERS\azvusb.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\UimBus.sys
\SystemRoot\System32\Drivers\Uim_IM.sys
\SystemRoot\System32\Drivers\UimFIO.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\N360\0401000.020\SRTSP.SYS
\SystemRoot\system32\drivers\N360\0401000.020\Ironx86.SYS
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\N360\0401000.020\SRTSPX.SYS
\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\N360\0401000.020\SYMTDI.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\arp1394.sys
\??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100415.001\IDSxpx86.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ip6fw.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\system32\drivers\N360\0401000.020\ccHPx86.sys
\??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\cvintdrv.SYS
\SystemRoot\System32\Drivers\ParVdm.SYS
\??\C:\WINDOWS\system32\drivers\aksfridge.sys
\??\C:\WINDOWS\system32\drivers\hardlock.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\nipxirmkl.sys
\??\C:\WINDOWS\system32\drivers\nipxirmk.dll
\??\C:\WINDOWS\system32\drivers\niorbk.dll
\??\C:\WINDOWS\system32\drivers\nimdbgk.dll
\??\C:\WINDOWS\system32\drivers\nidimk.dll
\SystemRoot\System32\drivers\NiViPxiKl.sys
\SystemRoot\System32\drivers\NiViPxiK.sys
\??\C:\WINDOWS\system32\drivers\nimdbgkl.sys
\??\C:\WINDOWS\system32\drivers\nimxdfkl.sys
\??\C:\WINDOWS\system32\drivers\nimxdfk.dll
\??\C:\WINDOWS\system32\drivers\nimstskl.sys
\??\C:\WINDOWS\system32\drivers\nimstsk.dll
\??\C:\WINDOWS\system32\drivers\nidimkl.sys
\??\C:\WINDOWS\system32\drivers\nimru2kl.sys
\??\C:\WINDOWS\system32\drivers\nimru2k.dll
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\ComboFix\catchme.sys
\??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
\Program Files\DAEMON Tools Lite\Engine.dll
C:\WINDOWS\System32\Drivers\sptd.sys
C:\WINDOWS\system32\drivers\N360\0401000.020\SYMDS.SYS
C:\WINDOWS\system32\drivers\N360\0401000.020\SYMEFA.SYS

[Rudy]

Použijte znovu ComboFix s tímto skriptem:

Collect::
C:\windows\System32\Drivers\axqvc38c.SYS

Driver::
axqvc38c

[andres]

porad to stejne. hodne by mi pomohlo rozchodit chrome. jestli vite, tak prosim napiste.
posilam log z combofixu:

ComboFix 10-04-14.04 - Ondra 17.04.2010 22:19:13.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.505 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ondra\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ondra\Plocha\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-17 do 2010-04-17 )))))))))))))))))))))))))))))))
.

2010-04-17 12:11 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-16 11:36 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-16 11:34 . 2010-04-16 11:34 -------- d-----w- c:\program files\Windows Defender
2010-04-15 19:35 . 2010-04-15 19:35 -------- d-----w- c:\program files\trend micro
2010-04-15 19:35 . 2010-04-15 19:35 -------- d-----w- C:\rsit
2010-04-15 16:27 . 2010-04-15 16:27 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-04-15 16:27 . 2010-04-15 18:02 -------- d-----w- c:\program files\Spyware Terminator
2010-04-14 05:25 . 2010-04-14 05:25 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-04-13 21:37 . 2010-04-13 21:37 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-13 20:53 . 2010-04-13 20:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-12 21:11 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-11 17:06 . 2010-04-11 17:06 -------- d-----w- c:\program files\CCleaner
2010-04-11 14:22 . 2010-04-11 14:22 -------- d--h--w- c:\program files\InstallJammer Registry
2010-04-11 14:22 . 2010-04-11 14:22 -------- d-----w- c:\program files\Esmska
2010-04-11 14:22 . 2010-04-11 14:22 -------- d-----w- c:\documents and settings\Ondra\WINDOWS
2010-04-11 06:29 . 2009-02-06 12:39 839680 ----a-w- c:\windows\system32\AxEImage.dll
2010-04-11 06:29 . 2010-04-11 06:29 -------- d-----w- c:\program files\AutoDWG
2010-04-11 06:29 . 2009-06-23 12:17 9560064 ----a-w- c:\windows\system32\PDF2DWG.dll
2010-04-11 06:29 . 2002-04-22 06:45 663552 ----a-w- c:\windows\system32\FreeImage.dll
2010-04-11 06:12 . 2001-08-22 10:25 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2010-04-11 06:12 . 2010-04-11 06:12 -------- d-----w- c:\windows\system32\PS
2010-04-10 10:46 . 2010-04-10 10:46 -------- d-----w- c:\program files\PSpad
2010-03-31 18:13 . 2010-03-31 18:14 -------- d-----w- c:\program files\QuickTime
2010-03-30 16:32 . 2010-03-30 16:32 -------- d-----w- c:\program files\Common Files\Java
2010-03-27 17:15 . 2010-03-27 17:15 -------- d-----w- c:\program files\Guitar Pro 5
2010-03-27 10:24 . 2010-02-10 17:13 165376 ----a-w- c:\windows\system32\unrar.dll
2010-03-27 10:24 . 2010-03-27 10:25 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-24 14:05 . 2010-03-29 19:09 -------- d-----w- C:\Lyrics
2010-03-24 14:05 . 2010-04-11 07:57 -------- d-----w- c:\program files\Minilyrics
2010-03-21 12:17 . 2010-03-21 12:18 -------- d-----w- c:\program files\Common Files\PCTV Systems
2010-03-21 12:17 . 2010-03-21 12:17 -------- d-----w- c:\program files\PCTV Systems
2010-03-19 22:09 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-19 22:09 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-03-19 22:09 . 2010-03-19 22:09 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-19 22:09 . 2010-03-19 22:09 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-19 22:09 . 2010-03-19 22:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-19 22:09 . 2010-03-19 22:09 -------- d-----w- c:\program files\Symantec
2010-03-19 22:08 . 2010-04-07 13:56 -------- d-----w- c:\windows\system32\drivers\N360
2010-03-19 22:08 . 2010-03-19 22:08 -------- d-----w- c:\program files\Norton 360
2010-03-19 22:08 . 2010-03-19 22:08 -------- d-----w- c:\program files\Windows Sidebar
2010-03-19 22:06 . 2010-03-19 22:06 -------- d-----w- c:\program files\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 20:17 . 2001-10-25 12:00 82440 ----a-w- c:\windows\system32\perfc005.dat
2010-04-17 20:17 . 2001-10-25 12:00 437056 ----a-w- c:\windows\system32\perfh005.dat
2010-04-17 16:22 . 2001-10-24 11:54 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-04-17 12:11 . 2009-05-20 19:32 -------- d-----w- c:\program files\Java
2010-04-14 13:49 . 2009-05-19 23:59 -------- d-----w- c:\program files\Opera
2010-04-11 09:27 . 2009-05-19 23:28 -------- d-----w- c:\program files\ATI Technologies
2010-04-11 06:29 . 2009-05-19 22:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 20:16 . 2009-05-22 06:51 -------- d-----w- c:\program files\HP
2010-03-24 14:03 . 2009-05-21 10:20 -------- d-----w- c:\program files\Winamp
2010-03-19 22:09 . 2010-03-19 22:09 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-19 22:09 . 2010-03-19 22:09 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-14 13:43 . 2010-03-14 13:34 -------- d-----w- c:\program files\MissKlient
2010-03-14 13:36 . 2010-03-14 13:36 -------- d-----w- c:\program files\BDE5Setup
2010-03-14 13:36 . 2010-03-14 13:36 -------- d-----w- c:\program files\Borland
2010-03-11 21:43 . 2010-03-11 21:43 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-11 21:43 . 2010-03-11 23:00 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-11 20:24 . 2010-03-11 20:24 -------- d-----w- c:\program files\Lavasoft
2010-03-10 18:37 . 2009-05-20 11:24 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-10 06:17 . 2001-10-25 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 09:14 . 2009-05-20 09:44 -------- d-----w- c:\program files\uTorrent
2010-03-07 09:10 . 2009-05-20 11:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-06 14:55 . 2010-03-06 14:55 -------- d-----w- c:\program files\Panasonic
2010-03-03 11:16 . 2009-08-25 21:39 -------- d-----w- c:\program files\Seznam.cz
2010-02-25 06:18 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2001-10-25 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2001-10-25 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2001-10-24 11:46 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:35 . 2001-10-25 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2001-10-25 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-08 18:09 . 2010-02-08 18:09 31232 ----a-w- c:\windows\system32\maplec.dll
2010-02-08 18:09 . 2010-02-08 18:09 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2010-02-08 18:09 . 2010-02-08 18:09 20480 ----a-w- c:\windows\system32\maplecompat.dll
2010-02-04 15:53 . 2010-03-11 21:43 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-04 09:01 . 2010-02-10 21:52 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 09:01 . 2010-02-10 21:52 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 09:01 . 2010-02-10 21:52 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 09:01 . 2010-02-10 21:52 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2004-03-15 16:51 . 2004-03-15 16:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2006-01-23 09:32 . 2006-01-23 09:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 09:48 . 2007-02-08 09:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 18:03 . 2007-07-24 18:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2009-05-29 17:03 . 2009-05-20 11:00 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-04-15_23.59.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-17 20:13 . 2010-04-17 20:13 16384 c:\windows\Temp\Perflib_Perfdata_79c.dat
+ 2010-04-17 20:14 . 2010-04-17 20:14 16384 c:\windows\Temp\Perflib_Perfdata_218.dat
+ 2001-10-25 12:00 . 2010-04-17 20:17 71002 c:\windows\system32\perfc009.dat
- 2001-10-25 12:00 . 2010-04-15 23:40 71002 c:\windows\system32\perfc009.dat
- 2001-10-24 11:54 . 2010-04-15 17:30 23040 c:\windows\system32\dllcache\mouclass.sys
+ 2001-10-24 11:54 . 2010-04-17 16:22 23040 c:\windows\system32\dllcache\mouclass.sys
+ 2005-09-22 21:48 . 2005-09-22 21:48 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-22 21:48 . 2005-09-22 21:48 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-22 21:48 . 2005-09-22 21:48 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
- 2001-10-25 12:00 . 2010-04-15 23:40 440684 c:\windows\system32\perfh009.dat
+ 2001-10-25 12:00 . 2010-04-17 20:17 440684 c:\windows\system32\perfh009.dat
+ 2010-04-17 12:11 . 2010-04-12 15:29 153376 c:\windows\system32\javaws.exe
- 2010-03-30 16:32 . 2010-03-09 02:28 153376 c:\windows\system32\javaws.exe
+ 2010-04-17 12:11 . 2010-04-12 15:29 145184 c:\windows\system32\javaw.exe
- 2010-03-30 16:32 . 2010-03-09 02:28 145184 c:\windows\system32\javaw.exe
- 2010-03-30 16:32 . 2010-03-09 02:28 145184 c:\windows\system32\java.exe
+ 2010-04-17 12:11 . 2010-04-12 15:29 145184 c:\windows\system32\java.exe
+ 2010-04-16 11:34 . 2010-04-16 11:34 1123840 c:\windows\Installer\983095.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-03-01 451224]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-04-15 3037696]
"Google Update"="c:\documents and settings\Ondra\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-04-17 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-10 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-21 39424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"niDevMon"="c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2007-07-14 106064]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-15 2176512]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Czech\\setup.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Sun\\SDK\\jdk\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_13\\bin\\java.exe"=
"c:\\Documents and Settings\\Ondra\\QIP\\qip.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\PCTV Systems\\TVCenter\\TVCenter.exe"=
"c:\\Program Files\\Common Files\\PCTV Systems\\PVR\\VideoControl.exe"=
"c:\\Program Files\\Common Files\\PCTV Systems\\StreamingServer\\StrmServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [29.5.2009 19:42 40560]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11.3.2010 23:43 64288]
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [10.7.2007 21:08 15448]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\symds.sys [6.4.2010 23:22 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\symefa.sys [6.4.2010 23:22 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [24.3.2010 22:38 536112]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [20.5.2009 23:30 27704]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [15.4.2010 18:27 142592]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\ironx86.sys [6.4.2010 23:22 116784]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.1.0.32\ccsvchst.exe [6.4.2010 23:21 126392]
R2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe [16.2.2007 12:21 12696]
R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [16.2.2007 12:21 12696]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [22.2.2007 13:18 11552]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [19.7.2007 12:56 11360]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 13:31 92008]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [20.5.2009 15:15 1121536]
R3 azvusb;Virtual USB Hub;c:\windows\system32\drivers\azvusb.sys [24.8.2009 10:14 44544]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [20.3.2010 0:17 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100415.001\IDSXpx86.sys [17.4.2010 11:22 329592]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [12.7.2007 19:18 11360]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [24.7.2007 13:19 11360]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [13.7.2007 21:00 11360]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.5.2009 10:49 691696]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1265264]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [11.1.2007 11:18 20256]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [22.2.2007 13:40 25888]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [22.2.2007 13:43 11552]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [25.5.2007 14:26 22360]
S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [26.2.2007 13:40 16672]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [15.7.2007 18:44 11352]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [13.7.2007 23:38 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [19.7.2007 4:06 11344]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [24.7.2007 20:37 11336]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [24.7.2007 20:37 11336]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [15.7.2007 19:31 11352]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [18.7.2007 11:47 11392]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [21.6.2007 1:19 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [21.6.2007 1:19 151683]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [13.7.2007 21:01 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [19.7.2007 14:49 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [18.7.2007 22:11 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [18.7.2007 22:12 11896]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [22.2.2007 13:45 20768]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [19.7.2007 3:32 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [17.7.2007 1:27 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [16.7.2007 13:52 11344]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [19.7.2007 3:32 11376]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [24.7.2007 20:37 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [15.7.2007 17:48 11312]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [15.7.2007 18:50 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [17.7.2007 5:18 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [18.7.2007 23:15 11360]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [19.7.2007 12:48 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [19.7.2007 12:56 11360]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [24.7.2007 20:37 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [24.7.2007 20:38 11336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [29.6.2009 20:08 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [29.6.2009 20:08 8320]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\usb6xxxkl.sys --> c:\windows\system32\drivers\usb6xxxkl.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 20:43]

2010-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-04-17 c:\windows\Tasks\User_Feed_Synchronization-{0119A157-9792-4445-B4B6-DEA2DEEA0584}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\10ddi11t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\10ddi11t.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv85win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 22:33
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86477AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7674f28
\Driver\ACPI -> ACPI.sys @ 0xf74e7cb8
\Driver\atapi -> atapi.sys @ 0xf7479852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) PRO/1000 PL Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf7302bb0
PacketIndicateHandler -> NDIS.sys @ 0xf72f1a0d
SendHandler -> NDIS.sys @ 0xf7305b40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7845f038-1192-4a94-ab24-2adfe40715f8}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ed
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):24,13,d7,94,01,e4,92,d9,4c,85,72,c9,2f,d9,30,a6,36,58,75,a2,89,
b4,0b,d4,2a,c3,d3,2b,49,74,d9,b5,db,5d,b3,f4,af,71,c8,0a,00,00,00,00,00,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-04-17 22:38:48
ComboFix-quarantined-files.txt 2010-04-17 20:38
ComboFix2.txt 2010-04-17 10:18
ComboFix3.txt 2010-04-16 00:05

Před spuštěním: 473 649 152
Po spuštění: 436 047 872

- - End Of File - - EB51764152D05BFF929D639006135155

[Rudy]

Zkuste toto: Spusťte ComboFix tímto skriptem:

FCopy::
c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys