zavirované pc, tr/rootkit, tr/spy

[dosn86]

Dobrý den,
mám vážné problémy se zavirovaným pc. Internet jede pomalu a pc se dlouho zapíná a vypíná.
Zde zasílám log z rsit.Předem díky za ochotu.

Logfile of random's system information tool 1.07 (written by random/random)
Run by Ondřej at 2010-05-07 13:13:23
Systém Microsoft Windows XP Professional Service Pack 2
System drive H: has 22 GB (29%) free of 76 GB
Total RAM: 511 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:13:49, on 7.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir Desktop\sched.exe
H:\Program Files\Analog Devices\Core\smax4pnp.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\CardReader2.0\CRBroadCasting.exe
H:\Program Files\Avira\AntiVir Desktop\avgnt.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
H:\Program Files\Avira\AntiVir Desktop\avguard.exe
H:\WINDOWS\ATKKBService.exe
H:\Program Files\ICQ6Toolbar\ICQ Service.exe
H:\Program Files\CardReader2.0\OTiReader.exe
H:\Program Files\CyberLink\Shared files\RichVideo.exe
H:\Program Files\Avira\AntiVir Desktop\avshadow.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\Opera\opera.exe
H:\ruzne\RSIT.exe
H:\Program Files\trend micro\Ondřej.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CRBroadCasting] H:\Program Files\CardReader2.0\CRBroadCasting.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://H:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - H:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - H:\Program Files\bet365MPP\MPPoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - H:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ATKKBService.exe
O23 - Service: B-Service - Unknown owner - H:\Documents and Settings\Ondřej\Data aplikací\Mikogo\B-Service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - H:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OTi Card Reader Service - Unknown owner - H:\Program Files\CardReader2.0\OTiReader.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - H:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8749 bytes

======Scheduled tasks folder======

H:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1163757732.job
H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-16 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - H:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2010-05-06 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - H:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2010-04-16 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-16 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=H:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=H:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"ATICCC"=H:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"CRBroadCasting"=H:\Program Files\CardReader2.0\CRBroadCasting.exe [2004-02-26 24576]
"QuickTime Task"=H:\Program Files\QuickTime\qttask.exe [2006-09-21 155648]
"avgnt"=H:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"KernelFaultCheck"=H:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=H:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"swg"=H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-04-16 39408]

H:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
hp psc 2000 Series.lnk - H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
hpoddt01.exe.lnk - H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
H:\WINDOWS\system32\Ati2evxx.dll [2006-03-17 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
H:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - H:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\ICQLite\ICQLite.exe"="H:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"H:\Program Files\GameFace Messenger\GameFace.exe"="H:\Program Files\GameFace Messenger\GameFace.exe:*:Disabled:IM"
"H:\Program Files\DC++\DCPlusPlus.exe"="H:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"H:\Program Files\Morpheus\Morpheus.exe"="H:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell"
"H:\Program Files\Neoact\Carom3D\update.exe"="H:\Program Files\Neoact\Carom3D\update.exe:*:Enabled:Last Update 2001/08/22"
"H:\Program Files\Internet Explorer\iexplore.exe"="H:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"H:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="H:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"H:\Documents and Settings\Ondřej\Plocha\StrongDC.exe"="H:\Documents and Settings\Ondřej\Plocha\StrongDC.exe:*:Enabled:StrongDC++"
"H:\Documents and Settings\Ondřej\Local Settings\Temp\Rar$EX00.828\StrongDC.exe"="H:\Documents and Settings\Ondřej\Local Settings\Temp\Rar$EX00.828\StrongDC.exe:*:Enabled:StrongDC++"
"H:\Documents and Settings\Ondřej\Local Settings\Temp\Rar$EX14.813\StrongDC.exe"="H:\Documents and Settings\Ondřej\Local Settings\Temp\Rar$EX14.813\StrongDC.exe:*:Enabled:StrongDC++"
"H:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="H:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"H:\Program Files\Dc\StrongDC.exe"="H:\Program Files\Dc\StrongDC.exe:*:Enabled:StrongDC++"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\ICQ6\ICQ.exe"="H:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"H:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="H:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"H:\Program Files\ICQ6.5\ICQ.exe"="H:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"H:\Program Files\Opera\opera.exe"="H:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"H:\WINDOWS\system32\services.exe"="H:\WINDOWS\system32\services.exe:*:Enabled:services.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="H:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"

======List of files/folders created in the last 1 months======

2010-05-07 13:13:24 ----D---- H:\Program Files\trend micro
2010-05-07 13:13:23 ----D---- H:\rsit
2010-05-05 15:48:36 ----D---- H:\Documents and Settings\Ondřej\Data aplikací\Avira
2010-05-05 15:45:58 ----D---- H:\Documents and Settings\All Users\Data aplikací\Avira
2010-05-05 15:21:27 ----A---- H:\WINDOWS\system32\msvcr80.dll
2010-05-05 15:21:26 ----A---- H:\WINDOWS\system32\msvcp80.dll
2010-05-05 15:21:25 ----A---- H:\WINDOWS\system32\eEmpty.exe
2010-05-05 15:21:20 ----A---- H:\WINDOWS\system32\TASKMGR.COM
2010-05-05 15:21:20 ----A---- H:\WINDOWS\system32\T.COM
2010-05-05 15:21:20 ----A---- H:\WINDOWS\REGEDIT.COM
2010-05-05 15:21:20 ----A---- H:\WINDOWS\R.COM
2010-05-05 15:21:18 ----D---- H:\Program Files\Common Files\MicroWorld
2010-05-05 15:21:10 ----D---- H:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-05-05 14:57:03 ----HDC---- H:\WINDOWS\$NtUninstallKB914882$
2010-05-05 14:56:49 ----D---- H:\WINDOWS\LastGood
2010-05-05 14:39:59 ----SHD---- H:\Config.Msi
2010-05-05 14:29:55 ----D---- H:\WINDOWS\LastGood.Tmp
2010-05-02 23:20:47 ----D---- H:\Program Files\Common Files\PC Tools
2010-05-02 16:40:03 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2010-04-16 16:50:40 ----SHD---- H:\RECYCLER
2010-04-16 16:42:17 ----A---- H:\ComboFix.txt
2010-04-16 16:32:08 ----D---- H:\WINDOWS\temp
2010-04-16 16:23:13 ----A---- H:\Boot.bak
2010-04-16 16:23:00 ----RASHD---- H:\cmdcons
2010-04-16 16:21:52 ----A---- H:\WINDOWS\zip.exe
2010-04-16 16:21:52 ----A---- H:\WINDOWS\SWXCACLS.exe
2010-04-16 16:21:52 ----A---- H:\WINDOWS\SWSC.exe
2010-04-16 16:21:52 ----A---- H:\WINDOWS\SWREG.exe
2010-04-16 16:21:52 ----A---- H:\WINDOWS\sed.exe
2010-04-16 16:21:52 ----A---- H:\WINDOWS\PEV.exe
2010-04-16 16:21:52 ----A---- H:\WINDOWS\NIRCMD.exe
2010-04-16 16:21:52 ----A---- H:\WINDOWS\MBR.exe
2010-04-16 16:21:52 ----A---- H:\WINDOWS\grep.exe
2010-04-16 16:21:07 ----D---- H:\WINDOWS\ERDNT
2010-04-16 16:10:05 ----D---- H:\Qoobox
2010-04-14 01:07:05 ----HDC---- H:\WINDOWS\$NtUninstallKB978601$
2010-04-14 01:06:53 ----HDC---- H:\WINDOWS\$NtUninstallKB979309$
2010-04-14 00:50:52 ----A---- H:\WINDOWS\system32\muweb.dll
2010-04-14 00:50:52 ----A---- H:\WINDOWS\system32\mucltui.dll.mui
2010-04-14 00:50:52 ----A---- H:\WINDOWS\system32\mucltui.dll
2010-04-14 00:50:49 ----A---- H:\WINDOWS\system32\wuweb.dll
2010-04-14 00:50:49 ----A---- H:\WINDOWS\system32\wups2.dll
2010-04-14 00:50:49 ----A---- H:\WINDOWS\system32\wups.dll
2010-04-14 00:50:48 ----A---- H:\WINDOWS\system32\wucltui.dll
2010-04-14 00:50:48 ----A---- H:\WINDOWS\system32\wuaueng.dll
2010-04-14 00:50:48 ----A---- H:\WINDOWS\system32\wuauclt.exe
2010-04-14 00:50:47 ----A---- H:\WINDOWS\system32\wuapi.dll
2010-04-14 00:50:47 ----A---- H:\WINDOWS\system32\cdm.dll
2010-04-14 00:32:45 ----D---- H:\Documents and Settings\Ondřej\Data aplikací\Malwarebytes
2010-04-14 00:32:32 ----D---- H:\Documents and Settings\All Users\Data aplikací\Malwarebytes

======List of files/folders modified in the last 1 months======

2010-05-07 13:13:24 ----RD---- H:\Program Files
2010-05-07 13:12:11 ----D---- H:\ruzne
2010-05-07 13:10:26 ----RSHDC---- H:\WINDOWS\system32\dllcache
2010-05-07 13:10:23 ----D---- H:\WINDOWS\system32\drivers
2010-05-07 13:08:44 ----D---- H:\WINDOWS\system32\CatRoot2
2010-05-07 00:34:16 ----A---- H:\WINDOWS\SchedLgU.Txt
2010-05-07 00:30:44 ----D---- H:\WINDOWS\system32\NtmsData
2010-05-07 00:30:04 ----D---- H:\WINDOWS\Registration
2010-05-07 00:26:20 ----D---- H:\WINDOWS\Minidump
2010-05-07 00:26:20 ----D---- H:\WINDOWS
2010-05-07 00:26:19 ----SHD---- H:\System Volume Information
2010-05-06 23:05:38 ----D---- H:\Program Files\PokerStars
2010-05-06 21:40:57 ----HDC---- H:\WINDOWS\$NtUninstallKB922760$
2010-05-06 00:20:44 ----SHD---- H:\WINDOWS\Installer
2010-05-06 00:20:36 ----D---- H:\Program Files\Opera
2010-05-05 15:53:09 ----HD---- H:\WINDOWS\inf
2010-05-05 15:53:00 ----D---- H:\WINDOWS\repair
2010-05-05 15:43:56 ----A---- H:\Program Files\avira_antivir_personal_en.exe
2010-05-05 15:41:28 ----D---- H:\WINDOWS\system32
2010-05-05 15:39:37 ----D---- H:\WINDOWS\WinSxS
2010-05-05 15:21:18 ----D---- H:\Program Files\Common Files
2010-05-05 15:01:29 ----SD---- H:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-05-05 14:56:51 ----HD---- H:\WINDOWS\$hf_mig$
2010-05-05 14:30:34 ----D---- H:\WINDOWS\Prefetch
2010-05-04 00:18:41 ----A---- H:\WINDOWS\NeroDigital.ini
2010-05-03 23:56:52 ----D---- H:\Program Files\Mozilla Firefox
2010-05-03 14:16:52 ----AD---- H:\Documents and Settings\All Users\Data aplikací\Temp
2010-04-26 20:29:37 ----D---- H:\Documents and Settings\Ondřej\Data aplikací\ICQ
2010-04-23 23:48:50 ----D---- H:\Program Files\Full Tilt Poker
2010-04-21 15:56:10 ----D---- H:\WINDOWS\system32\Restore
2010-04-19 14:13:27 ----D---- H:\Program Files\Google
2010-04-16 16:37:47 ----D---- H:\Documents and Settings\All Users\Data aplikací\Google
2010-04-16 16:35:24 ----A---- H:\WINDOWS\system.ini
2010-04-16 16:32:33 ----D---- H:\WINDOWS\system32\config
2010-04-16 16:29:58 ----D---- H:\WINDOWS\AppPatch
2010-04-16 16:23:14 ----RASH---- H:\boot.ini
2010-04-14 22:55:40 ----A---- H:\Program Files\install_flash_player.exe
2010-04-14 16:58:47 ----HDC---- H:\WINDOWS\$NtUninstallKB957095$
2010-04-14 01:07:08 ----A---- H:\WINDOWS\imsins.BAK
2010-04-14 00:50:51 ----D---- H:\WINDOWS\Help
2010-04-14 00:46:06 ----RSD---- H:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; H:\WINDOWS\system32\drivers\AFS2K.sys [2006-11-17 82380]
R1 asuskbnt;Enhanced Display Driver Helper Service; H:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 avgio;avgio; \??\H:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; H:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Řadič procesoru Intel; H:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 ssmdrv;ssmdrv; H:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; H:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 EIO;EIO; \??\H:\WINDOWS\system32\drivers\EIO.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; H:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; H:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 ati2mtag;ati2mtag; H:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-17 1520640]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Ovladač třídy standardu HID; H:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; H:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 SenFiltService;SenFilt Service; H:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; H:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; H:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; H:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Video3D;ASUS Video3D Service; H:\WINDOWS\System32\Drivers\Video3D32.sys [2005-09-27 16000]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; H:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-03-30 230400]
S1 asusgsb;ASUS Virtual Video Capture Device Driver; H:\WINDOWS\system32\drivers\asusgsb32.sys []
S3 CCDECODE;Dekodér Closed Caption; H:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; H:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; H:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; H:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; H:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; H:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; H:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; H:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; H:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; H:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; H:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 SLIP;BDA Slip De-Framer; H:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); H:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; H:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Třída USB Printer; H:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; H:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; H:\WINDOWS\System32\Drivers\sptd.sys [2007-08-03 685816]
S4 sr;Ovladač filtru Obnovy systému; H:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-17 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; H:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; H:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 Ati HotKey Poller;Ati HotKey Poller; H:\WINDOWS\system32\Ati2evxx.exe [2006-03-17 405504]
R2 ATKKeyboardService;ATK Keyboard Service; H:\WINDOWS\ATKKBService.exe [2006-04-10 241664]
R2 ICQ Service;ICQ Service; H:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 OTi Card Reader Service;OTi Card Reader Service; H:\Program Files\CardReader2.0\OTiReader.exe [2004-03-04 131177]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); H:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 gupdate;Google Update Service (gupdate); H:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-11 135664]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 B-Service;B-Service; H:\Documents and Settings\Ondřej\Data aplikací\Mikogo\B-Service.exe [2010-02-07 185640]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-16 182768]
S3 IDriverT;InstallDriver Table Manager; H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Pml Driver HPZ12;Pml Driver HPZ12; H:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
S3 ServiceLayer;ServiceLayer; H:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; H:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[Unlimited_Killer]

Dobré odpoledne.

1) ComboFix

• Stáhněte a uložte na Plochu ComboFix.
• Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
• Spusťte ho s administrátorským oprávněním.
• Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'.
• Budete také dotázáni na instalaci konzole pro zotavení, taktéž klikněte na 'Ano'.
• Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat.
• Váš PC bude pravděpodobně restartován, tak se toho nelekněte.
• Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
• Po skončení skenu (či následném restartu) na Vás 'vypadne' log, který vkopírujete ve formě textu sem.
• Pokud žádný log 'nevypadne', naleznete jej v umístění C:\ComboFix.txt

[dosn86]

Zdravím, zde je log z combofixu


ComboFix 10-05-07.07 - Ondřej 08.05.2010 13:29:39.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.237 [GMT 2:00]
Spuštěný z: h:\documents and settings\Ondřej\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\windows\regedit.com
h:\windows\system32\driVERs\vqqebjvl.sys
h:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_vqqebjvl
-------\Service_vqqebjvl


((((((((((((((((((((((((( Soubory vytvořené od 2010-04-08 do 2010-05-08 )))))))))))))))))))))))))))))))
.

2010-05-07 11:13 . 2010-05-07 11:13 -------- d-----w- h:\program files\trend micro
2010-05-07 11:13 . 2010-05-07 11:13 -------- d-----w- H:\rsit
2010-05-06 19:40 . 2010-05-06 19:40 54016 ----a-w- h:\windows\system32\drivers\asky.sys
2010-05-05 22:32 . 2010-05-05 22:32 54016 ----a-w- h:\windows\system32\drivers\ugiut.sys
2010-05-05 13:45 . 2010-03-01 08:05 124784 ----a-w- h:\windows\system32\drivers\avipbb.sys
2010-05-05 13:45 . 2009-05-11 10:49 45416 ----a-w- h:\windows\system32\drivers\avgntdd.sys
2010-05-05 13:45 . 2009-05-11 10:49 22360 ----a-w- h:\windows\system32\drivers\avgntmgr.sys
2010-05-05 13:21 . 2010-05-05 13:21 632064 ----a-w- h:\windows\system32\msvcr80.dll
2010-05-05 13:21 . 2010-05-05 13:21 554240 ----a-w- h:\windows\system32\msvcp80.dll
2010-05-05 13:21 . 2010-05-05 13:21 34048 ----a-w- h:\windows\system32\eEmpty.exe
2010-05-05 13:21 . 2004-08-17 13:49 147968 ----a-w- h:\windows\R.COM
2010-05-05 13:21 . 2004-08-17 13:49 137216 ----a-w- h:\windows\system32\T.COM
2010-05-05 13:21 . 2010-05-05 13:21 -------- d-----w- h:\program files\Common Files\MicroWorld
2010-05-05 12:56 . 2010-05-05 12:56 -------- d-----w- h:\windows\LastGood
2010-05-05 12:40 . 2010-03-31 06:23 95872 ----a-w- h:\windows\system32\drivers\epfwtdir.sys
2010-05-05 12:40 . 2010-03-31 06:17 140216 ----a-w- h:\windows\system32\drivers\eamon.sys
2010-05-05 12:40 . 2010-03-31 06:22 114984 ----a-w- h:\windows\system32\drivers\ehdrv.sys
2010-05-03 19:00 . 2010-05-03 19:00 54016 ----a-w- h:\windows\system32\drivers\srxjldj.sys
2010-05-02 21:20 . 2010-05-03 12:16 -------- d-----w- h:\program files\Common Files\PC Tools
2010-05-02 20:23 . 2010-05-02 20:23 54016 ----a-w- h:\windows\system32\drivers\xeomcsp.sys
2010-05-02 15:01 . 2006-02-15 00:22 142464 -c--a-w- h:\windows\system32\dllcache\aec.sys
2010-05-02 15:01 . 2006-02-15 00:22 142464 ----a-w- h:\windows\system32\drivers\aec.sys
2010-05-02 14:40 . 2010-04-29 13:39 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2010-05-02 14:40 . 2010-05-02 14:40 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2010-05-02 14:40 . 2010-04-29 13:39 20952 ----a-w- h:\windows\system32\drivers\mbam.sys
2010-04-16 14:37 . 2010-04-16 14:37 -------- d-----r- h:\documents and settings\LocalService\Oblíbené položky
2010-04-16 13:46 . 2010-04-16 13:46 54016 ----a-w- h:\windows\system32\drivers\eddkumxn.sys
2010-04-13 22:50 . 2009-08-06 17:23 274288 ----a-w- h:\windows\system32\mucltui.dll
2010-04-13 22:50 . 2009-08-06 17:23 215920 ----a-w- h:\windows\system32\muweb.dll
2010-04-13 22:50 . 2009-08-06 17:24 44768 ----a-w- h:\windows\system32\wups2.dll
2010-04-13 22:50 . 2009-08-06 17:24 35552 -c--a-w- h:\windows\system32\dllcache\wups.dll
2010-04-13 22:50 . 2009-08-06 17:24 35552 ----a-w- h:\windows\system32\wups.dll
2010-04-13 22:50 . 2008-10-16 13:13 202776 ----a-w- h:\windows\system32\wuweb.dll
2010-04-13 22:50 . 2008-10-16 13:13 1809944 ----a-w- h:\windows\system32\wuaueng.dll
2010-04-13 22:50 . 2008-10-16 13:12 323608 ----a-w- h:\windows\system32\wucltui.dll
2010-04-13 22:50 . 2008-10-16 13:09 51224 ----a-w- h:\windows\system32\wuauclt.exe
2010-04-13 22:50 . 2008-10-16 13:12 561688 ----a-w- h:\windows\system32\wuapi.dll
2010-04-13 22:50 . 2008-10-16 13:09 92696 ----a-w- h:\windows\system32\cdm.dll
2010-04-13 22:46 . 2010-04-13 22:46 54016 ----a-w- h:\windows\system32\drivers\rrhkbvqp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 11:41 . 2010-05-08 11:41 574464 ----a-w- h:\windows\system32\drivers\jphooyfz.sys
2010-05-08 11:41 . 2010-02-26 14:49 802304 ----a-w- h:\windows\system32\drivers\reslcov.sys
2010-05-06 21:05 . 2008-07-31 15:31 -------- d-----w- h:\program files\PokerStars
2010-05-05 22:20 . 2010-01-17 20:39 -------- d-----w- h:\program files\Opera
2010-05-05 13:43 . 2009-10-21 12:31 44089584 ----a-w- h:\program files\avira_antivir_personal_en.exe
2010-04-23 21:48 . 2010-04-04 19:44 -------- d-----w- h:\program files\Full Tilt Poker
2010-04-19 12:13 . 2006-11-24 15:15 -------- d-----w- h:\program files\Google
2010-04-14 20:55 . 2009-05-01 15:24 1924976 ----a-w- h:\program files\install_flash_player.exe
2010-04-04 19:43 . 2010-04-04 19:42 25138570 ----a-w- h:\program files\FullTiltSetup.exe
2010-03-28 18:15 . 2001-10-25 12:00 70556 ----a-w- h:\windows\system32\perfc005.dat
2010-03-28 18:15 . 2001-10-25 12:00 395062 ----a-w- h:\windows\system32\perfh005.dat
2010-03-25 22:09 . 2006-09-21 06:00 -------- d--h--w- h:\program files\InstallShield Installation Information
2010-03-25 22:09 . 2006-09-21 06:21 -------- d-----w- h:\program files\ASUS
2010-03-11 01:00 . 2010-03-11 01:00 569504 ----a-w- h:\program files\GoogleEarthSetup.exe
2010-02-16 12:24 . 2009-10-21 12:11 60936 ----a-w- h:\windows\system32\drivers\avgntflt.sys
2010-02-07 13:42 . 2010-02-07 13:42 1676592 ----a-w- h:\program files\mikogo-starter.exe
2010-01-17 20:38 . 2010-01-17 20:38 11650440 ----a-w- h:\program files\Opera_1010_in_Setup.exe
2009-09-27 14:44 . 2009-09-27 14:44 4938616 ----a-w- h:\program files\Silverlight.exe
2009-09-20 11:48 . 2009-09-20 11:48 31863808 ----a-w- h:\program files\eav_nt32_csy.msi
2009-06-07 16:55 . 2009-06-05 15:59 200 ----a-w- h:\program files\OnLineInfo.his
2009-06-07 16:47 . 2009-06-05 15:52 4900 -c--a-w- h:\program files\Dily.rdd
2009-06-05 15:55 . 2009-06-05 15:53 87589 ----a-w- h:\program files\reindex_Errors.txt
2008-11-03 11:13 . 2008-11-03 11:13 79099888 ----a-w- h:\program files\CyberLink.2021aD_Online_DVD080924-02.exe
2008-07-31 15:30 . 2008-07-31 15:30 7976376 ----a-w- h:\program files\PokerStarsInstall.exe
2008-06-09 12:08 . 2008-06-09 12:07 7726360 ----a-w- h:\program files\Google_Earth_CZXV.exe
2008-02-19 21:43 . 2008-02-19 21:43 1629817 ----a-w- h:\program files\installspeedfan433.exe
2008-01-09 11:19 . 2008-01-09 11:19 293153 ----a-w- h:\program files\fmvc_setup.zip
2007-08-21 15:02 . 2007-08-21 15:02 10050902 ----a-w- h:\program files\Codecs6030_allin1.exe
2007-07-25 13:33 . 2007-07-25 13:33 3276176 ----a-w- h:\program files\DivXCodec.exe
2007-02-09 22:36 . 2007-02-09 22:36 5713825 ----a-w- h:\program files\ExpektPokerClient_2.5.7.105.exe
2007-02-05 11:54 . 2007-02-05 11:54 7660520 ----a-w- h:\program files\ubsetup.exe
2007-01-04 23:27 . 2007-01-04 23:27 9099405 ----a-w- h:\program files\ParadisePokerSetup_5004.exe
2006-11-13 16:24 . 2006-10-27 08:16 190048 ----a-w- h:\program files\Morpheus.exe
2006-11-10 11:39 . 2006-11-10 11:39 14879120 ----a-w- h:\program files\GoogleEarthWin.exe
2006-11-02 23:54 . 2006-11-02 23:54 11937728 ----a-w- h:\program files\setupcze.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="h:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-16 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="h:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="h:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"CRBroadCasting"="h:\program files\CardReader2.0\CRBroadCasting.exe" [2004-02-26 24576]
"QuickTime Task"="h:\program files\QuickTime\qttask.exe" [2006-09-21 155648]
"avgnt"="h:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

h:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hp psc 2000 Series.lnk - h:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]
hpoddt01.exe.lnk - h:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\GameFace Messenger\\GameFace.exe"=
"h:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"h:\\Documents and Settings\\Ondřej\\Plocha\\StrongDC.exe"=
"h:\\Program Files\\Dc\\StrongDC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"h:\\Program Files\\ICQ6.5\\ICQ.exe"=
"h:\\Program Files\\Opera\\opera.exe"=
"h:\\WINDOWS\\system32\\services.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;h:\program files\Avira\AntiVir Desktop\sched.exe [5.5.2010 15:45 135336]
R2 ICQ Service;ICQ Service;h:\program files\ICQ6Toolbar\ICQ Service.exe [23.6.2008 20:20 222968]
S2 gupdate;Google Update Service (gupdate);h:\program files\Google\Update\GoogleUpdate.exe [11.3.2010 3:00 135664]
S3 B-Service;B-Service;h:\documents and settings\Ondřej\Data aplikací\Mikogo\B-Service.exe [7.2.2010 15:46 185640]
S4 sptd;sptd;h:\windows\system32\drivers\sptd.sys [3.8.2007 18:24 685816]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - JPHOOYFZ
*Deregistered* - jphooyfz
*Deregistered* - reslcov
.
Obsah adresáře 'Naplánované úlohy'

2007-02-19 h:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2100 series5E771253C1676EBED677BF361FDFC537825E15B8163757732.job
- h:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]

2010-05-08 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- h:\program files\Google\Update\GoogleUpdate.exe [2010-03-11 01:00]

2010-05-07 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- h:\program files\Google\Update\GoogleUpdate.exe [2010-03-11 01:00]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &ICQ Toolbar Search - h:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - h:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - h:\program files\bet365MPP\MPPoker.exe
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - h:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
FF - ProfilePath - h:\documents and settings\Ondřej\Data aplikací\Mozilla\Firefox\Profiles\isyobod1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-divxd&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: h:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: h:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: h:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 13:39
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\jphooyfz]

--

[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\reslcov]

.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(556)
h:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3080)
h:\windows\system32\WPDShServiceObj.dll
h:\windows\system32\PortableDeviceTypes.dll
h:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
h:\windows\system32\Ati2evxx.exe
h:\windows\system32\Ati2evxx.exe
h:\program files\Avira\AntiVir Desktop\avguard.exe
h:\windows\ATKKBService.exe
h:\program files\CardReader2.0\OTiReader.exe
h:\program files\Avira\AntiVir Desktop\avshadow.exe
h:\program files\CyberLink\Shared files\RichVideo.exe
h:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
h:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
h:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-05-08 13:45:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-08 11:45
ComboFix2.txt 2010-04-16 14:42

Před spuštěním: Volných bajtů: 22 807 576 576
Po spuštění: Volných bajtů: 23 041 802 240

Current=60 Default=60 Failed=59 LastKnownGood=61 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61
- - End Of File - - 3C8BA9703744F1640CC453079D6E159B

[Unlimited_Killer]

Pokračujeme.

1) Skript do ComboFix-u

• Otevřete si Poznámkový blok [Start → Spustit → notepad → Enter].
• Do něj vkopírujte následující text:

  Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "swg"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "QuickTime Task"=-
  
  FixCSet::
  
  Collect::
  h:\windows\system32\drivers\asky.sys
  h:\windows\system32\drivers\ugiut.sys
  h:\windows\system32\drivers\srxjldj.sys
  h:\windows\system32\drivers\xeomcsp.sys
  h:\windows\system32\drivers\aec.sys
  h:\windows\system32\dllcache\aec.sys
  h:\windows\system32\drivers\rrhkbvqp.sys
  h:\windows\system32\drivers\jphooyfz.sys
  h:\windows\system32\drivers\reslcov.sys
  
  Folder::
  h:\program files\ICQ6Toolbar
  
  File::
  h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  DDS::
  IE: &ICQ Toolbar Search - h:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
  IE: {{B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - h:\program files\bet365MPP\MPPoker.exe
  IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - h:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
  
  Extra::
  
  FireFox::
  FF - ProfilePath - h:\documents and settings\Ondřej\Data aplikací\Mozilla\Firefox\Profiles\isyobod1.default\
  FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8 ... f-divxd&p=
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
  
  Driver::
  ICQ Service
  reslcov
  jphooyfz
  JPHOOYFZ
  
  Reboot::

• Uložte tento soubor na Plochu pod jménem CFScript (koncovka .txt).
• Přetáhněte tento soubor nad ComboFix a pusťte ho.
• I tento soubor, i ComboFix musí být na Ploše!
  
• ComboFix se spustí a vykoná příkazy ze skriptu.
• Počítač bude pravděpodobně restartován.
• Po restartu na Vás vyskočí okno s logem, který mi vkopírujete sem ve formě textu.

2) VirusTotal

• Otestujte na VirusTotal soubory:

  Kód: Vybrat vše

  h:\windows\R.COM
  h:\windows\system32\T.COM

• Jednoduše tam vkopírujete cesty, co jsem napsal do code.
• Jestliže Vám to napíše, že soubor byl již testován, nechte ho otestovat znovu.
• Poté sem vložíte linky (odkazy) na jednotlivé testy.

[dosn86]

Takže posílám log z combofix a odkazy z virustotal.

ComboFix 10-05-08.02 - Ondřej 09.05.2010 18:21:56.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.214 [GMT 2:00]
Spuštěný z: h:\documents and settings\Ondřej\Plocha\ComboFix.exe
Použité ovládací přepínače :: h:\documents and settings\Ondřej\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"h:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"h:\windows\Tasks\GoogleUpdateTaskMachineUA.job"

file zipped: h:\windows\system32\dllcache\aec.sys
file zipped: h:\windows\system32\drivers\aec.sys
file zipped: h:\windows\system32\drivers\asky.sys
file zipped: h:\windows\system32\drivers\jphooyfz.sys
file zipped: h:\windows\system32\drivers\reslcov.sys
file zipped: h:\windows\system32\drivers\rrhkbvqp.sys
file zipped: h:\windows\system32\drivers\srxjldj.sys
file zipped: h:\windows\system32\drivers\ugiut.sys
file zipped: h:\windows\system32\drivers\xeomcsp.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\program files\ICQ6Toolbar
h:\program files\ICQ6Toolbar\Icons.bmp
h:\program files\ICQ6Toolbar\ICQ Service.exe
h:\program files\ICQ6Toolbar\icq6Toolbar.ico
h:\program files\ICQ6Toolbar\ICQToolBar.dll
h:\program files\ICQ6Toolbar\ICQUnToolbar.exe
h:\program files\ICQ6Toolbar\logo_small.gif
h:\program files\ICQ6Toolbar\ServiceStarter.exe
h:\program files\ICQ6Toolbar\short.wav
h:\program files\ICQ6Toolbar\Version.txt
h:\windows\system32\dllcache\aec.sys
h:\windows\system32\drivers\aec.sys
h:\windows\system32\driVERs\arwiwe.sys
h:\windows\system32\drivers\asky.sys
h:\windows\system32\drivers\jphooyfz.sys
h:\windows\system32\drivers\reslcov.sys
h:\windows\system32\drivers\rrhkbvqp.sys
h:\windows\system32\drivers\srxjldj.sys
h:\windows\system32\drivers\ugiut.sys
h:\windows\system32\drivers\xeomcsp.sys
h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
h:\windows\Tasks\GoogleUpdateTaskMachineUA.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Legacy_RESLCOV
-------\Service_ICQ Service
-------\Service_reslcov
-------\Legacy_arwiwe
-------\Service_arwiwe


((((((((((((((((((((((((( Soubory vytvořené od 2010-04-09 do 2010-05-09 )))))))))))))))))))))))))))))))
.

2010-05-08 17:53 . 2010-05-08 19:17 574464 ----a-w- h:\windows\system32\drivers\xuhoznxn.sys
2010-05-07 11:13 . 2010-05-07 11:13 -------- d-----w- h:\program files\trend micro
2010-05-07 11:13 . 2010-05-07 11:13 -------- d-----w- H:\rsit
2010-05-05 13:45 . 2010-03-01 08:05 124784 ----a-w- h:\windows\system32\drivers\avipbb.sys
2010-05-05 13:45 . 2009-05-11 10:49 45416 ----a-w- h:\windows\system32\drivers\avgntdd.sys
2010-05-05 13:45 . 2009-05-11 10:49 22360 ----a-w- h:\windows\system32\drivers\avgntmgr.sys
2010-05-05 13:21 . 2010-05-05 13:21 632064 ----a-w- h:\windows\system32\msvcr80.dll
2010-05-05 13:21 . 2010-05-05 13:21 554240 ----a-w- h:\windows\system32\msvcp80.dll
2010-05-05 13:21 . 2010-05-05 13:21 34048 ----a-w- h:\windows\system32\eEmpty.exe
2010-05-05 13:21 . 2004-08-17 13:49 147968 ----a-w- h:\windows\R.COM
2010-05-05 13:21 . 2004-08-17 13:49 137216 ----a-w- h:\windows\system32\T.COM
2010-05-05 13:21 . 2010-05-05 13:21 -------- d-----w- h:\program files\Common Files\MicroWorld
2010-05-05 12:40 . 2010-03-31 06:23 95872 ----a-w- h:\windows\system32\drivers\epfwtdir.sys
2010-05-05 12:40 . 2010-03-31 06:17 140216 ----a-w- h:\windows\system32\drivers\eamon.sys
2010-05-05 12:40 . 2010-03-31 06:22 114984 ----a-w- h:\windows\system32\drivers\ehdrv.sys
2010-05-02 21:20 . 2010-05-03 12:16 -------- d-----w- h:\program files\Common Files\PC Tools
2010-05-02 14:40 . 2010-04-29 13:39 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2010-05-02 14:40 . 2010-05-02 14:40 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2010-05-02 14:40 . 2010-04-29 13:39 20952 ----a-w- h:\windows\system32\drivers\mbam.sys
2010-04-16 14:37 . 2010-04-16 14:37 -------- d-----r- h:\documents and settings\LocalService\Oblíbené položky
2010-04-16 13:46 . 2010-04-16 13:46 54016 ----a-w- h:\windows\system32\drivers\eddkumxn.sys
2010-04-13 22:50 . 2009-08-06 17:23 274288 ----a-w- h:\windows\system32\mucltui.dll
2010-04-13 22:50 . 2009-08-06 17:23 215920 ----a-w- h:\windows\system32\muweb.dll
2010-04-13 22:50 . 2009-08-06 17:24 44768 ----a-w- h:\windows\system32\wups2.dll
2010-04-13 22:50 . 2009-08-06 17:24 35552 -c--a-w- h:\windows\system32\dllcache\wups.dll
2010-04-13 22:50 . 2009-08-06 17:24 35552 ----a-w- h:\windows\system32\wups.dll
2010-04-13 22:50 . 2008-10-16 13:13 202776 ----a-w- h:\windows\system32\wuweb.dll
2010-04-13 22:50 . 2008-10-16 13:13 1809944 ----a-w- h:\windows\system32\wuaueng.dll
2010-04-13 22:50 . 2008-10-16 13:12 323608 ----a-w- h:\windows\system32\wucltui.dll
2010-04-13 22:50 . 2008-10-16 13:09 51224 ----a-w- h:\windows\system32\wuauclt.exe
2010-04-13 22:50 . 2008-10-16 13:12 561688 ----a-w- h:\windows\system32\wuapi.dll
2010-04-13 22:50 . 2008-10-16 13:09 92696 ----a-w- h:\windows\system32\cdm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 18:33 . 2008-07-31 15:31 -------- d-----w- h:\program files\PokerStars
2010-05-05 22:20 . 2010-01-17 20:39 -------- d-----w- h:\program files\Opera
2010-05-05 13:43 . 2009-10-21 12:31 44089584 ----a-w- h:\program files\avira_antivir_personal_en.exe
2010-04-23 21:48 . 2010-04-04 19:44 -------- d-----w- h:\program files\Full Tilt Poker
2010-04-19 12:13 . 2006-11-24 15:15 -------- d-----w- h:\program files\Google
2010-04-14 20:55 . 2009-05-01 15:24 1924976 ----a-w- h:\program files\install_flash_player.exe
2010-04-04 19:43 . 2010-04-04 19:42 25138570 ----a-w- h:\program files\FullTiltSetup.exe
2010-03-28 18:15 . 2001-10-25 12:00 70556 ----a-w- h:\windows\system32\perfc005.dat
2010-03-28 18:15 . 2001-10-25 12:00 395062 ----a-w- h:\windows\system32\perfh005.dat
2010-03-25 22:09 . 2006-09-21 06:00 -------- d--h--w- h:\program files\InstallShield Installation Information
2010-03-25 22:09 . 2006-09-21 06:21 -------- d-----w- h:\program files\ASUS
2010-03-11 01:00 . 2010-03-11 01:00 569504 ----a-w- h:\program files\GoogleEarthSetup.exe
2010-02-16 12:24 . 2009-10-21 12:11 60936 ----a-w- h:\windows\system32\drivers\avgntflt.sys
2010-02-07 13:42 . 2010-02-07 13:42 1676592 ----a-w- h:\program files\mikogo-starter.exe
2010-01-17 20:38 . 2010-01-17 20:38 11650440 ----a-w- h:\program files\Opera_1010_in_Setup.exe
2009-09-27 14:44 . 2009-09-27 14:44 4938616 ----a-w- h:\program files\Silverlight.exe
2009-09-20 11:48 . 2009-09-20 11:48 31863808 ----a-w- h:\program files\eav_nt32_csy.msi
2009-06-07 16:55 . 2009-06-05 15:59 200 ----a-w- h:\program files\OnLineInfo.his
2009-06-07 16:47 . 2009-06-05 15:52 4900 -c--a-w- h:\program files\Dily.rdd
2009-06-05 15:55 . 2009-06-05 15:53 87589 ----a-w- h:\program files\reindex_Errors.txt
2008-11-03 11:13 . 2008-11-03 11:13 79099888 ----a-w- h:\program files\CyberLink.2021aD_Online_DVD080924-02.exe
2008-07-31 15:30 . 2008-07-31 15:30 7976376 ----a-w- h:\program files\PokerStarsInstall.exe
2008-06-09 12:08 . 2008-06-09 12:07 7726360 ----a-w- h:\program files\Google_Earth_CZXV.exe
2008-02-19 21:43 . 2008-02-19 21:43 1629817 ----a-w- h:\program files\installspeedfan433.exe
2008-01-09 11:19 . 2008-01-09 11:19 293153 ----a-w- h:\program files\fmvc_setup.zip
2007-08-21 15:02 . 2007-08-21 15:02 10050902 ----a-w- h:\program files\Codecs6030_allin1.exe
2007-07-25 13:33 . 2007-07-25 13:33 3276176 ----a-w- h:\program files\DivXCodec.exe
2007-02-09 22:36 . 2007-02-09 22:36 5713825 ----a-w- h:\program files\ExpektPokerClient_2.5.7.105.exe
2007-02-05 11:54 . 2007-02-05 11:54 7660520 ----a-w- h:\program files\ubsetup.exe
2007-01-04 23:27 . 2007-01-04 23:27 9099405 ----a-w- h:\program files\ParadisePokerSetup_5004.exe
2006-11-13 16:24 . 2006-10-27 08:16 190048 ----a-w- h:\program files\Morpheus.exe
2006-11-10 11:39 . 2006-11-10 11:39 14879120 ----a-w- h:\program files\GoogleEarthWin.exe
2006-11-02 23:54 . 2006-11-02 23:54 11937728 ----a-w- h:\program files\setupcze.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="h:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="h:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"CRBroadCasting"="h:\program files\CardReader2.0\CRBroadCasting.exe" [2004-02-26 24576]
"avgnt"="h:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

h:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hp psc 2000 Series.lnk - h:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]
hpoddt01.exe.lnk - h:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\GameFace Messenger\\GameFace.exe"=
"h:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"h:\\Documents and Settings\\Ondřej\\Plocha\\StrongDC.exe"=
"h:\\Program Files\\Dc\\StrongDC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"h:\\Program Files\\ICQ6.5\\ICQ.exe"=
"h:\\Program Files\\Opera\\opera.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;h:\program files\Avira\AntiVir Desktop\sched.exe [5.5.2010 15:45 135336]
S2 gupdate;Google Update Service (gupdate);h:\program files\Google\Update\GoogleUpdate.exe [11.3.2010 3:00 135664]
S3 B-Service;B-Service;h:\documents and settings\Ondřej\Data aplikací\Mikogo\B-Service.exe [7.2.2010 15:46 185640]
S4 sptd;sptd;h:\windows\system32\drivers\sptd.sys [3.8.2007 18:24 685816]
.
Obsah adresáře 'Naplánované úlohy'

2007-02-19 h:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2100 series5E771253C1676EBED677BF361FDFC537825E15B8163757732.job
- h:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - h:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - h:\program files\bet365MPP\MPPoker.exe
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - h:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
FF - ProfilePath - h:\documents and settings\Ondřej\Data aplikací\Mozilla\Firefox\Profiles\isyobod1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: h:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: h:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: h:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - h:\program files\ICQ6Toolbar\ICQUnToolbar.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 18:31
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(552)
h:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2916)
h:\windows\system32\WPDShServiceObj.dll
h:\windows\system32\PortableDeviceTypes.dll
h:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
h:\windows\system32\Ati2evxx.exe
h:\windows\system32\Ati2evxx.exe
h:\program files\Avira\AntiVir Desktop\avguard.exe
h:\windows\ATKKBService.exe
h:\program files\CardReader2.0\OTiReader.exe
h:\program files\Avira\AntiVir Desktop\avshadow.exe
h:\program files\CyberLink\Shared files\RichVideo.exe
h:\windows\system32\wscntfy.exe
h:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
h:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Celkový čas: 2010-05-09 18:37:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-09 16:37

ComboFix2.txt 2010-05-08 11:45
ComboFix3.txt 2010-04-16 14:42

Před spuštěním: Volných bajtů: 23 138 029 568
Po spuštění: Volných bajtů: 23 087 894 528

- - End Of File - - FED771EA4C1A5298604552F455964365


http://www.virustotal.com/cs/analisis/9 ... 1273423363

http://www.virustotal.com/cs/analisis/3 ... 1273423575

[Unlimited_Killer]

Jeden se stihl obnovit. Ale jinak to vypadá lépe.

1) Skript do ComboFix-u

• Otevřete si Poznámkový blok [Start → Spustit → notepad → Enter].
• Do něj vkopírujte následující text:

  Kód: Vybrat vše

  KillAll::
  
  Collect::
  h:\windows\system32\drivers\xuhoznxn.sys
  
  Reboot::

• Uložte tento soubor na Plochu pod jménem CFScript (koncovka .txt).
• Přetáhněte tento soubor nad ComboFix a pusťte ho.
• I tento soubor, i ComboFix musí být na Ploše!
  
• ComboFix se spustí a vykoná příkazy ze skriptu.
• Počítač bude pravděpodobně restartován.
• Po restartu na Vás vyskočí okno s logem, který mi vkopírujete sem ve formě textu.

[dosn86]

ComboFix 10-05-08.03 - Ondřej 09.05.2010 19:03:22.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.223 [GMT 2:00]
Spuštěný z: h:\documents and settings\Ondřej\Plocha\ComboFix.exe
Použité ovládací přepínače :: h:\documents and settings\Ondřej\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

file zipped: h:\windows\system32\drivers\xuhoznxn.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\windows\system32\drivers\xuhoznxn.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-09 do 2010-05-09 )))))))))))))))))))))))))))))))
.

2010-05-07 11:13 . 2010-05-07 11:13 -------- d-----w- h:\program files\trend micro
2010-05-07 11:13 . 2010-05-07 11:13 -------- d-----w- H:\rsit
2010-05-05 13:45 . 2010-03-01 08:05 124784 ----a-w- h:\windows\system32\drivers\avipbb.sys
2010-05-05 13:45 . 2009-05-11 10:49 45416 ----a-w- h:\windows\system32\drivers\avgntdd.sys
2010-05-05 13:45 . 2009-05-11 10:49 22360 ----a-w- h:\windows\system32\drivers\avgntmgr.sys
2010-05-05 13:21 . 2010-05-05 13:21 632064 ----a-w- h:\windows\system32\msvcr80.dll
2010-05-05 13:21 . 2010-05-05 13:21 554240 ----a-w- h:\windows\system32\msvcp80.dll
2010-05-05 13:21 . 2010-05-05 13:21 34048 ----a-w- h:\windows\system32\eEmpty.exe
2010-05-05 13:21 . 2004-08-17 13:49 147968 ----a-w- h:\windows\R.COM
2010-05-05 13:21 . 2004-08-17 13:49 137216 ----a-w- h:\windows\system32\T.COM
2010-05-05 13:21 . 2010-05-05 13:21 -------- d-----w- h:\program files\Common Files\MicroWorld
2010-05-05 12:40 . 2010-03-31 06:23 95872 ----a-w- h:\windows\system32\drivers\epfwtdir.sys
2010-05-05 12:40 . 2010-03-31 06:17 140216 ----a-w- h:\windows\system32\drivers\eamon.sys
2010-05-05 12:40 . 2010-03-31 06:22 114984 ----a-w- h:\windows\system32\drivers\ehdrv.sys
2010-05-02 21:20 . 2010-05-03 12:16 -------- d-----w- h:\program files\Common Files\PC Tools
2010-05-02 14:40 . 2010-04-29 13:39 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2010-05-02 14:40 . 2010-05-02 14:40 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2010-05-02 14:40 . 2010-04-29 13:39 20952 ----a-w- h:\windows\system32\drivers\mbam.sys
2010-04-16 14:37 . 2010-04-16 14:37 -------- d-----r- h:\documents and settings\LocalService\Oblíbené položky
2010-04-16 13:46 . 2010-04-16 13:46 54016 ----a-w- h:\windows\system32\drivers\eddkumxn.sys
2010-04-13 22:50 . 2009-08-06 17:23 274288 ----a-w- h:\windows\system32\mucltui.dll
2010-04-13 22:50 . 2009-08-06 17:23 215920 ----a-w- h:\windows\system32\muweb.dll
2010-04-13 22:50 . 2009-08-06 17:24 44768 ----a-w- h:\windows\system32\wups2.dll
2010-04-13 22:50 . 2009-08-06 17:24 35552 -c--a-w- h:\windows\system32\dllcache\wups.dll
2010-04-13 22:50 . 2009-08-06 17:24 35552 ----a-w- h:\windows\system32\wups.dll
2010-04-13 22:50 . 2008-10-16 13:13 202776 ----a-w- h:\windows\system32\wuweb.dll
2010-04-13 22:50 . 2008-10-16 13:13 1809944 ----a-w- h:\windows\system32\wuaueng.dll
2010-04-13 22:50 . 2008-10-16 13:12 323608 ----a-w- h:\windows\system32\wucltui.dll
2010-04-13 22:50 . 2008-10-16 13:09 51224 ----a-w- h:\windows\system32\wuauclt.exe
2010-04-13 22:50 . 2008-10-16 13:12 561688 ----a-w- h:\windows\system32\wuapi.dll
2010-04-13 22:50 . 2008-10-16 13:09 92696 ----a-w- h:\windows\system32\cdm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 18:33 . 2008-07-31 15:31 -------- d-----w- h:\program files\PokerStars
2010-05-05 22:20 . 2010-01-17 20:39 -------- d-----w- h:\program files\Opera
2010-05-05 13:43 . 2009-10-21 12:31 44089584 ----a-w- h:\program files\avira_antivir_personal_en.exe
2010-04-23 21:48 . 2010-04-04 19:44 -------- d-----w- h:\program files\Full Tilt Poker
2010-04-19 12:13 . 2006-11-24 15:15 -------- d-----w- h:\program files\Google
2010-04-14 20:55 . 2009-05-01 15:24 1924976 ----a-w- h:\program files\install_flash_player.exe
2010-04-04 19:43 . 2010-04-04 19:42 25138570 ----a-w- h:\program files\FullTiltSetup.exe
2010-03-28 18:15 . 2001-10-25 12:00 70556 ----a-w- h:\windows\system32\perfc005.dat
2010-03-28 18:15 . 2001-10-25 12:00 395062 ----a-w- h:\windows\system32\perfh005.dat
2010-03-25 22:09 . 2006-09-21 06:00 -------- d--h--w- h:\program files\InstallShield Installation Information
2010-03-25 22:09 . 2006-09-21 06:21 -------- d-----w- h:\program files\ASUS
2010-03-11 01:00 . 2010-03-11 01:00 569504 ----a-w- h:\program files\GoogleEarthSetup.exe
2010-02-16 12:24 . 2009-10-21 12:11 60936 ----a-w- h:\windows\system32\drivers\avgntflt.sys
2010-02-07 13:42 . 2010-02-07 13:42 1676592 ----a-w- h:\program files\mikogo-starter.exe
2010-01-17 20:38 . 2010-01-17 20:38 11650440 ----a-w- h:\program files\Opera_1010_in_Setup.exe
2009-09-27 14:44 . 2009-09-27 14:44 4938616 ----a-w- h:\program files\Silverlight.exe
2009-09-20 11:48 . 2009-09-20 11:48 31863808 ----a-w- h:\program files\eav_nt32_csy.msi
2009-06-07 16:55 . 2009-06-05 15:59 200 ----a-w- h:\program files\OnLineInfo.his
2009-06-07 16:47 . 2009-06-05 15:52 4900 -c--a-w- h:\program files\Dily.rdd
2009-06-05 15:55 . 2009-06-05 15:53 87589 ----a-w- h:\program files\reindex_Errors.txt
2008-11-03 11:13 . 2008-11-03 11:13 79099888 ----a-w- h:\program files\CyberLink.2021aD_Online_DVD080924-02.exe
2008-07-31 15:30 . 2008-07-31 15:30 7976376 ----a-w- h:\program files\PokerStarsInstall.exe
2008-06-09 12:08 . 2008-06-09 12:07 7726360 ----a-w- h:\program files\Google_Earth_CZXV.exe
2008-02-19 21:43 . 2008-02-19 21:43 1629817 ----a-w- h:\program files\installspeedfan433.exe
2008-01-09 11:19 . 2008-01-09 11:19 293153 ----a-w- h:\program files\fmvc_setup.zip
2007-08-21 15:02 . 2007-08-21 15:02 10050902 ----a-w- h:\program files\Codecs6030_allin1.exe
2007-07-25 13:33 . 2007-07-25 13:33 3276176 ----a-w- h:\program files\DivXCodec.exe
2007-02-09 22:36 . 2007-02-09 22:36 5713825 ----a-w- h:\program files\ExpektPokerClient_2.5.7.105.exe
2007-02-05 11:54 . 2007-02-05 11:54 7660520 ----a-w- h:\program files\ubsetup.exe
2007-01-04 23:27 . 2007-01-04 23:27 9099405 ----a-w- h:\program files\ParadisePokerSetup_5004.exe
2006-11-13 16:24 . 2006-10-27 08:16 190048 ----a-w- h:\program files\Morpheus.exe
2006-11-10 11:39 . 2006-11-10 11:39 14879120 ----a-w- h:\program files\GoogleEarthWin.exe
2006-11-02 23:54 . 2006-11-02 23:54 11937728 ----a-w- h:\program files\setupcze.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="h:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="h:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"CRBroadCasting"="h:\program files\CardReader2.0\CRBroadCasting.exe" [2004-02-26 24576]
"avgnt"="h:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

h:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hp psc 2000 Series.lnk - h:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]
hpoddt01.exe.lnk - h:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\GameFace Messenger\\GameFace.exe"=
"h:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"h:\\Documents and Settings\\Ondřej\\Plocha\\StrongDC.exe"=
"h:\\Program Files\\Dc\\StrongDC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"h:\\Program Files\\ICQ6.5\\ICQ.exe"=
"h:\\Program Files\\Opera\\opera.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;h:\program files\Avira\AntiVir Desktop\sched.exe [5.5.2010 15:45 135336]
S2 gupdate;Google Update Service (gupdate);h:\program files\Google\Update\GoogleUpdate.exe [11.3.2010 3:00 135664]
S3 B-Service;B-Service;h:\documents and settings\Ondřej\Data aplikací\Mikogo\B-Service.exe [7.2.2010 15:46 185640]
S4 sptd;sptd;h:\windows\system32\drivers\sptd.sys [3.8.2007 18:24 685816]
.
Obsah adresáře 'Naplánované úlohy'

2007-02-19 h:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2100 series5E771253C1676EBED677BF361FDFC537825E15B8163757732.job
- h:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - h:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - h:\program files\bet365MPP\MPPoker.exe
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - h:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
FF - ProfilePath - h:\documents and settings\Ondřej\Data aplikací\Mozilla\Firefox\Profiles\isyobod1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: h:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: h:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: h:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 19:11
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(548)
h:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1328)
h:\windows\system32\WPDShServiceObj.dll
h:\windows\system32\PortableDeviceTypes.dll
h:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
h:\windows\system32\Ati2evxx.exe
h:\windows\system32\Ati2evxx.exe
h:\program files\Avira\AntiVir Desktop\avguard.exe
h:\windows\ATKKBService.exe
h:\program files\CardReader2.0\OTiReader.exe
h:\program files\Avira\AntiVir Desktop\avshadow.exe
h:\program files\CyberLink\Shared files\RichVideo.exe
h:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
h:\windows\system32\wscntfy.exe
h:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Celkový čas: 2010-05-09 19:17:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-09 17:17
ComboFix2.txt 2010-05-09 16:37
ComboFix3.txt 2010-05-08 11:45
ComboFix4.txt 2010-04-16 14:42

Před spuštěním: Volných bajtů: 23 086 358 528
Po spuštění: Volných bajtů: 23 068 803 072

- - End Of File - - CE200DCAB568DE6DADBDCEFD472527D5

[Unlimited_Killer]

Výborně, prosím o nový RSIT log.

[dosn86]

Logfile of random's system information tool 1.07 (written by random/random)
Run by Ondřej at 2010-05-09 19:52:20
Systém Microsoft Windows XP Professional Service Pack 2
System drive H: has 22 GB (29%) free of 76 GB
Total RAM: 511 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:52:27, on 9.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir Desktop\sched.exe
H:\Program Files\Avira\AntiVir Desktop\avguard.exe
H:\WINDOWS\ATKKBService.exe
H:\Program Files\CardReader2.0\OTiReader.exe
H:\Program Files\Google\Update\GoogleUpdate.exe
H:\Program Files\Avira\AntiVir Desktop\avshadow.exe
H:\Program Files\CyberLink\Shared files\RichVideo.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Analog Devices\Core\smax4pnp.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\CardReader2.0\CRBroadCasting.exe
H:\Program Files\Avira\AntiVir Desktop\avgnt.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\WINDOWS\explorer.exe
H:\Program Files\Opera\opera.exe
H:\ruzne\RSIT.exe
H:\Program Files\trend micro\Ondřej.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CRBroadCasting] H:\Program Files\CardReader2.0\CRBroadCasting.exe
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - H:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - H:\Program Files\bet365MPP\MPPoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - H:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ATKKBService.exe
O23 - Service: B-Service - Unknown owner - H:\Documents and Settings\Ondřej\Data aplikací\Mikogo\B-Service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OTi Card Reader Service - Unknown owner - H:\Program Files\CardReader2.0\OTiReader.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - H:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8184 bytes

======Scheduled tasks folder======

H:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1163757732.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-16 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - H:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2010-05-06 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - H:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2010-04-16 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-16 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=H:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=H:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"ATICCC"=H:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"CRBroadCasting"=H:\Program Files\CardReader2.0\CRBroadCasting.exe [2004-02-26 24576]
"avgnt"=H:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

H:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
hp psc 2000 Series.lnk - H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
hpoddt01.exe.lnk - H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
H:\WINDOWS\system32\Ati2evxx.dll [2006-03-17 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
H:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - H:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\GameFace Messenger\GameFace.exe"="H:\Program Files\GameFace Messenger\GameFace.exe:*:Disabled:IM"
"H:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="H:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"H:\Documents and Settings\Ondřej\Plocha\StrongDC.exe"="H:\Documents and Settings\Ondřej\Plocha\StrongDC.exe:*:Enabled:StrongDC++"
"H:\Program Files\Dc\StrongDC.exe"="H:\Program Files\Dc\StrongDC.exe:*:Enabled:StrongDC++"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="H:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"H:\Program Files\ICQ6.5\ICQ.exe"="H:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"H:\Program Files\Opera\opera.exe"="H:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="H:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"

======List of files/folders created in the last 1 months======

2010-05-09 19:17:59 ----A---- H:\ComboFix.txt
2010-05-09 19:09:30 ----D---- H:\WINDOWS\temp
2010-05-07 13:13:24 ----D---- H:\Program Files\trend micro
2010-05-07 13:13:23 ----D---- H:\rsit
2010-05-05 15:48:36 ----D---- H:\Documents and Settings\Ondřej\Data aplikací\Avira
2010-05-05 15:45:58 ----D---- H:\Documents and Settings\All Users\Data aplikací\Avira
2010-05-05 15:21:27 ----A---- H:\WINDOWS\system32\msvcr80.dll
2010-05-05 15:21:26 ----A---- H:\WINDOWS\system32\msvcp80.dll
2010-05-05 15:21:25 ----A---- H:\WINDOWS\system32\eEmpty.exe
2010-05-05 15:21:20 ----A---- H:\WINDOWS\system32\T.COM
2010-05-05 15:21:20 ----A---- H:\WINDOWS\R.COM
2010-05-05 15:21:18 ----D---- H:\Program Files\Common Files\MicroWorld
2010-05-05 15:21:10 ----D---- H:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-05-05 14:57:03 ----HDC---- H:\WINDOWS\$NtUninstallKB914882$
2010-05-05 14:39:59 ----D---- H:\Config.Msi
2010-05-02 23:20:47 ----D---- H:\Program Files\Common Files\PC Tools
2010-05-02 16:40:03 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2010-04-16 16:23:13 ----A---- H:\Boot.bak
2010-04-16 16:23:00 ----RASHD---- H:\cmdcons
2010-04-16 16:21:52 ----A---- H:\WINDOWS\zip.exe
2010-04-16 16:21:52 ----A---- H:\WINDOWS\SWXCACLS.exe
2010-04-16 16:21:52 ----A---- H:\WINDOWS\SWSC.exe
2010-04-16 16:21:52 ----A---- H:\WINDOWS\SWREG.exe
2010-04-16 16:21:52 ----A---- H:\WINDOWS\sed.exe
2010-04-16 16:21:52 ----A---- H:\WINDOWS\PEV.exe
2010-04-16 16:21:52 ----A---- H:\WINDOWS\NIRCMD.exe
2010-04-16 16:21:52 ----A---- H:\WINDOWS\MBR.exe
2010-04-16 16:21:52 ----A---- H:\WINDOWS\grep.exe
2010-04-16 16:21:07 ----D---- H:\WINDOWS\ERDNT
2010-04-16 16:10:05 ----D---- H:\Qoobox
2010-04-14 01:07:05 ----HDC---- H:\WINDOWS\$NtUninstallKB978601$
2010-04-14 01:06:53 ----HDC---- H:\WINDOWS\$NtUninstallKB979309$
2010-04-14 00:50:52 ----A---- H:\WINDOWS\system32\muweb.dll
2010-04-14 00:50:52 ----A---- H:\WINDOWS\system32\mucltui.dll.mui
2010-04-14 00:50:52 ----A---- H:\WINDOWS\system32\mucltui.dll
2010-04-14 00:50:49 ----A---- H:\WINDOWS\system32\wuweb.dll
2010-04-14 00:50:49 ----A---- H:\WINDOWS\system32\wups2.dll
2010-04-14 00:50:49 ----A---- H:\WINDOWS\system32\wups.dll
2010-04-14 00:50:48 ----A---- H:\WINDOWS\system32\wucltui.dll
2010-04-14 00:50:48 ----A---- H:\WINDOWS\system32\wuaueng.dll
2010-04-14 00:50:48 ----A---- H:\WINDOWS\system32\wuauclt.exe
2010-04-14 00:50:47 ----A---- H:\WINDOWS\system32\wuapi.dll
2010-04-14 00:50:47 ----A---- H:\WINDOWS\system32\cdm.dll
2010-04-14 00:32:45 ----D---- H:\Documents and Settings\Ondřej\Data aplikací\Malwarebytes
2010-04-14 00:32:32 ----D---- H:\Documents and Settings\All Users\Data aplikací\Malwarebytes

======List of files/folders modified in the last 1 months======

2010-05-09 19:52:28 ----D---- H:\WINDOWS\Prefetch
2010-05-09 19:18:03 ----D---- H:\WINDOWS\system32\drivers
2010-05-09 19:11:31 ----D---- H:\WINDOWS\system32\CatRoot2
2010-05-09 19:11:27 ----D---- H:\WINDOWS
2010-05-09 19:11:27 ----A---- H:\WINDOWS\system.ini
2010-05-09 19:07:53 ----D---- H:\WINDOWS\system32
2010-05-09 19:07:53 ----D---- H:\WINDOWS\AppPatch
2010-05-09 19:07:50 ----D---- H:\Program Files\Common Files
2010-05-09 19:01:04 ----A---- H:\WINDOWS\SchedLgU.Txt
2010-05-09 18:29:54 ----RSHDC---- H:\WINDOWS\system32\dllcache
2010-05-09 18:29:04 ----D---- H:\WINDOWS\system32\config
2010-05-09 18:28:25 ----RD---- H:\Program Files
2010-05-09 18:28:24 ----SD---- H:\WINDOWS\Tasks
2010-05-08 20:33:39 ----D---- H:\Program Files\PokerStars
2010-05-08 13:26:40 ----SHD---- H:\System Volume Information
2010-05-08 13:26:40 ----D---- H:\WINDOWS\system32\Restore
2010-05-07 13:12:11 ----D---- H:\ruzne
2010-05-07 00:30:44 ----D---- H:\WINDOWS\system32\NtmsData
2010-05-07 00:30:04 ----D---- H:\WINDOWS\Registration
2010-05-07 00:26:20 ----D---- H:\WINDOWS\Minidump
2010-05-06 21:40:57 ----HDC---- H:\WINDOWS\$NtUninstallKB922760$
2010-05-06 00:20:44 ----SHD---- H:\WINDOWS\Installer
2010-05-06 00:20:36 ----D---- H:\Program Files\Opera
2010-05-05 15:53:09 ----HD---- H:\WINDOWS\inf
2010-05-05 15:53:00 ----D---- H:\WINDOWS\repair
2010-05-05 15:43:56 ----A---- H:\Program Files\avira_antivir_personal_en.exe
2010-05-05 15:39:37 ----D---- H:\WINDOWS\WinSxS
2010-05-05 15:01:29 ----SD---- H:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-05-05 14:56:51 ----HD---- H:\WINDOWS\$hf_mig$
2010-05-04 00:18:41 ----A---- H:\WINDOWS\NeroDigital.ini
2010-05-03 23:56:52 ----D---- H:\Program Files\Mozilla Firefox
2010-05-03 14:16:52 ----AD---- H:\Documents and Settings\All Users\Data aplikací\Temp
2010-04-26 20:29:37 ----D---- H:\Documents and Settings\Ondřej\Data aplikací\ICQ
2010-04-23 23:48:50 ----D---- H:\Program Files\Full Tilt Poker
2010-04-19 14:13:27 ----D---- H:\Program Files\Google
2010-04-16 16:37:47 ----D---- H:\Documents and Settings\All Users\Data aplikací\Google
2010-04-16 16:23:14 ----RASH---- H:\boot.ini
2010-04-14 22:55:40 ----A---- H:\Program Files\install_flash_player.exe
2010-04-14 16:58:47 ----HDC---- H:\WINDOWS\$NtUninstallKB957095$
2010-04-14 01:07:08 ----A---- H:\WINDOWS\imsins.BAK
2010-04-14 00:50:51 ----D---- H:\WINDOWS\Help
2010-04-14 00:46:06 ----RSD---- H:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; H:\WINDOWS\system32\drivers\AFS2K.sys [2006-11-17 82380]
R1 asuskbnt;Enhanced Display Driver Helper Service; H:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 avgio;avgio; \??\H:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; H:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Řadič procesoru Intel; H:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 ssmdrv;ssmdrv; H:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; H:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 EIO;EIO; \??\H:\WINDOWS\system32\drivers\EIO.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; H:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; H:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 ati2mtag;ati2mtag; H:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-17 1520640]
R3 catchme;catchme; \??\H:\ComboFix\catchme.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Ovladač třídy standardu HID; H:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; H:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 SenFiltService;SenFilt Service; H:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; H:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; H:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; H:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Video3D;ASUS Video3D Service; H:\WINDOWS\System32\Drivers\Video3D32.sys [2005-09-27 16000]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; H:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-03-30 230400]
S1 asusgsb;ASUS Virtual Video Capture Device Driver; H:\WINDOWS\system32\drivers\asusgsb32.sys []
S3 CCDECODE;Dekodér Closed Caption; H:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; H:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; H:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; H:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; H:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 mbr;mbr; \??\H:\DOCUME~1\ONDEJ~1\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; H:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; H:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; H:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; H:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; H:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; H:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 SLIP;BDA Slip De-Framer; H:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); H:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; H:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Třída USB Printer; H:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; H:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; H:\WINDOWS\System32\Drivers\sptd.sys [2007-08-03 685816]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; H:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; H:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 Ati HotKey Poller;Ati HotKey Poller; H:\WINDOWS\system32\Ati2evxx.exe [2006-03-17 405504]
R2 ATKKeyboardService;ATK Keyboard Service; H:\WINDOWS\ATKKBService.exe [2006-04-10 241664]
R2 OTi Card Reader Service;OTi Card Reader Service; H:\Program Files\CardReader2.0\OTiReader.exe [2004-03-04 131177]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); H:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 gupdate;Google Update Service (gupdate); H:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-11 135664]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 B-Service;B-Service; H:\Documents and Settings\Ondřej\Data aplikací\Mikogo\B-Service.exe [2010-02-07 185640]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-16 182768]
S3 IDriverT;InstallDriver Table Manager; H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Pml Driver HPZ12;Pml Driver HPZ12; H:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
S3 ServiceLayer;ServiceLayer; H:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; H:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[Unlimited_Killer]

Pokračujeme.

1) Fixnutí v HJT

• Spusťte přejmenované HijackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_uzivatele.exe
• Následně klikněte na 'Do a system scan only'.
• U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.

  Kód: Vybrat vše

  R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
  R3 - URLSearchHook: (no name) - - (no file)
  O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
  O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - H:\Program Files\PokerStars\PokerStarsUpdate.exe
  O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - H:\Program Files\bet365MPP\MPPoker.exe (file missing)
  O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
  O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
  O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe (file missing)
  O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe (file missing)
  O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - H:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (file missing)
  O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
  O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
  O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab

• Pokud by tam nějaká položka nebyla, vynechte ji.

2) Proveďte Kompletní Malwarebyte's Anti Malware test a vložte sem log

3) Odinstalace ComboFixu

• Proklikejte se přes Start do Spustit [klávesová zkratka je Win+R].
• Do textového pole napište:

  Kód: Vybrat vše

  ComboFix /Uninstall

• Stiskněte Enter.
• Spustí se odinstalace ComboFixu, která smaže všechny jeho součásti.

4) OTCleaner

• Stáhněte OTC a dvojklikem ho spusťte.
• Vyskočí okénko, kde kliknete na 'CleanUp!'.
• Potvrdíte kliknutím na 'Yes'.
• Poté se ještě zeptá, zda chcete restartovat PC - to proveďte opět kliknutím na 'Yes'.

5) CCleaner

• Stáhněte si program jménem CCleaner.
• Normálně nainstalujte, jen dávejte pozor a odškrtněte položku 'Instalovat Yahoo! Toolbar'.
• Spusťte ho.
  
  • Záložka Čistič → nechte zatrženo vše, jak je, a klikněte na 'Spustit CCleaner'.
  • Záložka Registry → klikněte na 'Hledej problémy'. Vyhledá problémy v registru, až dokončí analyzování, klikněte na 'Opravit vybrané problémy'. Nabídne Vám vytvoření zálohy - pro jistotu ji vytvořte a uložte například na Plochu.
• CCleaner doporučuji používat pravidelně, celkem rapidně dokáže zrychlit PC.

6) Defragmentace

• Defragmentujte disk.
• Lze to udělat několika způsoby ↓
  • Přes defragmentaci integrovanou ve Windows [Start → Spustit → dfrg.msc → Enter]. Toto není příliš účinný způsob.
  • Přes jednoduchý a přehledný program jménem Defraggler.
  • Přes geniální program, který se nemusí instalovat a je hodně jednoduchý - JKDefrag.

7) FileHippo.com UpdateChecker

• Abyste měl/a přehled o aktualizacích, doporučuji stáhnout program FileHippo.com UpdateChecker.
  • Běžně ho nainstalujte.
  • Spouštějte ho například jednou až dvakrát týdně.
  • Přehledně zobrazí všechny programy, které jsou neaktualizované, nabídne stažení novější verze (což doporučuji).
  • Dávejte si pozor,co dané aplikace instalují 's sebou' → například zbytečné toolbary (lišty).
    • Proto se nevyplatí bezmyšlenkovitě klikat na 'Next', popřípadě 'Další'.

8) Nový RSIT log

[dosn86]

Tak hotovo, Malwarebyte's Anti Malware našel 3 infikované soubory a smazal je, jinak pc vypadá ok.

posílám logy

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4059

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

10.5.2010 11:08:56
mbam-log-2010-05-10 (11-08-56).txt

Typ skenu: Úplný sken (H:\|)
Skenované objekty: 190505
Uplynulý čas: 37 minuta(y), 22 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
H:\Program Files\Poker\Expekt Poker\_t2c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\Qoobox\Quarantine\H\WINDOWS\system32\drivers\reslcov.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{DF1438E6-6178-4C2E-BD13-99F75C82F6DD}\RP1\A0001327.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


A log Rsit


Logfile of random's system information tool 1.07 (written by random/random)
Run by Ondřej at 2010-05-10 13:02:35
Systém Microsoft Windows XP Professional Service Pack 2
System drive H: has 22 GB (29%) free of 76 GB
Total RAM: 511 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:02:48, on 10.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir Desktop\sched.exe
H:\Program Files\Analog Devices\Core\smax4pnp.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\CardReader2.0\CRBroadCasting.exe
H:\Program Files\Avira\AntiVir Desktop\avgnt.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
H:\Program Files\Avira\AntiVir Desktop\avguard.exe
H:\WINDOWS\ATKKBService.exe
H:\Program Files\CardReader2.0\OTiReader.exe
H:\Program Files\CyberLink\Shared files\RichVideo.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Google\Update\GoogleUpdate.exe
H:\Program Files\Avira\AntiVir Desktop\avshadow.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\Opera\opera.exe
H:\ruzne\RSIT.exe
H:\Program Files\trend micro\Ondřej.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CRBroadCasting] H:\Program Files\CardReader2.0\CRBroadCasting.exe
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ATKKBService.exe
O23 - Service: B-Service - Unknown owner - H:\Documents and Settings\Ondřej\Data aplikací\Mikogo\B-Service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OTi Card Reader Service - Unknown owner - H:\Program Files\CardReader2.0\OTiReader.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - H:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6484 bytes

======Scheduled tasks folder======

H:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1163757732.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-16 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - H:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2010-05-06 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - H:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2010-04-16 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-16 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=H:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=H:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"ATICCC"=H:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"CRBroadCasting"=H:\Program Files\CardReader2.0\CRBroadCasting.exe [2004-02-26 24576]
"avgnt"=H:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=H:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

H:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
hp psc 2000 Series.lnk - H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
hpoddt01.exe.lnk - H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
H:\WINDOWS\system32\Ati2evxx.dll [2006-03-17 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
H:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - H:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\GameFace Messenger\GameFace.exe"="H:\Program Files\GameFace Messenger\GameFace.exe:*:Disabled:IM"
"H:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="H:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"H:\Documents and Settings\Ondřej\Plocha\StrongDC.exe"="H:\Documents and Settings\Ondřej\Plocha\StrongDC.exe:*:Enabled:StrongDC++"
"H:\Program Files\Dc\StrongDC.exe"="H:\Program Files\Dc\StrongDC.exe:*:Enabled:StrongDC++"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="H:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"H:\Program Files\ICQ6.5\ICQ.exe"="H:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"H:\Program Files\Opera\opera.exe"="H:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="H:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"

======List of files/folders created in the last 1 months======

2010-05-10 13:02:35 ----D---- H:\rsit
2010-05-10 11:33:07 ----D---- H:\Program Files\Defraggler
2010-05-10 11:31:32 ----SHD---- H:\RECYCLER
2010-05-10 11:22:18 ----A---- H:\Program Files\ccsetup231.exe
2010-05-09 19:09:30 ----D---- H:\WINDOWS\temp
2010-05-07 13:13:24 ----D---- H:\Program Files\trend micro
2010-05-05 15:48:36 ----D---- H:\Documents and Settings\Ondřej\Data aplikací\Avira
2010-05-05 15:45:58 ----D---- H:\Documents and Settings\All Users\Data aplikací\Avira
2010-05-05 15:21:27 ----A---- H:\WINDOWS\system32\msvcr80.dll
2010-05-05 15:21:26 ----A---- H:\WINDOWS\system32\msvcp80.dll
2010-05-05 15:21:25 ----A---- H:\WINDOWS\system32\eEmpty.exe
2010-05-05 15:21:20 ----A---- H:\WINDOWS\system32\T.COM
2010-05-05 15:21:20 ----A---- H:\WINDOWS\R.COM
2010-05-05 15:21:18 ----D---- H:\Program Files\Common Files\MicroWorld
2010-05-05 15:21:10 ----D---- H:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-05-05 14:57:03 ----HDC---- H:\WINDOWS\$NtUninstallKB914882$
2010-05-05 14:39:59 ----D---- H:\Config.Msi
2010-05-02 23:20:47 ----D---- H:\Program Files\Common Files\PC Tools
2010-05-02 16:40:03 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2010-04-16 16:23:13 ----A---- H:\Boot.bak
2010-04-16 16:23:00 ----RASHD---- H:\cmdcons
2010-04-16 16:21:07 ----D---- H:\WINDOWS\ERDNT
2010-04-14 01:07:05 ----HDC---- H:\WINDOWS\$NtUninstallKB978601$
2010-04-14 01:06:53 ----HDC---- H:\WINDOWS\$NtUninstallKB979309$
2010-04-14 00:50:52 ----A---- H:\WINDOWS\system32\muweb.dll
2010-04-14 00:50:52 ----A---- H:\WINDOWS\system32\mucltui.dll.mui
2010-04-14 00:50:52 ----A---- H:\WINDOWS\system32\mucltui.dll
2010-04-14 00:50:49 ----A---- H:\WINDOWS\system32\wuweb.dll
2010-04-14 00:50:49 ----A---- H:\WINDOWS\system32\wups2.dll
2010-04-14 00:50:49 ----A---- H:\WINDOWS\system32\wups.dll
2010-04-14 00:50:48 ----A---- H:\WINDOWS\system32\wucltui.dll
2010-04-14 00:50:48 ----A---- H:\WINDOWS\system32\wuaueng.dll
2010-04-14 00:50:48 ----A---- H:\WINDOWS\system32\wuauclt.exe
2010-04-14 00:50:47 ----A---- H:\WINDOWS\system32\wuapi.dll
2010-04-14 00:50:47 ----A---- H:\WINDOWS\system32\cdm.dll
2010-04-14 00:32:45 ----D---- H:\Documents and Settings\Ondřej\Data aplikací\Malwarebytes
2010-04-14 00:32:32 ----D---- H:\Documents and Settings\All Users\Data aplikací\Malwarebytes

======List of files/folders modified in the last 1 months======

2010-05-10 13:02:13 ----D---- H:\ruzne
2010-05-10 12:56:05 ----D---- H:\WINDOWS
2010-05-10 11:33:07 ----RD---- H:\Program Files
2010-05-10 11:32:54 ----D---- H:\WINDOWS\Prefetch
2010-05-10 11:26:03 ----D---- H:\WINDOWS\Minidump
2010-05-10 11:25:17 ----D---- H:\Program Files\CCleaner
2010-05-10 11:20:20 ----D---- H:\WINDOWS\system32\CatRoot2
2010-05-10 11:19:57 ----SHD---- H:\System Volume Information
2010-05-10 11:19:57 ----D---- H:\WINDOWS\system32\Restore
2010-05-10 11:19:00 ----N---- H:\WINDOWS\SchedLgU.Txt
2010-05-10 11:13:33 ----HDC---- H:\WINDOWS\$NtUninstallKB919007$
2010-05-10 11:13:33 ----D---- H:\WINDOWS\system32\drivers
2010-05-10 10:27:37 ----SD---- H:\WINDOWS\Downloaded Program Files
2010-05-09 23:39:13 ----D---- H:\Program Files\PokerStars
2010-05-09 19:11:27 ----A---- H:\WINDOWS\system.ini
2010-05-09 19:07:53 ----D---- H:\WINDOWS\system32
2010-05-09 19:07:53 ----D---- H:\WINDOWS\AppPatch
2010-05-09 19:07:50 ----D---- H:\Program Files\Common Files
2010-05-09 18:29:54 ----RSHDC---- H:\WINDOWS\system32\dllcache
2010-05-09 18:29:04 ----D---- H:\WINDOWS\system32\config
2010-05-09 18:28:24 ----SD---- H:\WINDOWS\Tasks
2010-05-07 00:30:44 ----D---- H:\WINDOWS\system32\NtmsData
2010-05-07 00:30:04 ----D---- H:\WINDOWS\Registration
2010-05-06 21:40:57 ----HDC---- H:\WINDOWS\$NtUninstallKB922760$
2010-05-06 00:20:44 ----SHD---- H:\WINDOWS\Installer
2010-05-06 00:20:36 ----D---- H:\Program Files\Opera
2010-05-05 15:53:09 ----HD---- H:\WINDOWS\inf
2010-05-05 15:53:00 ----D---- H:\WINDOWS\repair
2010-05-05 15:43:56 ----A---- H:\Program Files\avira_antivir_personal_en.exe
2010-05-05 15:39:37 ----D---- H:\WINDOWS\WinSxS
2010-05-05 15:01:29 ----SD---- H:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-05-05 14:56:51 ----HD---- H:\WINDOWS\$hf_mig$
2010-05-04 00:18:41 ----A---- H:\WINDOWS\NeroDigital.ini
2010-05-03 23:56:52 ----D---- H:\Program Files\Mozilla Firefox
2010-05-03 14:16:52 ----AD---- H:\Documents and Settings\All Users\Data aplikací\Temp
2010-04-26 20:29:37 ----D---- H:\Documents and Settings\Ondřej\Data aplikací\ICQ
2010-04-23 23:48:50 ----D---- H:\Program Files\Full Tilt Poker
2010-04-19 14:13:27 ----D---- H:\Program Files\Google
2010-04-16 16:37:47 ----D---- H:\Documents and Settings\All Users\Data aplikací\Google
2010-04-16 16:23:14 ----RASH---- H:\boot.ini
2010-04-14 22:55:40 ----A---- H:\Program Files\install_flash_player.exe
2010-04-14 16:58:47 ----HDC---- H:\WINDOWS\$NtUninstallKB957095$
2010-04-14 00:50:51 ----D---- H:\WINDOWS\Help
2010-04-14 00:46:06 ----RSD---- H:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; H:\WINDOWS\system32\drivers\AFS2K.sys [2006-11-17 82380]
R1 asuskbnt;Enhanced Display Driver Helper Service; H:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 avgio;avgio; \??\H:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; H:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Řadič procesoru Intel; H:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 ssmdrv;ssmdrv; H:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; H:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 EIO;EIO; \??\H:\WINDOWS\system32\drivers\EIO.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; H:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; H:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 ati2mtag;ati2mtag; H:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-17 1520640]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Ovladač třídy standardu HID; H:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; H:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 SenFiltService;SenFilt Service; H:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; H:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; H:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; H:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Video3D;ASUS Video3D Service; H:\WINDOWS\System32\Drivers\Video3D32.sys [2005-09-27 16000]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; H:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-03-30 230400]
S1 asusgsb;ASUS Virtual Video Capture Device Driver; H:\WINDOWS\system32\drivers\asusgsb32.sys []
S3 CCDECODE;Dekodér Closed Caption; H:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; H:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; H:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; H:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; H:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; H:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; H:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; H:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; H:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; H:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; H:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 SLIP;BDA Slip De-Framer; H:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); H:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; H:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Třída USB Printer; H:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; H:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; H:\WINDOWS\System32\Drivers\sptd.sys [2007-08-03 685816]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; H:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; H:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 Ati HotKey Poller;Ati HotKey Poller; H:\WINDOWS\system32\Ati2evxx.exe [2006-03-17 405504]
R2 ATKKeyboardService;ATK Keyboard Service; H:\WINDOWS\ATKKBService.exe [2006-04-10 241664]
R2 OTi Card Reader Service;OTi Card Reader Service; H:\Program Files\CardReader2.0\OTiReader.exe [2004-03-04 131177]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); H:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 gupdate;Google Update Service (gupdate); H:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-11 135664]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 B-Service;B-Service; H:\Documents and Settings\Ondřej\Data aplikací\Mikogo\B-Service.exe [2010-02-07 185640]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-16 182768]
S3 IDriverT;InstallDriver Table Manager; H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Pml Driver HPZ12;Pml Driver HPZ12; H:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
S3 ServiceLayer;ServiceLayer; H:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; H:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[Unlimited_Killer]

Je to vše, jsou s PC nějaké problémy?

[dosn86]

Pc je v pořádku, děkuju mnohokrát za pomoc!

[Unlimited_Killer]

Není zač, děkuji za spolupráci a na shledanou.