trojan-spy.win32.year2010-wors

[Pavel.Si]

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Pavel\Plocha\RSIT.exe
C:\Program Files\trend micro\Pavel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Pavel\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Pavel\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DocumentExporterIE - {e88d1d51-70d0-4a24-b58c-b509d39fdbb9} - C:\Program Files\AssistMyTeam\Document Exporter for Internet Explorer\adxloader.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: Document Exporter - {da153d37-a57e-4f22-a649-6aeef4a10c28} - C:\Program Files\AssistMyTeam\Document Exporter for Internet Explorer\adxloader.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [IRReceive] "C:\Program Files\IRReceive\IRReceive.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\Pavel\Data aplikací\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: system32.lnk = C:\WINDOWS\winapp\ssh.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {22B54AE0-66FC-4D7E-83F8-4ECE0C335344} - file://C:\Program Files\AssistMyTeam\Document Exporter for Internet Explorer\DocumentExporterIE.IEModule.33574638.js
O9 - Extra 'Tools' menuitem: Document Exporter Settings - {22B54AE0-66FC-4D7E-83F8-4ECE0C335344} - file://C:\Program Files\AssistMyTeam\Document Exporter for Internet Explorer\DocumentExporterIE.IEModule.33574638.js
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Document Exporter Settings - {98B1071E-3F73-40C1-9F04-256AE8C7B5DF} - C:\Program Files\AssistMyTeam\Document Exporter for Internet Explorer\adxloader.dll
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 8486 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1383384898-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1383384898-839522115-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\Pavel\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2010-04-12 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e88d1d51-70d0-4a24-b58c-b509d39fdbb9}]
DocumentExporterIE - C:\Program Files\AssistMyTeam\Document Exporter for Internet Explorer\adxloader.dll [2010-02-25 466944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-12-31 2349080]
{da153d37-a57e-4f22-a649-6aeef4a10c28} - Document Exporter - C:\Program Files\AssistMyTeam\Document Exporter for Internet Explorer\adxloader.dll [2010-02-25 466944]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-05-21 17881600]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"IRReceive"=C:\Program Files\IRReceive\IRReceive.exe [2008-04-30 680009]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-02-23 278528]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"= []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"QIP Internet Guardian"=C:\Documents and Settings\Pavel\Data aplikací\QipGuard\QipGuard.exe [2010-04-12 181760]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Google Update"=C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-04-26 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.1\ICQ.exe [2010-04-25 133368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-04-06 26102056]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe

C:\Documents and Settings\Pavel\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
system32.lnk - C:\WINDOWS\winapp\ssh.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\knight\KoH.exe"="D:\knight\KoH.exe:*:Enabled:KoH"
"C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe"="C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe:*:Enabled:ArcSoft TotalMedia"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

======File associations======

.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-05-11 19:49:25 ----D---- C:\rsit
2010-05-11 19:24:02 ----D---- C:\_OTM
2010-05-11 18:57:23 ----D---- C:\WINDOWS\ERDNT
2010-05-11 18:57:22 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Malwarebytes
2010-05-11 18:47:12 ----SHD---- C:\WINDOWS\CSC
2010-05-11 18:47:08 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-11 13:51:15 ----N---- C:\WINDOWS\system32\TwnLib4.dll
2010-05-11 13:51:15 ----N---- C:\WINDOWS\system32\picn20.dll
2010-05-11 13:51:15 ----N---- C:\WINDOWS\system32\ImagXRA7.dll
2010-05-11 13:51:15 ----N---- C:\WINDOWS\system32\ImagXR7.dll
2010-05-11 13:51:15 ----N---- C:\WINDOWS\system32\ImagXpr7.dll
2010-05-11 13:51:15 ----N---- C:\WINDOWS\system32\ImagX7.dll
2010-05-11 13:51:15 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2010-05-11 13:51:14 ----D---- C:\Program Files\Common Files\Ahead
2010-05-11 13:51:14 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2010-05-11 13:51:11 ----D---- C:\Program Files\Ahead
2010-05-11 11:40:49 ----SD---- C:\ComboFix
2010-05-11 11:40:42 ----D---- C:\Qoobox
2010-05-11 11:27:47 ----A---- C:\mbam-error.txt
2010-05-11 11:26:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-11 11:26:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-05-11 11:08:56 ----D---- C:\Program Files\trend micro
2010-05-09 14:05:14 ----D---- C:\WINDOWS\pss
2010-05-08 16:24:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ironclad Games
2010-05-08 12:32:09 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Black Sea Studios
2010-05-08 10:45:12 ----D---- C:\Program Files\Electronic Arts
2010-05-08 10:45:11 ----D---- C:\WINDOWS\winapp
2010-05-07 23:49:18 ----D---- C:\WINDOWS\system32\AGEIA
2010-05-07 23:49:17 ----D---- C:\Program Files\AGEIA Technologies
2010-05-05 13:19:44 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-05-05 13:19:43 ----D---- C:\WINDOWS\system32\LogFiles
2010-05-05 13:19:43 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2010-05-05 13:19:42 ----A---- C:\WINDOWS\game.ini
2010-05-05 13:11:12 ----SHD---- C:\WINDOWS\ftpcache
2010-05-02 17:34:38 ----D---- C:\Program Files\Common Files\Freedom Scientific
2010-05-02 17:34:33 ----D---- C:\Program Files\Common Files\soft602
2010-05-02 17:34:31 ----D---- C:\Program Files\Software602
2010-04-30 17:34:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-04-30 17:33:19 ----D---- C:\Program Files\GameShadow
2010-04-26 17:03:39 ----D---- C:\WINDOWS\Sun
2010-04-25 12:49:29 ----D---- C:\Program Files\Common Files\STORMWARE Shared
2010-04-25 12:49:28 ----D---- C:\Program Files\STORMWARE
2010-04-25 10:28:34 ----D---- C:\Program Files\ICQ6Toolbar
2010-04-25 10:28:31 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Mozilla
2010-04-25 10:28:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-04-25 10:28:18 ----D---- C:\Documents and Settings\Pavel\Data aplikací\ICQ
2010-04-25 10:28:10 ----D---- C:\Program Files\ICQ7.1
2010-04-24 11:42:58 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Nero
2010-04-24 11:41:53 ----D---- C:\Program Files\Nero
2010-04-24 11:41:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2010-04-24 11:35:16 ----D---- C:\Program Files\Microsoft.NET
2010-04-24 11:34:02 ----D---- C:\WINDOWS\system32\XPSViewer
2010-04-24 11:34:00 ----D---- C:\Program Files\MSBuild
2010-04-24 11:33:58 ----D---- C:\WINDOWS\system32\en-US
2010-04-24 11:33:53 ----D---- C:\Program Files\Reference Assemblies
2010-04-24 11:33:20 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-04-24 11:33:20 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-04-24 11:33:20 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-04-24 11:30:43 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2010-04-24 11:30:37 ----D---- C:\Program Files\MSXML 6.0
2010-04-24 11:19:14 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-04-24 11:19:04 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2010-04-24 10:54:11 ----A---- C:\WINDOWS\system32\vbar332.dll
2010-04-24 10:54:11 ----A---- C:\WINDOWS\system32\msxbse35.dll
2010-04-24 10:54:11 ----A---- C:\WINDOWS\system32\mstext35.dll
2010-04-24 10:54:11 ----A---- C:\WINDOWS\system32\msrepl35.dll
2010-04-24 10:54:11 ----A---- C:\WINDOWS\system32\msrd2x35.dll
2010-04-24 10:54:11 ----A---- C:\WINDOWS\system32\msjter35.dll
2010-04-24 10:54:11 ----A---- C:\WINDOWS\system32\Msjint35.dll
2010-04-24 10:54:11 ----A---- C:\WINDOWS\system32\msjet35.dll
2010-04-24 10:54:11 ----A---- C:\WINDOWS\system32\msexcl35.dll
2010-04-22 21:10:55 ----D---- C:\Program Files\AssistMyTeam
2010-04-22 20:44:24 ----A---- C:\WINDOWS\StwPh.INI
2010-04-22 20:35:24 ----A---- C:\WINDOWS\system32\msxml6r.dll
2010-04-22 20:34:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\STORMWARE
2010-04-22 16:57:02 ----D---- C:\Documents and Settings\Pavel\Data aplikací\HPAppData
2010-04-21 20:28:28 ----D---- C:\WINDOWS\Minidump
2010-04-20 20:04:31 ----D---- C:\Documents and Settings\Pavel\Data aplikací\HP
2010-04-19 16:36:41 ----D---- C:\WINDOWS\system32\appmgmt
2010-04-19 16:21:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP Product Assistant
2010-04-18 22:54:33 ----D---- C:\Program Files\EA Sports
2010-04-18 22:50:25 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2010-04-18 16:29:01 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Leadertech
2010-04-18 11:20:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\WEBREG
2010-04-18 11:11:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Hewlett-Packard
2010-04-18 11:11:40 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2010-04-18 11:11:39 ----A---- C:\WINDOWS\system32\hpzll5mu.dll
2010-04-18 11:11:22 ----RA---- C:\WINDOWS\system32\hppldcoi.dll
2010-04-18 11:11:22 ----RA---- C:\WINDOWS\system32\hpowiax7.dll
2010-04-18 11:11:22 ----RA---- C:\WINDOWS\system32\hpovst15.dll
2010-04-18 11:11:22 ----RA---- C:\WINDOWS\system32\hpotscl6.dll
2010-04-18 11:11:22 ----RA---- C:\WINDOWS\system32\difxapi.dll
2010-04-18 11:08:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP
2010-04-18 11:08:22 ----D---- C:\Program Files\Hewlett-Packard
2010-04-18 11:08:12 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2010-04-18 11:07:58 ----D---- C:\Program Files\Common Files\HP
2010-04-18 11:06:45 ----D---- C:\Program Files\HP
2010-04-18 11:06:26 ----HD---- C:\Config.Msi
2010-04-18 10:53:03 ----D---- C:\Documents and Settings\Pavel\Data aplikací\OpenOffice.org
2010-04-18 10:47:16 ----D---- C:\Program Files\OpenOffice.org 3
2010-04-18 10:01:07 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2010-04-18 10:01:07 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-04-18 10:01:06 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-04-18 10:01:06 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2010-04-18 10:01:06 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-04-18 10:01:06 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-04-18 10:01:06 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-04-18 10:01:03 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-04-18 10:01:03 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2010-04-18 10:01:03 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-04-18 10:01:02 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2010-04-18 10:01:02 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2010-04-18 10:01:02 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-04-18 10:01:02 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2010-04-18 10:01:02 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2010-04-18 10:01:02 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2010-04-18 10:01:01 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2010-04-18 10:01:01 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2010-04-18 10:01:01 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2010-04-18 10:01:01 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2010-04-18 10:01:01 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2010-04-18 10:01:01 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2010-04-18 10:01:01 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2010-04-18 10:01:01 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2010-04-18 10:01:00 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2010-04-18 10:01:00 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2010-04-18 10:01:00 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2010-04-18 10:01:00 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2010-04-18 10:01:00 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2010-04-18 10:01:00 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2010-04-18 10:00:59 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2010-04-18 10:00:59 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2010-04-18 10:00:59 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2010-04-18 10:00:59 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2010-04-18 10:00:59 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2010-04-18 10:00:58 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2010-04-18 10:00:58 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2010-04-18 10:00:58 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2010-04-18 10:00:58 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2010-04-18 10:00:58 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2010-04-18 10:00:58 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2010-04-18 10:00:58 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2010-04-18 10:00:57 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2010-04-18 10:00:57 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2010-04-18 10:00:57 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2010-04-18 10:00:57 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2010-04-18 10:00:57 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2010-04-18 10:00:57 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2010-04-18 10:00:56 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2010-04-18 10:00:56 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2010-04-18 10:00:56 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2010-04-18 10:00:56 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2010-04-18 10:00:56 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2010-04-18 10:00:56 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2010-04-18 10:00:55 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2010-04-18 10:00:55 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2010-04-18 10:00:55 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2010-04-18 10:00:54 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2010-04-18 10:00:54 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2010-04-18 10:00:53 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2010-04-18 10:00:53 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2010-04-18 10:00:52 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2010-04-18 10:00:52 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2010-04-18 10:00:52 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2010-04-18 10:00:52 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2010-04-18 10:00:51 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2010-04-18 10:00:51 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2010-04-18 10:00:51 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2010-04-18 10:00:51 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2010-04-18 10:00:51 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-04-18 10:00:50 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2010-04-18 10:00:50 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2010-04-18 10:00:50 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2010-04-18 10:00:47 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2010-04-18 10:00:47 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2010-04-18 10:00:47 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-04-18 10:00:47 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2010-04-18 10:00:47 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2010-04-18 10:00:46 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2010-04-18 10:00:46 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2010-04-18 10:00:45 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2010-04-18 10:00:45 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2010-04-18 10:00:45 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2010-04-18 09:53:17 ----D---- C:\WINDOWS\Logs
2010-04-17 22:14:17 ----D---- C:\Program Files\Conduit
2010-04-17 22:14:17 ----D---- C:\Program Files\BS_Player
2010-04-17 22:14:13 ----D---- C:\Documents and Settings\Pavel\Data aplikací\BSplayer Pro
2010-04-17 22:14:13 ----D---- C:\Documents and Settings\Pavel\Data aplikací\BSplayer
2010-04-17 22:14:12 ----D---- C:\Program Files\Webteh
2010-04-17 20:16:52 ----D---- C:\Program Files\Common Files\Apple
2010-04-17 20:16:46 ----D---- C:\Program Files\Apple Software Update
2010-04-17 20:16:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2010-04-17 20:11:18 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Apple Computer
2010-04-17 20:10:46 ----D---- C:\Program Files\QuickTime
2010-04-17 20:10:32 ----D---- C:\Program Files\iPod
2010-04-17 20:10:31 ----D---- C:\Program Files\iTunes
2010-04-17 20:10:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-04-17 20:09:47 ----D---- C:\WINDOWS\Downloaded Installations
2010-04-17 16:42:54 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-04-17 16:42:46 ----D---- C:\Program Files\DAEMON Tools Lite
2010-04-17 16:42:35 ----D---- C:\Documents and Settings\Pavel\Data aplikací\DAEMON Tools Lite
2010-04-17 16:42:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-04-17 16:31:29 ----D---- C:\Documents and Settings\Pavel\Data aplikací\AdobeUM
2010-04-17 16:31:21 ----D---- C:\Program Files\Common Files\Adobe
2010-04-17 16:28:47 ----D---- C:\Documents and Settings\Pavel\Data aplikací\skypePM
2010-04-17 16:23:53 ----D---- C:\Documents and Settings\Pavel\Data aplikací\WinRAR
2010-04-17 16:22:00 ----D---- C:\Program Files\WinRAR
2010-04-17 15:59:13 ----D---- C:\Program Files\IRReceive
2010-04-17 15:58:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\ArcSoft
2010-04-17 15:58:45 ----D---- C:\Documents and Settings\Pavel\Data aplikací\ArcSoft
2010-04-17 15:58:15 ----A---- C:\WINDOWS\system32\h323log.txt
2010-04-17 15:58:11 ----D---- C:\Program Files\Common Files\ArcSoft
2010-04-17 15:58:11 ----D---- C:\Program Files\ArcSoft
2010-04-17 15:58:11 ----A---- C:\WINDOWS\system32\unicows.dll
2010-04-17 15:58:11 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-04-17 15:58:09 ----RA---- C:\WINDOWS\system32\msvcp71.dll
2010-04-17 15:57:00 ----D---- C:\Program Files\Adobe
2010-04-17 15:55:56 ----D---- C:\WINDOWS\Cache
2010-04-17 15:55:24 ----A---- C:\WINDOWS\system32\usbui.dll
2010-04-17 15:54:44 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2010-04-17 15:54:44 ----A---- C:\WINDOWS\imsins.BAK
2010-04-17 15:54:42 ----SHD---- C:\WINDOWS\Installer
2010-04-17 15:54:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-17 15:54:41 ----D---- C:\Program Files\Common Files\ODBC
2010-04-17 15:54:41 ----A---- C:\WINDOWS\ODBCINST.INI
2010-04-17 15:54:38 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-04-17 15:54:37 ----RD---- C:\Program Files
2010-04-17 15:54:37 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-04-17 15:54:37 ----D---- C:\Program Files\Common Files
2010-04-17 15:54:36 ----D---- C:\Program Files\e3C
2010-04-17 15:54:34 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-04-17 15:54:34 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-04-17 15:54:34 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-04-17 15:54:32 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-04-17 15:54:32 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-04-17 15:54:32 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-04-17 15:54:32 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-04-17 15:54:31 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-04-17 15:54:31 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-04-17 15:54:31 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-04-17 15:54:31 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-04-17 15:54:31 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-04-17 15:54:31 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-04-17 15:54:31 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-04-17 15:54:31 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-04-17 15:54:29 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-04-17 15:54:29 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-04-17 15:54:29 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-04-17 15:54:29 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-04-17 15:54:29 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-04-17 15:54:29 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-04-17 15:54:29 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-04-17 15:54:27 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-04-17 15:54:27 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-04-17 15:54:27 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-04-17 15:54:27 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-04-17 15:54:27 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-04-17 15:54:23 ----A---- C:\WINDOWS\system32\kbdycl.dll
2010-04-17 15:54:23 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2010-04-17 15:54:23 ----A---- C:\WINDOWS\system32\kbdsl.dll
2010-04-17 15:54:23 ----A---- C:\WINDOWS\system32\kbdro.dll
2010-04-17 15:54:23 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2010-04-17 15:54:23 ----A---- C:\WINDOWS\system32\kbdpl.dll
2010-04-17 15:54:23 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2010-04-17 15:54:23 ----A---- C:\WINDOWS\system32\kbdhu.dll
2010-04-17 15:54:23 ----A---- C:\WINDOWS\system32\kbdcr.dll
2010-04-17 15:54:23 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2010-04-17 15:54:22 ----A---- C:\WINDOWS\system32\irclass.dll
2010-04-17 15:54:22 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-04-17 15:54:22 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-04-17 15:54:21 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-04-17 15:54:21 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-04-17 15:54:19 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-04-17 15:54:18 ----A---- C:\WINDOWS\system32\batt.dll
2010-04-17 15:54:18 ----A---- C:\WINDOWS\NOTEPAD.EXE
2010-04-17 15:54:17 ----A---- C:\WINDOWS\system32\storprop.dll
2010-04-17 15:54:11 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-04-17 15:53:58 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-17 15:53:58 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-17 15:53:52 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-04-17 15:53:34 ----A---- C:\WINDOWS\setuplog.txt
2010-04-17 15:53:32 ----D---- C:\Documents and Settings
2010-04-17 15:53:31 ----SHD---- C:\System Volume Information
2010-04-17 15:52:46 ----RSH---- C:\boot.ini
2010-04-17 15:51:47 ----D---- C:\WINDOWS\RegisteredPackages
2010-04-17 15:51:32 ----A---- C:\WINDOWS\system32\PsisDecd.dll
2010-04-17 15:51:29 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2010-04-17 15:47:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-17 15:47:22 ----RSD---- C:\WINDOWS\Fonts
2010-04-17 15:47:22 ----RD---- C:\WINDOWS\Web
2010-04-17 15:47:22 ----HD---- C:\WINDOWS\inf
2010-04-17 15:47:22 ----D---- C:\WINDOWS\WinSxS
2010-04-17 15:47:22 ----D---- C:\WINDOWS\twain_32
2010-04-17 15:47:22 ----D---- C:\WINDOWS\Temp
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\wins
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\wbem
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\usmt
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\spool
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\ShellExt
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\Setup
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\ras
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\oobe
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\npp
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\mui
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\inetsrv
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\IME
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\icsxml
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\ias
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\export
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\drivers
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\dhcp
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\config
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\3com_dmi
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\3076
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\2052
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\1054
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\1042
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\1041
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\1037
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\1033
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\1031
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\1029
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\1028
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32\1025
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system32
2010-04-17 15:47:22 ----D---- C:\WINDOWS\system
2010-04-17 15:47:22 ----D---- C:\WINDOWS\security
2010-04-17 15:47:22 ----D---- C:\WINDOWS\Resources
2010-04-17 15:47:22 ----D---- C:\WINDOWS\repair
2010-04-17 15:47:22 ----D---- C:\WINDOWS\Provisioning
2010-04-17 15:47:22 ----D---- C:\WINDOWS\pchealth
2010-04-17 15:47:22 ----D---- C:\WINDOWS\PeerNet
2010-04-17 15:47:22 ----D---- C:\WINDOWS\mui
2010-04-17 15:47:22 ----D---- C:\WINDOWS\msapps
2010-04-17 15:47:22 ----D---- C:\WINDOWS\msagent
2010-04-17 15:47:22 ----D---- C:\WINDOWS\Media
2010-04-17 15:47:22 ----D---- C:\WINDOWS\java
2010-04-17 15:47:22 ----D---- C:\WINDOWS\ime
2010-04-17 15:47:22 ----D---- C:\WINDOWS\Help
2010-04-17 15:47:22 ----D---- C:\WINDOWS\ehome
2010-04-17 15:47:22 ----D---- C:\WINDOWS\Driver Cache
2010-04-17 15:47:22 ----D---- C:\WINDOWS\Debug
2010-04-17 15:47:22 ----D---- C:\WINDOWS\Cursors
2010-04-17 15:47:22 ----D---- C:\WINDOWS\Connection Wizard
2010-04-17 15:47:22 ----D---- C:\WINDOWS\Config
2010-04-17 15:47:22 ----D---- C:\WINDOWS\AppPatch
2010-04-17 15:47:22 ----D---- C:\WINDOWS\addins
2010-04-17 15:47:22 ----D---- C:\WINDOWS
2010-04-17 15:11:48 ----D---- C:\Documents and Settings\Pavel\Data aplikací\QipGuard
2010-04-17 15:11:41 ----D---- C:\Program Files\QIP
2010-04-17 15:11:15 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Skype
2010-04-17 15:11:13 ----D---- C:\Program Files\Common Files\Skype
2010-04-17 15:11:10 ----RD---- C:\Program Files\Skype
2010-04-17 15:11:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-04-17 15:09:18 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-04-17 15:08:34 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-04-17 14:51:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2010-04-17 14:47:40 ----D---- C:\Program Files\totalcmd
2010-04-17 14:47:40 ----D---- C:\Documents and Settings\Pavel\Data aplikací\GHISLER
2010-04-17 14:45:50 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Macromedia
2010-04-17 14:45:50 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Adobe
2010-04-17 14:45:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-04-17 14:45:12 ----D---- C:\Program Files\Common Files\Java
2010-04-17 14:45:04 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-17 14:45:04 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-17 14:45:04 ----A---- C:\WINDOWS\system32\java.exe
2010-04-17 14:44:56 ----D---- C:\Program Files\Java
2010-04-17 14:44:49 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Sun
2010-04-17 14:42:48 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-04-17 14:42:45 ----D---- C:\Program Files\Alwil Software
2010-04-17 14:42:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-04-17 14:42:33 ----SHD---- C:\RECYCLER
2010-04-17 14:18:11 ----RA---- C:\WINDOWS\system32\RtNicProp32.dll
2010-04-17 14:17:26 ----D---- C:\WINDOWS\system32\Lang
2010-04-17 14:16:03 ----D---- C:\WINDOWS\system32\RTCOM
2010-04-17 14:16:02 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-04-17 14:15:36 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-04-17 14:15:35 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2010-04-17 14:15:33 ----A---- C:\WINDOWS\system32\RHCoInstXP.dll
2010-04-17 14:15:33 ----A---- C:\WINDOWS\RtkUpd.exe
2010-04-17 14:15:31 ----A---- C:\WINDOWS\vncutil.exe
2010-04-17 14:15:31 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2010-04-17 14:15:31 ----A---- C:\WINDOWS\SkyTel.exe
2010-04-17 14:15:31 ----A---- C:\WINDOWS\RtlUpd.exe
2010-04-17 14:15:30 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2010-04-17 14:15:30 ----A---- C:\WINDOWS\RtkAudioService.exe
2010-04-17 14:15:29 ----A---- C:\WINDOWS\RTLCPL.EXE
2010-04-17 14:15:26 ----A---- C:\WINDOWS\RTHDCPL.EXE
2010-04-17 14:15:25 ----A---- C:\WINDOWS\MicCal.exe
2010-04-17 14:15:24 ----A---- C:\WINDOWS\ALCMTR.EXE
2010-04-17 14:15:23 ----A---- C:\WINDOWS\ALCWZRD.EXE
2010-04-17 14:15:22 ----D---- C:\Program Files\Realtek
2010-04-17 14:15:19 ----R---- C:\WINDOWS\RtlExUpd.dll
2010-04-17 14:15:07 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-04-17 14:15:06 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-17 14:15:05 ----D---- C:\Program Files\AMD
2010-04-17 14:15:01 ----D---- C:\Documents and Settings\Pavel\Data aplikací\InstallShield
2010-04-17 14:14:37 ----D---- C:\Documents and Settings\Pavel\Data aplikací\ATI
2010-04-17 14:14:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2010-04-17 14:11:08 ----RSD---- C:\WINDOWS\assembly
2010-04-17 14:10:55 ----D---- C:\WINDOWS\Microsoft.NET
2010-04-17 14:10:34 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2010-04-17 14:10:32 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2010-04-17 14:10:29 ----RA---- C:\WINDOWS\system32\ATIDEMGX.dll
2010-04-17 14:10:11 ----D---- C:\Program Files\ATI Technologies
2010-04-17 14:10:10 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-17 14:10:04 ----D---- C:\Program Files\Common Files\InstallShield
2010-04-17 14:06:58 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Identities
2010-04-17 14:06:57 ----HD---- C:\Program Files\Uninstall Information
2010-04-17 14:06:53 ----ASH---- C:\Documents and Settings\Pavel\Data aplikací\desktop.ini
2010-04-17 14:06:52 ----SD---- C:\Documents and Settings\Pavel\Data aplikací\Microsoft
2010-04-17 14:06:25 ----D---- C:\WINDOWS\SoftwareDistribution
2010-04-17 14:06:24 ----D---- C:\WINDOWS\Prefetch
2010-04-17 14:06:23 ----SD---- C:\WINDOWS\system32\Microsoft
2010-04-17 14:06:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-17 14:03:47 ----D---- C:\WINDOWS\system32\xircom
2010-04-17 14:03:47 ----D---- C:\Program Files\xerox
2010-04-17 14:03:47 ----D---- C:\Program Files\microsoft frontpage
2010-04-17 14:03:30 ----A---- C:\WINDOWS\control.ini
2010-04-17 14:03:30 ----A---- C:\AUTOEXEC.BAT
2010-04-17 14:03:22 ----A---- C:\WINDOWS\OEWABLog.txt
2010-04-17 14:03:18 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-04-17 14:02:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-17 14:02:42 ----RD---- C:\WINDOWS\Offline Web Pages
2010-04-17 14:02:42 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-04-17 14:02:38 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-04-17 14:02:34 ----HD---- C:\Program Files\WindowsUpdate
2010-04-17 14:02:31 ----D---- C:\Program Files\Online Services
2010-04-17 14:02:14 ----D---- C:\WINDOWS\system32\DirectX
2010-04-17 14:01:49 ----A---- C:\WINDOWS\system32\atrace.dll
2010-04-17 14:01:46 ----A---- C:\WINDOWS\system32\desktop.ini
2010-04-17 14:01:46 ----A---- C:\WINDOWS\desktop.ini
2010-04-17 14:01:38 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-04-17 14:01:36 ----A---- C:\WINDOWS\system32\acctres.dll
2010-04-17 14:01:35 ----D---- C:\Program Files\Common Files\Services
2010-04-17 14:01:32 ----SD---- C:\WINDOWS\Tasks
2010-04-17 14:01:32 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-04-17 14:01:31 ----D---- C:\Program Files\Common Files\MSSoap
2010-04-17 14:01:26 ----D---- C:\WINDOWS\srchasst
2010-04-17 14:01:25 ----D---- C:\WINDOWS\system32\Macromed
2010-04-17 14:01:22 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-04-17 14:01:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-04-17 14:01:22 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-04-17 14:01:22 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-04-17 14:01:21 ----A---- C:\WINDOWS\system32\wups.dll
2010-04-17 14:01:21 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-04-17 14:01:21 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-04-17 14:01:21 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-04-17 14:01:21 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-04-17 14:01:20 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-04-17 14:01:20 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-04-17 14:01:20 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-04-17 14:01:20 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-04-17 14:01:15 ----D---- C:\Program Files\Movie Maker
2010-04-17 14:01:11 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-04-17 14:01:11 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-04-17 14:01:11 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-04-17 14:01:11 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-04-17 14:01:06 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-04-17 14:01:06 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-04-17 14:01:05 ----D---- C:\WINDOWS\system32\Restore
2010-04-17 14:01:05 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-04-17 14:01:05 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-04-17 14:01:05 ----A---- C:\WINDOWS\system32\srclient.dll
2010-04-17 14:01:04 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-04-17 14:01:04 ----A---- C:\WINDOWS\system32\msconf.dll
2010-04-17 14:01:04 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-04-17 14:01:04 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-04-17 14:01:04 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-04-17 14:01:04 ----A---- C:\WINDOWS\system32\ils.dll
2010-04-17 14:01:00 ----D---- C:\Program Files\NetMeeting
2010-04-17 14:01:00 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-04-17 14:01:00 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-04-17 14:00:59 ----A---- C:\WINDOWS\system32\inetres.dll
2010-04-17 14:00:59 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-04-17 14:00:56 ----D---- C:\Program Files\Outlook Express
2010-04-17 14:00:56 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-04-17 14:00:56 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-04-17 14:00:56 ----A---- C:\WINDOWS\system32\mstask.dll
2010-04-17 14:00:56 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-04-17 14:00:55 ----A---- C:\WINDOWS\system32\isign32.dll
2010-04-17 14:00:55 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-04-17 14:00:55 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-04-17 14:00:48 ----D---- C:\Program Files\Common Files\System
2010-04-17 14:00:47 ----D---- C:\Program Files\Internet Explorer
2010-04-17 14:00:21 ----D---- C:\Program Files\ComPlus Applications
2010-04-17 14:00:19 ----A---- C:\WINDOWS\vbaddin.ini
2010-04-17 14:00:19 ----A---- C:\WINDOWS\vb.ini
2010-04-17 14:00:15 ----D---- C:\WINDOWS\Registration
2010-04-17 14:00:09 ----D---- C:\Program Files\Windows Media Player
2010-04-17 14:00:04 ----D---- C:\Program Files\Messenger
2010-04-17 14:00:00 ----D---- C:\Program Files\MSN Gaming Zone
2010-04-17 14:00:00 ----A---- C:\WINDOWS\system32\write.exe
2010-04-17 13:59:49 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-04-17 13:59:49 ----A---- C:\WINDOWS\system32\hticons.dll
2010-04-17 13:59:48 ----A---- C:\WINDOWS\system32\winchat.exe
2010-04-17 13:59:48 ----A---- C:\WINDOWS\system32\avwav.dll
2010-04-17 13:59:48 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-04-17 13:59:48 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-04-17 13:59:39 ----A---- C:\WINDOWS\system32\charmap.exe
2010-04-17 13:59:39 ----A---- C:\WINDOWS\system32\getuname.dll
2010-04-17 13:59:39 ----A---- C:\WINDOWS\system32\calc.exe
2010-04-17 13:59:38 ----A---- C:\WINDOWS\system32\winmine.exe
2010-04-17 13:59:38 ----A---- C:\WINDOWS\system32\sol.exe
2010-04-17 13:59:38 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-04-17 13:59:37 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-04-17 13:59:37 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-04-17 13:59:37 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-04-17 13:59:37 ----A---- C:\WINDOWS\system32\tskill.exe
2010-04-17 13:59:37 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-04-17 13:59:37 ----A---- C:\WINDOWS\system32\tscon.exe
2010-04-17 13:59:37 ----A---- C:\WINDOWS\system32\shadow.exe
2010-04-17 13:59:37 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-04-17 13:59:37 ----A---- C:\WINDOWS\system32\reset.exe
2010-04-17 13:59:37 ----A---- C:\WINDOWS\system32\freecell.exe
2010-04-17 13:59:36 ----A---- C:\WINDOWS\system32\regini.exe
2010-04-17 13:59:36 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-04-17 13:59:36 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-04-17 13:59:36 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-04-17 13:59:36 ----A---- C:\WINDOWS\system32\msg.exe
2010-04-17 13:59:36 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-04-17 13:59:36 ----A---- C:\WINDOWS\system32\logoff.exe
2010-04-17 13:59:36 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-04-17 13:59:35 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-04-17 13:59:35 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-04-17 13:59:34 ----A---- C:\WINDOWS\system32\stclient.dll
2010-04-17 13:59:34 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-04-17 13:59:34 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-04-17 13:59:34 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-04-17 13:59:34 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-04-17 13:59:34 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-04-17 13:59:28 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-04-17 13:59:27 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-04-17 13:59:26 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-04-17 13:59:26 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-04-17 13:59:26 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-04-17 13:59:25 ----D---- C:\Program Files\Windows NT
2010-04-17 13:59:25 ----A---- C:\WINDOWS\system32\spider.exe
2010-04-17 13:59:25 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-04-17 13:59:25 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-04-17 13:59:24 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-04-17 13:59:23 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-04-17 13:59:23 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-04-17 13:59:23 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-04-17 13:59:23 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-04-17 13:59:23 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-04-17 13:59:23 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-04-17 13:59:23 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-04-17 13:59:23 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-04-17 13:59:22 ----D---- C:\WINDOWS\system32\MsDtc
2010-04-17 13:59:22 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-04-17 13:59:22 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-04-17 13:59:22 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-04-17 13:59:22 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-04-17 13:59:22 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-04-17 13:59:22 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-04-17 13:59:22 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-04-17 13:59:21 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-04-17 13:59:21 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-04-17 13:59:21 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-04-17 13:59:21 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-04-17 13:59:21 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-04-17 13:59:20 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-04-17 13:59:20 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-04-17 13:59:19 ----D---- C:\WINDOWS\system32\Com
2010-04-17 13:59:19 ----A---- C:\WINDOWS\system32\colbact.dll
2010-04-17 13:59:19 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-04-17 13:59:19 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-04-17 13:59:19 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-04-17 13:59:19 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-04-17 13:59:18 ----A---- C:\WINDOWS\system32\comuid.dll
2010-04-17 13:59:18 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-04-17 13:59:17 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-04-17 13:59:10 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-04-17 13:59:10 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-04-17 13:59:10 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-04-17 13:59:10 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2010-05-09 14:05:51 ----A---- C:\WINDOWS\win.ini
2010-05-09 14:05:51 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-04-24 141568]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
S1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-01 3452928]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-06-02 5085184]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2009-05-21 3733760]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 TVDev1;PCI dual TV Device service; C:\WINDOWS\system32\DRIVERS\dvbdev.sys [2008-11-20 126976]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-17 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-05-05 66872]
S2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-05-05 103736]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Pavel.Si]

Prosím o kontrolu uvedeného logu. Předem děkuji.

[Roli]

Zdravím, pro příště bych rád log celý.

Tohle fixni v HJT :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Pavel\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Pavel\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\Pavel\Data aplikací\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: system32.lnk = C:\WINDOWS\winapp\ssh.exe

HJT najdeš zde :

C:\Program Files\trend micro\Pavel.exe

Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Ovládací panely >> Přidat nebo odebrat odinstaluj ICQ6Toolbar


Najdi smaž :

C:\WINDOWS\winapp\ssh.exe


Nakonec spusť ComboFix, který tam máš a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

[Pavel.Si]

Strašně děkuju už to de. Tady je ComboFix.txt


ComboFix 10-05-10.05 - Pavel 11.05.2010 22:17:09.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1534.1055 [GMT 2:00]
Spuštìný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Pøedchozí spuštìní -------
.
c:\windows\system32\AbaleZip.dll

.
((((((((((((((((((((((((( Soubory vytvoøené od 2010-04-11 do 2010-05-11 )))))))))))))))))))))))))))))))
.

2010-05-11 17:49 . 2010-05-11 18:26 -------- d-----w- C:\rsit
2010-05-11 17:24 . 2010-05-11 17:24 -------- d-----w- C:\_OTM
2010-05-11 16:57 . 2010-05-11 16:57 -------- d--h--w- c:\documents and settings\Administrator\Okolní tiskárny
2010-05-11 16:57 . 2010-05-11 16:57 -------- d--h--w- c:\documents and settings\Administrator\Okolní sí
2010-05-11 16:57 . 2010-05-11 16:57 -------- d-----w- c:\documents and settings\Administrator\Plocha
2010-05-11 16:57 . 2010-05-11 16:57 -------- d-----w- c:\documents and settings\Administrator\Oblíbené položky
2010-05-11 16:57 . 2010-05-11 16:57 -------- d-----w- c:\documents and settings\Administrator\Dokumenty
2010-05-11 16:57 . 2010-05-11 16:57 -------- d-----r- c:\documents and settings\Administrator\Nabídka Start
2010-05-11 16:54 . 2010-05-11 16:55 -------- d--h--w- c:\documents and settings\Administrator\Šablony
2010-05-11 16:54 . 2010-05-11 16:55 -------- d-----w- c:\documents and settings\Administrator
2010-05-11 16:54 . 2010-05-11 16:55 -------- d--h--r- c:\documents and settings\Administrator\Data aplikací
2010-05-11 11:51 . 2004-07-20 15:24 476320 ------w- c:\windows\system32\ImagXpr7.dll
2010-05-11 11:51 . 2004-07-20 15:24 471040 ------w- c:\windows\system32\ImagXRA7.dll
2010-05-11 11:51 . 2004-07-20 15:24 262144 ------w- c:\windows\system32\ImagXR7.dll
2010-05-11 11:51 . 2004-07-20 15:24 1568768 ------w- c:\windows\system32\ImagX7.dll
2010-05-11 11:51 . 2004-07-09 07:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2010-05-11 11:51 . 2001-06-26 06:15 38912 ------w- c:\windows\system32\picn20.dll
2010-05-11 11:51 . 2000-06-26 09:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-05-11 11:51 . 2010-05-11 16:56 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-11 11:51 . 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-05-11 11:51 . 2010-05-11 16:56 -------- d-----w- c:\program files\Ahead
2010-05-11 09:26 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-11 09:26 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-11 09:26 . 2010-05-11 16:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-11 09:08 . 2010-05-11 19:43 -------- d-----w- c:\program files\trend micro
2010-05-08 08:45 . 2010-05-08 08:45 -------- d-----w- c:\program files\Electronic Arts
2010-05-08 08:45 . 2010-05-11 19:48 -------- d-----w- c:\windows\winapp
2010-05-07 21:49 . 2010-05-07 21:49 -------- d-----w- c:\windows\system32\AGEIA
2010-05-07 21:49 . 2010-05-07 21:49 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-05 11:20 . 2010-05-05 11:20 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-05 11:19 . 2010-05-05 11:19 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-05 11:19 . 2010-05-05 11:19 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-05-05 11:19 . 2010-05-05 11:19 -------- d-----w- c:\windows\system32\LogFiles
2010-05-05 11:11 . 2010-05-05 11:11 -------- d-sh--w- c:\windows\ftpcache
2010-05-02 15:34 . 2010-05-02 15:34 -------- d-----w- c:\program files\Common Files\Freedom Scientific
2010-05-02 15:34 . 2010-05-02 15:34 -------- d-----w- c:\program files\Common Files\soft602
2010-05-02 15:34 . 2010-05-02 15:34 -------- d-----w- c:\program files\Software602
2010-04-30 15:33 . 2010-04-30 15:33 -------- d-----w- c:\program files\GameShadow
2010-04-26 15:03 . 2010-04-26 15:03 -------- d-----w- c:\windows\Sun
2010-04-25 10:49 . 2010-04-25 10:49 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2010-04-25 10:49 . 2010-04-25 10:49 -------- d-----w- c:\program files\STORMWARE
2010-04-25 08:28 . 2010-04-25 08:28 -------- d-----w- c:\program files\ICQ6Toolbar
2010-04-25 08:28 . 2010-04-25 08:33 -------- d-----w- c:\program files\ICQ7.1
2010-04-24 09:41 . 2010-04-24 09:41 -------- d-----w- c:\program files\Nero
2010-04-24 09:35 . 2010-04-24 09:35 -------- d-----w- c:\program files\Microsoft.NET
2010-04-24 09:34 . 2010-04-24 09:34 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-24 09:34 . 2010-04-24 09:34 -------- d-----w- c:\program files\MSBuild
2010-04-24 09:33 . 2010-04-24 09:33 -------- d-----w- c:\program files\Reference Assemblies
2010-04-24 09:33 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-24 09:33 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-24 09:33 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-24 09:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-24 09:33 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-24 09:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-24 09:33 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-24 09:33 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-24 09:33 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-24 09:30 . 2010-04-24 09:30 -------- d-----w- c:\program files\MSXML 6.0
2010-04-24 08:54 . 1999-04-12 21:00 415504 ----a-w- c:\windows\system32\msrepl35.dll
2010-04-24 08:54 . 1999-04-12 21:00 1046288 ----a-w- c:\windows\system32\msjet35.dll
2010-04-24 08:54 . 1998-05-01 18:01 368912 ----a-w- c:\windows\system32\vbar332.dll
2010-04-24 08:54 . 1998-05-01 18:01 287504 ----a-w- c:\windows\system32\msxbse35.dll
2010-04-24 08:54 . 1998-05-01 18:01 252176 ----a-w- c:\windows\system32\msrd2x35.dll
2010-04-24 08:54 . 1998-05-01 18:01 250128 ----a-w- c:\windows\system32\msexcl35.dll
2010-04-24 08:54 . 1998-05-01 18:01 24848 ----a-w- c:\windows\system32\msjter35.dll
2010-04-24 08:54 . 1998-05-01 18:01 165648 ----a-w- c:\windows\system32\mstext35.dll
2010-04-24 08:54 . 1998-05-01 18:01 123664 ----a-w- c:\windows\system32\Msjint35.dll
2010-04-22 19:10 . 2010-04-22 19:10 -------- d-----w- c:\program files\AssistMyTeam
2010-04-22 18:35 . 2005-09-07 23:03 86728 ----a-w- c:\windows\system32\msxml6r.dll
2010-04-19 14:19 . 2010-04-19 14:22 78180 ----a-w- c:\windows\hpqins05.dat
2010-04-18 20:54 . 2010-04-18 20:54 -------- d-----w- c:\program files\EA Sports
2010-04-18 20:50 . 2010-04-18 20:50 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-04-18 09:08 . 2010-04-18 09:08 -------- d-----w- c:\program files\Hewlett-Packard
2010-04-18 09:08 . 2010-04-18 09:08 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-04-18 09:07 . 2010-04-18 09:07 -------- d-----w- c:\program files\Common Files\HP
2010-04-18 09:06 . 2010-04-18 09:08 -------- d-----w- c:\program files\HP
2010-04-18 09:04 . 2010-04-18 09:20 175768 ----a-w- c:\windows\hpoins27.dat
2010-04-18 09:04 . 2008-01-18 15:56 932 ------w- c:\windows\hpomdl27.dat
2010-04-18 09:02 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-04-18 09:02 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-04-18 09:01 . 2004-08-03 21:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-04-18 09:01 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-04-18 08:47 . 2010-04-18 08:47 -------- d-----w- c:\program files\OpenOffice.org 3
2010-04-18 08:00 . 2008-07-10 09:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-04-18 07:53 . 2010-04-18 07:53 -------- d-----w- c:\windows\Logs
2010-04-17 20:14 . 2010-04-17 20:14 -------- d-----w- c:\program files\Conduit
2010-04-17 20:14 . 2010-04-17 20:14 -------- d-----w- c:\program files\BS_Player
2010-04-17 20:14 . 2010-04-17 20:14 -------- d-----w- c:\program files\Webteh
2010-04-17 18:16 . 2010-04-17 18:16 -------- d-----w- c:\program files\Common Files\Apple
2010-04-17 18:16 . 2010-04-17 18:16 -------- d-----w- c:\program files\Apple Software Update
2010-04-17 18:10 . 2010-04-17 18:18 -------- d-----w- c:\program files\QuickTime
2010-04-17 18:10 . 2010-04-17 18:10 -------- d-----w- c:\program files\iPod
2010-04-17 18:10 . 2010-04-17 18:10 -------- d-----w- c:\program files\iTunes
2010-04-17 18:09 . 2010-04-30 15:36 -------- d-----w- c:\windows\Downloaded Installations
2010-04-17 14:42 . 2010-04-17 14:42 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-17 14:42 . 2010-04-17 14:42 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-17 14:42 . 2010-04-17 14:42 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-17 14:31 . 2010-04-17 14:31 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-17 14:28 . 2010-04-17 14:28 56 ---ha-w- c:\windows\system32\ezsidmv.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 10:30 . 2010-04-17 12:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-06 20:59 . 2010-04-17 12:42 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-04-17 12:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-04-17 12:42 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-04-17 12:42 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2010-04-17 12:42 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2010-04-17 12:42 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2010-04-17 12:42 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2010-04-17 12:42 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-24 09:34 . 2001-10-25 14:00 78076 ----a-w- c:\windows\system32\perfc005.dat
2010-04-24 09:34 . 2001-10-25 14:00 429080 ----a-w- c:\windows\system32\perfh005.dat
2010-04-18 12:10 . 2010-04-17 12:02 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-18 12:10 . 2010-04-17 12:02 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-04-18 12:10 . 2010-04-17 12:03 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-04-17 13:59 . 2010-04-17 13:59 -------- d-----w- c:\program files\IRReceive
2010-04-17 13:58 . 2010-04-17 13:58 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-04-17 13:58 . 2010-04-17 13:58 -------- d-----w- c:\program files\ArcSoft
2010-04-17 13:54 . 2010-04-17 13:54 -------- d-----w- c:\program files\e3C
2010-04-17 13:54 . 2010-04-17 12:10 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-17 13:11 . 2010-04-17 13:11 -------- d-----w- c:\program files\QIP
2010-04-17 13:11 . 2010-04-17 13:11 -------- d-----w- c:\program files\Common Files\Skype
2010-04-17 13:11 . 2010-04-17 13:11 -------- d-----r- c:\program files\Skype
2010-04-17 13:09 . 2010-04-17 12:44 -------- d-----w- c:\program files\Java
2010-04-17 12:48 . 2010-04-17 12:47 -------- d-----w- c:\program files\totalcmd
2010-04-17 12:45 . 2010-04-17 12:45 -------- d-----w- c:\program files\Common Files\Java
2010-04-17 12:42 . 2010-04-17 12:42 -------- d-----w- c:\program files\Alwil Software
2010-04-17 12:17 . 2010-04-17 12:15 -------- d-----w- c:\program files\Realtek
2010-04-17 12:15 . 2010-04-17 12:15 -------- d-----w- c:\program files\AMD
2010-04-17 12:14 . 2010-04-17 12:14 0 ----a-w- c:\windows\ativpsrm.bin
2010-04-17 12:12 . 2010-04-17 12:10 -------- d-----w- c:\program files\ATI Technologies
2010-04-17 12:03 . 2010-04-17 12:03 -------- d-----w- c:\program files\microsoft frontpage
2010-04-17 12:00 . 2010-04-17 12:00 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-14 16:47 . 2010-04-17 12:42 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-12 15:29 . 2010-04-17 13:09 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-10 13:17 . 2010-04-10 13:17 -------- d-----w- c:\program files\Microsoft Works
.

(((((((((((((((((((((((((((((((((( Spouštìcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-04-25 08:28 133368 ----a-w- c:\program files\ICQ7.1\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-06 00:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\knight\\KoH.exe"=
"c:\\Program Files\\ArcSoft\\TotalMedia 3.5\\TotalMedia.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.4.2010 14:42 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.4.2010 14:42 19024]
R3 TVDev1;PCI dual TV Device service;c:\windows\system32\drivers\dvbdev.sys [20.11.2008 6:43 126976]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.4.2010 16:42 691696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [17.4.2010 14:15 1684736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáøe 'Naplánované úlohy'
.
- - - - NEPLATNÉ POLOŽKY ODSTRANÌNÉ Z REGISTRU - - - -

WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
HKLM-Run-hpqSRMon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-11 22:19
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesù ...

skenování skrytých položek 'Po spuštìní' ...

skenování skrytých souborù ...

sken byl úspešnì dokonèen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍÈE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- Knihovny navázané na bìžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3720)
c:\windows\system32\msi.dll
.
Celkový èas: 2010-05-11 22:20:22
ComboFix-quarantined-files.txt 2010-05-11 20:20

Pøed spuštìním: Volných bajtù: 75 606 700 032
Po spuštìní: Volných bajtù: 75 570 458 624

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 30C45B8070480FBCCBFF83B2D2B3D4BE

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

Čištění registru je třeba několikrát zopakovat !


No a pokud již není žádný problém máme hotovo.

[Pavel.Si]

Všechno už de. Strašně děkuju.

[Roli]

Není zač.