prosim o kontrolu logu

[mia222]

dobry den
avast mi chytil rootkit - gen, zavrel do truhly a tvaril se, ze v poradku
pocitac jsem mezitim vypla a zapnula a ted sice nabehne windows ale jinak
vubec nereaguje (nekonecne se nacita)
mam svatak, tak prosim prosim poradte, co s tim.....


Logfile of random's system information tool 1.07 (written by random/random)
Run by i at 2010-05-11 15:16:00
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 209 GB (68%) free of 305 GB
Total RAM: 2046 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:16:20, on 11.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\O2 Mobilni internet\O2 Mobilni internet.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\i\Dokumenty\Stažené soubory\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\i.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: wwwzuc32.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6BFE864-C553-4016-A84F-0FEF55B84EEF}: NameServer = 160.218.10.200 160.218.43.200
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 11879 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-11 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-11 8429568]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-05-11 81920]
"ASUSGamerOSD"=C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [2007-06-01 380928]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-07-09 36352]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-10-10 1799952]
"NeroCheck"=C:\WINDOWS\system32\\NeroCheck.exe [2001-07-09 155648]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-05-28 570664]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchList"=C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\i\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
wwwzuc32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Disabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Disabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Disabled:umi"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\AutoRun.exe


======List of files/folders created in the last 1 months======

2010-05-11 15:16:01 ----D---- C:\Program Files\trend micro
2010-05-11 15:16:00 ----D---- C:\rsit
2010-05-11 15:05:16 ----D---- C:\WINDOWS\LastGood
2010-05-11 15:03:47 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2010-05-09 20:22:53 ----D---- C:\Documents and Settings\i\Data aplikací\enchant
2010-05-09 20:19:33 ----D---- C:\Program Files\AbiWord
2010-05-09 20:10:46 ----A---- C:\WINDOWS\system32\mdimon.dll
2010-05-09 20:09:47 ----D---- C:\Program Files\Microsoft ActiveSync
2010-05-09 19:30:30 ----D---- C:\Program Files\Common Files\DESIGNER
2010-05-09 19:30:01 ----D---- C:\Program Files\Microsoft.NET
2010-05-09 19:30:01 ----D---- C:\Program Files\Microsoft Office
2010-05-09 19:29:03 ----RHD---- C:\MSOCache
2010-05-09 12:52:04 ----D---- C:\Program Files\CCleaner
2010-05-08 10:38:02 ----D---- C:\Documents and Settings\i\Data aplikací\OpenOffice.org
2010-05-08 10:25:44 ----D---- C:\Program Files\OpenOffice.org 3
2010-05-07 22:03:18 ----D---- C:\Documents and Settings\i\Data aplikací\Facebook
2010-04-23 17:43:49 ----D---- C:\Program Files\Samorost2
2010-04-21 20:35:46 ----D---- C:\Program Files\Machinarium

======List of files/folders modified in the last 1 months======

2010-05-11 15:16:17 ----D---- C:\WINDOWS\Prefetch
2010-05-11 15:16:01 ----D---- C:\Program Files
2010-05-11 15:11:34 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2010-05-11 15:08:45 ----A---- C:\WINDOWS\wincmd.ini
2010-05-11 15:08:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-11 15:08:39 ----D---- C:\WINDOWS\system32\drivers
2010-05-11 15:05:16 ----D---- C:\WINDOWS
2010-05-11 15:04:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-11 15:03:47 ----D---- C:\WINDOWS\system32
2010-05-11 15:03:44 ----D---- C:\WINDOWS\temp
2010-05-11 12:58:47 ----D---- C:\Program Files\Mozilla Thunderbird
2010-05-11 10:52:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-11 10:32:59 ----D---- C:\Documents and Settings\i\Data aplikací\WTablet
2010-05-11 00:01:07 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-05-10 01:27:45 ----D---- C:\Documents and Settings\i\Data aplikací\uTorrent
2010-05-09 20:53:50 ----SD---- C:\Documents and Settings\i\Data aplikací\Microsoft
2010-05-09 20:46:54 ----A---- C:\WINDOWS\Dc417.INI
2010-05-09 20:38:55 ----SHD---- C:\WINDOWS\Installer
2010-05-09 20:38:54 ----HD---- C:\Config.Msi
2010-05-09 20:38:41 ----RSD---- C:\WINDOWS\assembly
2010-05-09 20:38:40 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-05-09 20:38:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-05-09 20:38:15 ----A---- C:\WINDOWS\vbaddin.ini
2010-05-09 20:19:53 ----RSD---- C:\WINDOWS\Fonts
2010-05-09 20:19:48 ----D---- C:\WINDOWS\WinSxS
2010-05-09 20:10:57 ----A---- C:\WINDOWS\ODBC.INI
2010-05-09 20:09:49 ----D---- C:\WINDOWS\ShellNew
2010-05-09 20:07:33 ----D---- C:\WINDOWS\system
2010-05-09 19:30:30 ----D---- C:\Program Files\Common Files
2010-05-09 19:25:20 ----D---- C:\Program Files\Armagetron Advanced
2010-05-09 12:54:22 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-09 12:53:36 ----D---- C:\WINDOWS\Debug
2010-05-09 12:53:35 ----D---- C:\WINDOWS\Minidump
2010-05-08 11:02:45 ----D---- C:\WINDOWS\Media
2010-05-08 10:24:56 ----D---- C:\Program Files\OpenOffice.org 2.4
2010-05-08 10:23:25 ----D---- C:\Documents and Settings\i\Data aplikací\OpenOffice.org2
2010-04-25 19:46:12 ----D---- C:\Program Files\FastStone Capture
2010-04-25 17:38:33 ----D---- C:\Program Files\rajce
2010-04-24 16:21:28 ----D---- C:\Program Files\Mozilla Firefox
2010-04-15 00:43:05 ----A---- C:\WINDOWS\cdplayer.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 43008]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2007-05-31 11136]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-10-10 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-10-10 25160]
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-05-31 12416]
R3 ASUSVRC;ASUSTeK Virtual Capture Device; C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-09-26 101376]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-11 6738432]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-09-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-09-11 19968]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2007-05-31 10752]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2008-08-18 13352]
R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2007-05-31 258560]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-10-10 723632]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-11 163908]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 TabletServicePen;TabletServicePen; C:\WINDOWS\system32\Pen_Tablet.exe [2009-01-19 2789160]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-06 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-05-16 228208]

-----------------EOF-----------------

[Caroprd111]

Zdravím


Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

[mia222]

log z combofixu


ComboFix 10-05-10.05 - i 11.05.2010 20:24:54.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1454 [GMT 2:00]
Spuštěný z: c:\documents and settings\i\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100511-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
C:\Thumbs.db
c:\windows\system32\AbaleZip.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\fjhdyfhsn.bat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-11 do 2010-05-11 )))))))))))))))))))))))))))))))
.

2010-05-11 13:16 . 2010-05-11 13:16 -------- d-----w- c:\program files\trend micro
2010-05-11 13:16 . 2010-05-11 13:16 -------- d-----w- C:\rsit
2010-05-11 13:07 . 2004-08-03 20:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-11 13:07 . 2004-08-03 20:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-11 13:07 . 2004-08-03 21:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-11 13:07 . 2004-08-03 21:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-11 13:05 . 2004-08-03 21:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-11 13:05 . 2004-08-03 21:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-09 18:22 . 2010-05-09 18:22 -------- d-----w- c:\documents and settings\i\AbiSuite
2010-05-09 18:19 . 2010-05-09 18:37 -------- d-----w- c:\program files\AbiWord
2010-05-09 18:10 . 2003-06-18 15:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-05-09 18:10 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-05-09 18:09 . 2010-05-09 18:09 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-09 17:30 . 2010-05-09 17:30 -------- d-----w- c:\program files\Microsoft.NET
2010-05-09 17:29 . 2010-05-09 17:29 -------- d-----r- C:\MSOCache
2010-05-09 10:52 . 2010-05-09 10:52 -------- d-----w- c:\program files\CCleaner
2010-05-08 08:25 . 2010-05-08 08:25 -------- d-----w- c:\program files\OpenOffice.org 3
2010-04-23 15:43 . 2010-04-23 15:43 -------- d-----w- c:\program files\Samorost2
2010-04-21 18:35 . 2010-04-21 18:36 -------- d-----w- c:\program files\Machinarium

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-11 18:25 . 2001-10-25 14:00 403596 ----a-w- c:\windows\system32\perfh005.dat
2010-05-11 18:25 . 2001-10-25 14:00 74876 ----a-w- c:\windows\system32\perfc005.dat
2010-05-11 13:51 . 2010-04-09 19:46 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-10 14:55 . 2007-01-01 00:03 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-05-09 17:25 . 2010-03-17 19:35 -------- d-----w- c:\program files\Armagetron Advanced
2010-05-08 08:24 . 2008-08-31 13:01 -------- d-----w- c:\program files\OpenOffice.org 2.4
2010-04-25 17:46 . 2008-07-20 21:33 -------- d-----w- c:\program files\FastStone Capture
2010-04-25 15:38 . 2007-12-09 16:13 -------- d-----w- c:\program files\rajce
2010-04-10 22:00 . 2008-08-28 14:59 -------- d-----w- c:\program files\Common Files\Java
2010-04-10 21:59 . 2008-08-28 15:05 -------- d-----w- c:\program files\Java
2010-04-10 10:45 . 2010-04-09 21:32 -------- d-----w- c:\program files\uTorrent
2010-04-09 21:12 . 2008-08-20 21:25 -------- d-----w- c:\program files\MyHeritage
2010-04-09 21:04 . 2009-10-10 11:17 -------- d-----w- c:\program files\COMODO
2010-04-09 21:04 . 2008-02-22 23:16 -------- d-----w- c:\program files\DivX
2010-04-09 21:02 . 2007-01-01 00:06 -------- d-----w- c:\program files\GameFace Messenger
2010-04-09 21:02 . 2007-01-01 00:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-09 21:02 . 2007-01-01 00:03 -------- d-----w- c:\program files\ASUS
2010-04-09 20:59 . 2008-09-06 13:27 -------- d-----w- c:\program files\Get Album Art
2010-04-07 21:41 . 2007-01-01 00:08 98304 ----a-w- c:\windows\DUMP55c1.tmp
2010-04-04 14:32 . 2010-03-02 17:09 -------- d-----w- c:\program files\O2 Mobilni internet
2010-03-29 00:25 . 2007-12-23 13:29 -------- d-----w- c:\program files\ICQToolbar
2010-03-23 21:41 . 2010-03-23 21:41 -------- d-----w- c:\program files\Sibelius Software
2010-03-19 18:27 . 2007-12-12 18:03 -------- d-----w- c:\program files\AnyDATA
2010-03-16 21:19 . 2010-03-16 20:58 153830 ----a-w- c:\windows\HPHins15.dat
2010-03-16 21:07 . 2008-12-25 14:49 -------- d-----w- c:\program files\HP
2009-11-01 13:40 . 2009-11-01 13:29 162 ----a-w- c:\program files\setuplog.txt
2008-10-12 18:53 . 2008-10-12 18:52 8 --sh--w- c:\program files\.data211204.dat
2008-10-12 18:53 . 2008-10-12 18:52 8 --sh--w- c:\program files\.data211004.dat
2008-10-12 18:53 . 2008-10-12 18:52 8 --sh--w- c:\program files\.data110704.dat
2008-10-12 18:52 . 2008-10-12 18:52 8 --sh--w- c:\program files\.drv120405.dat
2008-10-12 18:52 . 2008-10-12 18:52 8 --sh--w- c:\program files\.dat000002.dat
2008-10-12 18:52 . 2008-10-12 18:52 8 --sh--w- c:\program files\.dat000001.dat
2007-11-09 10:41 . 2007-11-09 10:41 120832 ----a-w- c:\program files\AdVantageSetup.exe
2009-11-24 12:14 . 2009-11-24 12:14 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-11-28 11:10 . 2009-11-28 11:10 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-08_15.48.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-06 23:19 . 2007-11-06 23:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 47104 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 41984 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 41472 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 60416 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 60928 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll
+ 2007-11-06 20:51 . 2007-11-06 20:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
+ 2007-11-06 20:51 . 2007-11-06 20:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
+ 2010-05-11 18:21 . 2010-05-11 18:21 16384 c:\windows\temp\Perflib_Perfdata_6cc.dat
+ 2010-05-11 18:21 . 2010-05-11 18:21 16384 c:\windows\temp\Perflib_Perfdata_34c.dat
+ 2010-05-09 18:10 . 2003-06-18 15:31 35328 c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2010-05-09 18:10 . 2003-06-18 15:31 35328 c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
- 2001-10-25 14:00 . 2009-11-29 11:24 63528 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2010-05-11 18:25 63528 c:\windows\system32\perfc009.dat
+ 1998-06-17 17:08 . 1998-06-17 17:08 53248 c:\windows\system32\MFC42ENU.DLL
- 2009-01-03 19:27 . 2009-09-16 20:36 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-01-03 19:27 . 2010-02-06 13:09 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2003-07-14 20:57 . 2003-07-14 20:57 32584 c:\windows\system32\FM20ENU.DLL
+ 2010-04-04 14:31 . 2008-09-26 16:00 24448 c:\windows\system32\drivers\ewdcsc.sys
+ 2001-08-17 21:52 . 2001-08-17 19:52 18688 c:\windows\system32\drivers\cdaudio.sys
- 2001-08-17 21:52 . 2001-10-25 14:00 18688 c:\windows\system32\drivers\cdaudio.sys
+ 2010-01-29 19:57 . 2009-11-24 23:49 48560 c:\windows\system32\drivers\aswTdi.sys
- 2009-10-10 10:28 . 2009-11-24 23:49 48560 c:\windows\system32\drivers\aswTdi.sys
+ 2010-01-29 19:57 . 2009-11-24 23:48 23120 c:\windows\system32\drivers\aswRdr.sys
- 2009-10-10 10:28 . 2009-11-24 23:48 23120 c:\windows\system32\drivers\aswRdr.sys
+ 2010-01-29 19:57 . 2009-11-24 23:50 94160 c:\windows\system32\drivers\aswmon2.sys
- 2009-10-10 10:28 . 2009-09-15 10:56 94160 c:\windows\system32\drivers\aswmon2.sys
- 2009-10-10 10:28 . 2009-11-24 23:51 93424 c:\windows\system32\drivers\aswmon.sys
+ 2010-01-29 19:57 . 2009-11-24 23:51 93424 c:\windows\system32\drivers\aswmon.sys
- 2009-10-10 10:28 . 2009-09-15 10:55 20560 c:\windows\system32\drivers\aswFsBlk.sys
+ 2010-01-29 19:57 . 2009-11-24 23:50 20560 c:\windows\system32\drivers\aswFsBlk.sys
+ 2010-01-29 19:57 . 2009-11-24 23:47 27408 c:\windows\system32\drivers\aavmker4.sys
- 2009-10-10 10:28 . 2009-11-24 23:47 27408 c:\windows\system32\drivers\aavmker4.sys
+ 2004-08-03 20:59 . 2004-08-03 20:59 11392 c:\windows\system32\dllcache\sfloppy.sys
+ 2004-08-17 15:43 . 2004-08-17 13:57 39168 c:\windows\system32\dllcache\processr.sys
+ 2004-08-03 20:59 . 2004-08-03 20:59 20480 c:\windows\system32\dllcache\flpydisk.sys
+ 2004-08-03 20:59 . 2004-08-03 20:59 27392 c:\windows\system32\dllcache\fdc.sys
+ 2001-08-17 21:52 . 2001-08-17 19:52 18688 c:\windows\system32\dllcache\cdaudio.sys
+ 2006-12-31 23:29 . 2010-05-11 13:03 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-12-31 23:29 . 2006-12-31 23:29 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-12-31 23:29 . 2006-12-31 23:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-12-31 23:29 . 2010-05-11 13:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-05-11 13:03 . 2010-05-11 13:03 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-01-29 19:57 . 2009-11-24 23:47 97480 c:\windows\system32\AvastSS.scr
- 2009-10-10 10:28 . 2009-11-24 23:47 97480 c:\windows\system32\AvastSS.scr
+ 2010-03-16 21:08 . 2010-03-16 21:08 25214 c:\windows\Installer\{F72E2DDC-3DB8-4190-A21D-63883D955FE7}\ARPPRODUCTICON.exe
- 2007-01-08 23:46 . 2007-01-08 23:46 25214 c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Distiller.exe
+ 2007-01-08 23:46 . 2010-04-01 10:01 25214 c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Distiller.exe
- 2007-01-08 23:46 . 2007-01-08 23:46 25214 c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat_Standard.exe
+ 2007-01-08 23:46 . 2010-04-01 10:01 25214 c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat_Standard.exe
+ 2007-01-08 23:46 . 2010-04-01 10:01 25214 c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe
- 2007-01-08 23:46 . 2007-01-08 23:46 25214 c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe
+ 2007-01-08 23:46 . 2010-04-01 10:01 65536 c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\PM_Designer.exe
- 2007-01-08 23:46 . 2007-01-08 23:46 65536 c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\PM_Designer.exe
+ 2010-05-09 18:10 . 2010-05-09 18:10 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-05-09 18:10 . 2010-05-09 18:10 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2010-05-09 18:10 . 2010-05-09 18:10 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-05-09 18:10 . 2010-05-09 18:10 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-05-09 18:10 . 2010-05-09 18:10 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2010-05-09 18:10 . 2010-05-09 18:10 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-03-16 21:08 . 2010-03-16 21:08 25214 c:\windows\Installer\{8389382B-53BA-4A87-8854-91E3D80A5AC7}\NewShortcut2_8389382B53BA4A87885491E3D80A5AC7.exe
+ 2010-03-16 21:08 . 2010-03-16 21:08 25214 c:\windows\Installer\{8389382B-53BA-4A87-8854-91E3D80A5AC7}\NewShortcut1_8389382B53BA4A87885491E3D80A5AC7.exe
+ 2010-03-16 21:08 . 2010-03-16 21:08 25214 c:\windows\Installer\{8389382B-53BA-4A87-8854-91E3D80A5AC7}\ARPPRODUCTICON.exe
+ 2010-03-16 21:07 . 2010-03-16 21:07 25214 c:\windows\Installer\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}\hpqSSupply.exe
+ 2010-03-16 21:07 . 2010-03-16 21:07 25214 c:\windows\Installer\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}\ARPPRODUCTICON.exe
+ 2010-03-16 21:05 . 2010-03-16 21:05 65536 c:\windows\Installer\{10E1E87C-656C-4D08-86D6-5443D28583BE}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
- 2008-12-25 14:52 . 2008-12-25 14:52 65536 c:\windows\Installer\{10E1E87C-656C-4D08-86D6-5443D28583BE}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
+ 2010-05-08 08:25 . 2010-05-08 08:25 11264 c:\windows\assembly\GAC_MSIL\cli_basetypes\1.0.15.0__ce2cb7e279207b9e\cli_basetypes.dll
+ 2010-05-08 08:26 . 2010-05-08 08:26 63488 c:\windows\assembly\GAC_32\cli_cppuhelper\1.0.18.0__ce2cb7e279207b9e\cli_cppuhelper.dll
+ 2010-05-09 17:30 . 2010-05-09 17:30 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2010-05-09 17:30 . 2010-05-09 17:30 64088 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2007-01-08 23:46 . 2010-04-01 10:01 7278 c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_ELEMENTS_DT.exe
- 2007-01-08 23:46 . 2007-01-08 23:46 7278 c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_ELEMENTS_DT.exe
+ 2010-05-09 18:10 . 2010-05-09 18:10 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-12-25 14:33 . 2007-08-28 06:45 2828 c:\windows\hphmdl15.dat
+ 2010-03-16 20:58 . 2007-08-28 06:45 2828 c:\windows\hphmdl15.dat
+ 2010-05-08 08:25 . 2010-05-08 08:25 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_uretypes\4.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
+ 2010-05-08 08:25 . 2010-05-08 08:25 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_ure\18.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
+ 2010-05-08 08:26 . 2010-05-08 08:26 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_oootypes\4.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
+ 2010-05-08 08:25 . 2010-05-08 08:25 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_basetypes\15.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
+ 2010-05-08 08:25 . 2010-05-08 08:25 7680 c:\windows\assembly\GAC_MSIL\cli_ure\1.0.18.0__ce2cb7e279207b9e\cli_ure.dll
+ 2010-05-08 08:26 . 2010-05-08 08:26 3072 c:\windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\18.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
+ 2010-05-09 17:30 . 2010-05-09 17:30 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2010-02-18 05:13 . 2010-02-18 05:13 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2010-02-18 05:13 . 2010-02-18 05:13 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2010-02-18 05:13 . 2010-02-18 05:13 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2002-08-21 03:13 . 2002-08-21 03:13 189952 c:\windows\system32\WISPTIS.EXE
+ 2010-05-09 18:10 . 2003-06-18 15:31 758784 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2010-05-09 18:10 . 2003-06-18 15:31 758784 c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
- 1998-09-17 03:20 . 1998-09-17 03:20 151552 c:\windows\system32\RDOCURS.DLL
+ 2000-04-03 15:52 . 2000-04-03 15:52 151552 c:\windows\system32\RDOCURS.DLL
- 2001-10-25 14:00 . 2009-11-29 11:24 393528 c:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2010-05-11 18:25 393528 c:\windows\system32\perfh009.dat
- 1998-08-09 17:07 . 1998-08-09 17:07 118784 c:\windows\system32\MSSTDFMT.DLL
+ 2000-05-23 20:45 . 2000-05-23 20:45 118784 c:\windows\system32\MSSTDFMT.DLL
+ 2000-05-11 11:06 . 2000-05-11 11:06 397312 c:\windows\system32\MSRDO20.DLL
- 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-03-11 20:24 . 2007-03-11 20:24 190072 c:\windows\system32\Macromed\Flash\FlashUtil9b.exe
+ 2010-04-10 21:59 . 2009-12-17 15:14 153376 c:\windows\system32\javaws.exe
+ 2010-04-10 21:59 . 2009-12-17 15:14 145184 c:\windows\system32\javaw.exe
+ 2010-04-10 21:59 . 2009-12-17 15:14 145184 c:\windows\system32\java.exe
+ 2002-08-21 03:10 . 2002-08-21 03:10 204800 c:\windows\system32\INKED.DLL
- 2008-12-25 14:50 . 2007-03-30 15:11 267864 c:\windows\system32\DRVSTORE\hphdcsla_4C388B3206D5DD353FB65CAF17A08B709B454730\hpzids01.dll
+ 2010-03-16 21:03 . 2007-03-30 15:11 267864 c:\windows\system32\DRVSTORE\hphdcsla_4C388B3206D5DD353FB65CAF17A08B709B454730\hpzids01.dll
+ 2010-04-04 14:31 . 2008-09-26 16:01 621056 c:\windows\system32\drivers\mod7700.sys
+ 2010-04-04 14:31 . 2008-09-26 16:01 113664 c:\windows\system32\drivers\ewusbnet.sys
+ 2010-04-04 14:31 . 2008-09-26 16:01 101376 c:\windows\system32\drivers\ewusbmdm.sys
+ 2010-01-29 19:57 . 2009-11-24 23:50 114768 c:\windows\system32\drivers\aswSP.sys
- 2009-10-10 10:28 . 2009-09-15 10:55 114768 c:\windows\system32\drivers\aswSP.sys
+ 2009-08-05 07:24 . 2009-12-17 15:14 411368 c:\windows\system32\deploytk.dll
+ 2010-01-28 22:22 . 2010-01-28 22:22 389632 c:\windows\system32\CF528.exe
+ 2010-04-26 21:29 . 2004-08-25 14:41 372736 c:\windows\Resources\Themes\royal noir\Shell\NormalColor\metal_ss.dll
+ 2010-04-26 21:29 . 2004-08-25 14:41 372736 c:\windows\Resources\Themes\royal noir\Shell\Metallic\Shellstyle.dll
+ 2010-04-10 22:00 . 2010-04-10 22:00 178176 c:\windows\Installer\af8056.msi
+ 2010-03-16 21:08 . 2010-03-16 21:08 312320 c:\windows\Installer\a256c.msi
+ 2010-03-16 21:08 . 2010-03-16 21:08 491008 c:\windows\Installer\a2567.msi
+ 2010-03-16 21:08 . 2010-03-16 21:08 898560 c:\windows\Installer\a2562.msi
+ 2010-03-16 21:07 . 2010-03-16 21:07 472576 c:\windows\Installer\a255c.msi
+ 2010-03-16 21:07 . 2010-03-16 21:07 586240 c:\windows\Installer\a2556.msi
+ 2010-03-16 21:07 . 2010-03-16 21:07 121344 c:\windows\Installer\a254e.msi
+ 2010-03-16 21:07 . 2010-03-16 21:07 628736 c:\windows\Installer\a2549.msi
+ 2010-03-16 21:07 . 2010-03-16 21:07 526336 c:\windows\Installer\a253f.msi
+ 2010-03-16 21:06 . 2010-03-16 21:06 121344 c:\windows\Installer\a2536.msi
+ 2010-03-16 21:06 . 2010-03-16 21:06 426496 c:\windows\Installer\a2531.msi
+ 2010-03-16 21:06 . 2010-03-16 21:06 339968 c:\windows\Installer\a252a.msi
+ 2010-03-16 21:05 . 2010-03-16 21:05 600576 c:\windows\Installer\a2525.msi
+ 2010-03-16 21:05 . 2010-03-16 21:05 532480 c:\windows\Installer\a251e.msi
+ 2010-03-16 21:05 . 2010-03-16 21:05 121344 c:\windows\Installer\a2518.msi
+ 2010-03-16 21:05 . 2010-03-16 21:05 425472 c:\windows\Installer\a2513.msi
+ 2010-03-16 21:05 . 2010-03-16 21:05 326144 c:\windows\Installer\a250a.msi
+ 2010-03-16 21:05 . 2010-03-16 21:05 500736 c:\windows\Installer\a2505.msi
+ 2010-03-16 21:05 . 2010-03-16 21:05 316416 c:\windows\Installer\a2500.msi
+ 2010-03-23 21:41 . 2010-03-23 21:41 284160 c:\windows\Installer\4d7914.msi
+ 2010-03-16 21:19 . 2010-03-16 21:19 324608 c:\windows\Installer\1eab8.msi
+ 2010-03-16 21:19 . 2010-03-16 21:19 240640 c:\windows\Installer\1eab2.msi
+ 2010-03-16 21:18 . 2010-03-16 21:18 797696 c:\windows\Installer\1eaad.msi
+ 2010-05-09 18:19 . 2010-05-09 18:19 228352 c:\windows\Installer\1b7c839.msi
+ 2010-05-09 18:10 . 2010-05-09 18:10 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-05-09 18:10 . 2010-05-09 18:10 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2010-05-09 18:10 . 2010-05-09 18:10 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-05-09 18:10 . 2010-05-09 18:10 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-05-09 18:10 . 2010-05-09 18:10 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-05-09 18:10 . 2010-05-09 18:10 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-05-08 08:25 . 2010-05-08 08:25 118784 c:\windows\assembly\GAC_MSIL\cli_uretypes\1.0.4.0__ce2cb7e279207b9e\cli_uretypes.dll
+ 2010-05-08 08:26 . 2010-05-08 08:26 856064 c:\windows\assembly\GAC_MSIL\cli_oootypes\1.0.4.0__ce2cb7e279207b9e\cli_oootypes.dll
+ 2010-05-09 17:30 . 2010-05-09 17:30 223800 c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2010-05-09 17:30 . 2010-05-09 17:30 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2010-05-09 17:30 . 2010-05-09 17:30 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 1162744 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 1156600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
+ 2007-01-01 00:13 . 2010-05-10 08:16 1513216 c:\windows\system32\FNTCACHE.DAT
+ 2003-08-03 08:56 . 2003-08-03 08:56 1146184 c:\windows\system32\FM20.DLL
+ 2010-01-29 19:57 . 2009-11-24 23:54 1280480 c:\windows\system32\aswBoot.exe
- 2009-10-10 10:28 . 2009-11-24 23:54 1280480 c:\windows\system32\aswBoot.exe
+ 2010-05-09 18:10 . 2010-05-09 18:10 5922816 c:\windows\Installer\1b7c833.msi
+ 2010-05-08 08:27 . 2010-05-08 08:27 7424000 c:\windows\Installer\{5DE71D48-01EB-4BF2-A643-50FE6C9B6AC9}\soffice.exe
+ 2010-05-08 08:27 . 2010-05-08 08:27 10156544 c:\windows\Installer\9088c.msi
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]
"nwiz"="nwiz.exe" [2007-05-10 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-06-01 380928]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-10-10 1799952]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\i\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]
wwwzuc32.exe [2004-8-17 29696]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2007-1-9 25214]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"222:TCP"= 222:TCP:*:Disabled:mikrotorrent
"64449:TCP"= 64449:TCP:*:Disabled:tor
"2:TCP"= 2:TCP:2

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29.1.2010 21:57 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [10.10.2009 13:17 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.10.2009 13:17 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.1.2010 21:57 20560]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [18.10.2008 19:16 2789160]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.3.2008 13:31 715248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.www.daemon-search.com/default
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\documents and settings\i\Data aplikací\Mozilla\Firefox\Profiles\yn3llz5h.default\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-11 20:29
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1563985344-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D088419B-59D4-B977-600F-2F331FB8AF99}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahemckclmnkjnjdhg"=hex:6a,61,67,64,62,6b,63,6a,6b,61,64,70,6a,69,6a,63,67,66,
61,6d,00,01
"habgcdfghlcgckjn"=hex:6a,61,67,64,70,6a,61,61,6c,68,66,66,70,62,62,65,68,64,
69,70,00,01
.
Celkový čas: 2010-05-11 20:30:54
ComboFix-quarantined-files.txt 2010-05-11 18:30
ComboFix2.txt 2010-01-28 22:37
ComboFix3.txt 2010-01-28 21:53
ComboFix4.txt 2010-01-08 15:49
ComboFix5.txt 2010-05-11 18:21

Před spuštěním: Volných bajtů: 218 866 851 840
Po spuštění: Volných bajtů: 218 827 689 984

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 149125CFA85B8B0A2F590B9DE62E504A

[Caroprd111]

Pokud nemáte, přesuňte Combofix na plochu

• Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

File::
c:\documents and settings\i\Nabídka Start\Programy\Po spuštění\wwwzuc32.exe 

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000

RegNull::
[HKEY_USERS\S-1-5-21-1409082233-1563985344-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D088419B-59D4-B977-600F-2F331FB8AF99}*]

• Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
  
• Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[mia222]

ComboFix 10-05-10.05 - i 11.05.2010 21:07:50.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1478 [GMT 2:00]
Spuštěný z: c:\documents and settings\i\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\i\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100511-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\documents and settings\i\Nabídka Start\Programy\Po spuštění\wwwzuc32.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\i\Nabídka Start\Programy\Po spuštění\wwwzuc32.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-11 do 2010-05-11 )))))))))))))))))))))))))))))))
.

2010-05-11 13:16 . 2010-05-11 13:16 -------- d-----w- c:\program files\trend micro
2010-05-11 13:16 . 2010-05-11 13:16 -------- d-----w- C:\rsit
2010-05-11 13:07 . 2004-08-03 20:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-11 13:07 . 2004-08-03 20:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-11 13:07 . 2004-08-03 21:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-11 13:07 . 2004-08-03 21:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-11 13:05 . 2004-08-03 21:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-11 13:05 . 2004-08-03 21:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-09 18:22 . 2010-05-09 18:22 -------- d-----w- c:\documents and settings\i\AbiSuite
2010-05-09 18:19 . 2010-05-09 18:37 -------- d-----w- c:\program files\AbiWord
2010-05-09 18:10 . 2003-06-18 15:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-05-09 18:10 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-05-09 18:09 . 2010-05-09 18:09 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-09 17:30 . 2010-05-09 17:30 -------- d-----w- c:\program files\Microsoft.NET
2010-05-09 17:29 . 2010-05-09 17:29 -------- d-----r- C:\MSOCache
2010-05-09 10:52 . 2010-05-09 10:52 -------- d-----w- c:\program files\CCleaner
2010-05-08 08:25 . 2010-05-08 08:25 -------- d-----w- c:\program files\OpenOffice.org 3
2010-04-23 15:43 . 2010-04-23 15:43 -------- d-----w- c:\program files\Samorost2
2010-04-21 18:35 . 2010-04-21 18:36 -------- d-----w- c:\program files\Machinarium

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-11 18:31 . 2001-10-25 14:00 74876 ----a-w- c:\windows\system32\perfc005.dat
2010-05-11 18:31 . 2001-10-25 14:00 403596 ----a-w- c:\windows\system32\perfh005.dat
2010-05-11 13:51 . 2010-04-09 19:46 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-10 14:55 . 2007-01-01 00:03 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-05-09 17:25 . 2010-03-17 19:35 -------- d-----w- c:\program files\Armagetron Advanced
2010-05-08 08:24 . 2008-08-31 13:01 -------- d-----w- c:\program files\OpenOffice.org 2.4
2010-04-25 17:46 . 2008-07-20 21:33 -------- d-----w- c:\program files\FastStone Capture
2010-04-25 15:38 . 2007-12-09 16:13 -------- d-----w- c:\program files\rajce
2010-04-10 22:00 . 2008-08-28 14:59 -------- d-----w- c:\program files\Common Files\Java
2010-04-10 21:59 . 2008-08-28 15:05 -------- d-----w- c:\program files\Java
2010-04-10 10:45 . 2010-04-09 21:32 -------- d-----w- c:\program files\uTorrent
2010-04-09 21:12 . 2008-08-20 21:25 -------- d-----w- c:\program files\MyHeritage
2010-04-09 21:04 . 2009-10-10 11:17 -------- d-----w- c:\program files\COMODO
2010-04-09 21:04 . 2008-02-22 23:16 -------- d-----w- c:\program files\DivX
2010-04-09 21:02 . 2007-01-01 00:06 -------- d-----w- c:\program files\GameFace Messenger
2010-04-09 21:02 . 2007-01-01 00:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-09 21:02 . 2007-01-01 00:03 -------- d-----w- c:\program files\ASUS
2010-04-09 20:59 . 2008-09-06 13:27 -------- d-----w- c:\program files\Get Album Art
2010-04-07 21:41 . 2007-01-01 00:08 98304 ----a-w- c:\windows\DUMP55c1.tmp
2010-04-04 14:32 . 2010-03-02 17:09 -------- d-----w- c:\program files\O2 Mobilni internet
2010-03-29 00:25 . 2007-12-23 13:29 -------- d-----w- c:\program files\ICQToolbar
2010-03-23 21:41 . 2010-03-23 21:41 -------- d-----w- c:\program files\Sibelius Software
2010-03-19 18:27 . 2007-12-12 18:03 -------- d-----w- c:\program files\AnyDATA
2010-03-16 21:19 . 2010-03-16 20:58 153830 ----a-w- c:\windows\HPHins15.dat
2010-03-16 21:07 . 2008-12-25 14:49 -------- d-----w- c:\program files\HP
2009-11-01 13:40 . 2009-11-01 13:29 162 ----a-w- c:\program files\setuplog.txt
2008-10-12 18:53 . 2008-10-12 18:52 8 --sh--w- c:\program files\.data211204.dat
2008-10-12 18:53 . 2008-10-12 18:52 8 --sh--w- c:\program files\.data211004.dat
2008-10-12 18:53 . 2008-10-12 18:52 8 --sh--w- c:\program files\.data110704.dat
2008-10-12 18:52 . 2008-10-12 18:52 8 --sh--w- c:\program files\.drv120405.dat
2008-10-12 18:52 . 2008-10-12 18:52 8 --sh--w- c:\program files\.dat000002.dat
2008-10-12 18:52 . 2008-10-12 18:52 8 --sh--w- c:\program files\.dat000001.dat
2007-11-09 10:41 . 2007-11-09 10:41 120832 ----a-w- c:\program files\AdVantageSetup.exe
2009-11-24 12:14 . 2009-11-24 12:14 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-11-28 11:10 . 2009-11-28 11:10 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-05-11_18.29.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-10-25 14:00 . 2010-05-11 18:25 63528 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2010-05-11 18:31 63528 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2010-05-11 18:31 393528 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-05-11 18:25 393528 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]
"nwiz"="nwiz.exe" [2007-05-10 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-06-01 380928]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-10-10 1799952]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\i\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2007-1-9 25214]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"222:TCP"= 222:TCP:*:Disabled:mikrotorrent
"64449:TCP"= 64449:TCP:*:Disabled:tor
"2:TCP"= 2:TCP:2

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29.1.2010 21:57 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [10.10.2009 13:17 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.10.2009 13:17 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.1.2010 21:57 20560]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [18.10.2008 19:16 2789160]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.3.2008 13:31 715248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.www.daemon-search.com/default
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\documents and settings\i\Data aplikací\Mozilla\Firefox\Profiles\yn3llz5h.default\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-11 21:10
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-05-11 21:12:05
ComboFix-quarantined-files.txt 2010-05-11 19:12
ComboFix2.txt 2010-05-11 18:30
ComboFix3.txt 2010-01-28 22:37
ComboFix4.txt 2010-01-28 21:53
ComboFix5.txt 2010-05-11 19:07

Před spuštěním: Volných bajtů: 218 844 426 240
Po spuštění: Volných bajtů: 218 826 420 224

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 247576709EE8420B40FF2D1511A00A20

[Caroprd111]

Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

[mia222]

SPTD mi nejde stahnout - existuje neco jinyho podobnyho?

[Caroprd111]

SPTD vynechte a pokračujte dalšími kroky.

[mia222]

ja nevim, kdyz jsem to provedla, tak neni videt, ze by se
neco delo - akorat nefunguje start a cela spodni lista...
ma to tak vypadat?

[mia222]

pardon pardon, uz to mam

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

[Caroprd111]

OK, ještě logy z Gmer.

[mia222]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-12 23:55:14
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\i\LOCALS~1\Temp\afrdapog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

[mia222]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-12 23:59:14
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\i\LOCALS~1\Temp\afrdapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB67D1D46]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB65D36B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB67D1250]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB67D18EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB65D3574]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB67D1132]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB67D3254]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB67D352C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB67D0CF8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB67D1F2C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB65D3A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB65D314C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB67D2ED6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB67D14D4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB67D1B2E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB65D364E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB65D308C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB67D1764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB65D30F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB65D376E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB67D2688]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB67D29F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB65D372E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB67D2C72]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB67D3084]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB65D38AE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB67D146E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB67D1658]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB67D0FFC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB67D0ECA]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C20 805039D4 4 Bytes JMP 64B67D18
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9D05380, 0x2F2FC7, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB6897A00]

---- User code sections - GMER 1.0.15 ----

[Caroprd111]

Jak to vypadá s PC

[mia222]

dobry večer
windows se načítají neuvěřitelně dlouho - jakoby funguje plocha ale spodní lišta se
startem naprosto nereaguje (trvá to asi 5 min(!))