Prosím o kontrolu, mám dost divnej pocit z PC

[William_CZ]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Robotka at 2010-06-15 19:41:01
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 34 GB (45%) free of 76 GB
Total RAM: 3036 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:05, on 15.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fingerprint Sensor\AtService.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\Robotka\LOCALS~1\Temp\Och.exe
C:\WINDOWS\Otebea.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\ADVANC~1\wh_exec.exe
D:\LiberKey\Apps\Asuite\LKrun.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\LiberKey\Apps\SystemExplorer\App\SystemExplorer\SystemExplorer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Translate Client\translateclient.exe
C:\Program Files\Sound Station\SNXUACP.exe
D:\Programy\ymp-dark-.nejnovejsi 3.8.2009-1\Miranda IM\miranda32.exe
D:\LiberKey\LiberKeyTools\LKAppsVCheck\LKAppsVCheck.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Programy\RSIT.exe
C:\Program Files\trend micro\Robotka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15187&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [zCpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [\\192.168.100.254\EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\DOCUME~1\Robotka\LOCALS~1\Temp\E_S20D6.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [ASuite] D:\LiberKey\Apps\Asuite\LKrun.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF9518.cfxxe" /c "C:\ComboFix\C.bat"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SystemExplorerAutoStart] "D:\LiberKey\Apps\SystemExplorer\App\SystemExplorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\DOCUME~1\Robotka\LOCALS~1\Temp\Och.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SystemExplorerDisabled
O4 - Startup: Zástupce - miranda32.lnk = D:\Programy\ymp-dark-.nejnovejsi 3.8.2009-1\Miranda IM\miranda32.exe
O4 - Global Startup: Translate Client.lnk = C:\Program Files\Translate Client\translateclient.exe
O4 - Global Startup: Zástupce - SNXUACP.lnk = C:\Program Files\Sound Station\SNXUACP.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\APSHook.dll APSHook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - c:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
O23 - Service: e8SXhP - CPUID - D:\LiberKey\Apps\Pcwizard\App\PCWizard\Data\pcwizntl.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: GCALDaemon - Unknown owner - C:\Program Files\GCALDaemon\bin\wrapper.exe (file missing)
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jserver SMS service (Jserver) - Unknown owner - C:\Documents and Settings\Robotka\Plocha\jserver\wrapper.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Optimax NetTest Service (NETTEST_SERVICE) - Unknown owner - C:\Documents and Settings\Robotka\Plocha\nettest.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: ULvEwE - CPUID - D:\LiberKey\Apps\Pcwizard\App\PCWizard\Data\pcwizntl.exe
O23 - Service: YB3LI3 - CPUID - D:\LiberKey\Apps\Pcwizard\App\PCWizard\Data\pcwizntl.exe
O24 - Desktop Component 1: Aqua Real 2 - AD0FABD2-7EAE-40B8-8F44-6FCFE6C883CD
O24 - Desktop Component 2: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 16570 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Automatic troubleshooting.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1844237615-839522115-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1844237615-839522115-1004UA.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
BHO_Startup Class - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-01-14 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2009-01-28 98064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-27 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-06 1430824]
"zCpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2008-12-11 81920]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-02-18 177720]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2009-01-16 1044480]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-03 61440]
"NotebookHardwareControl"=C:\Program Files\Notebook Hardware Control\nhc.exe [2007-05-04 2629632]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-05-26 30192]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2007-12-21 1443072]
"\\192.168.100.254\EPSON Stylus DX5000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE [2006-02-14 131072]
"WirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-03-10 506936]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2008-12-16 962128]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008-11-10 165144]
"accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-11-27 298536]
"PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2009-02-11 355896]
"CognizanceTS"=c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2009-01-28 24848]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"WheelMouse"=C:\ADVANC~1\wh_exec.exe [2008-10-08 147456]
"ASuite"=D:\LiberKey\Apps\Asuite\LKrun.exe [2010-05-10 1392640]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"combofix"=C:\ComboFix\CF9518.cfxxe /c C:\ComboFix\C.bat []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-05-26 2346192]
"Google Update"=C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-11-02 135664]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"SystemExplorerAutoStart"=D:\LiberKey\Apps\SystemExplorer\App\SystemExplorer\SystemExplorer.exe [2010-06-08 2211328]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-10 26959144]
"M5T8QL3YW3"=C:\DOCUME~1\Robotka\LOCALS~1\Temp\Och.exe [2010-06-15 173056]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Translate Client.lnk - C:\Program Files\Translate Client\translateclient.exe
Zástupce - SNXUACP.lnk - C:\Program Files\Sound Station\SNXUACP.exe

C:\Documents and Settings\Robotka\Nabídka Start\Programy\Po spuštění
SystemExplorerDisabled
Zástupce - miranda32.lnk - D:\Programy\ymp-dark-.nejnovejsi 3.8.2009-1\Miranda IM\miranda32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\APSHook.dll APSHook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc]
c:\WINDOWS\system32\ackpbsc.dll [2007-11-27 109568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock]
c:\Program Files\ActivIdentity\ActivClient\acunlock.dll [2007-11-27 286720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-04 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\WINDOWS\system32\DeviceNP.dll [2008-08-06 69632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2009-01-28 186640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Programy\Miranda IM\miranda32.exe"="D:\Programy\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"D:\Programy\nova verze Mirnady 8.6.2009\ymp-dark\Miranda IM\miranda32.exe"="D:\Programy\nova verze Mirnady 8.6.2009\ymp-dark\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Hry\Burnt out paradise\BurnoutLauncher.exe"="D:\Hry\Burnt out paradise\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"D:\Hry\Burnt out paradise\BurnoutConfigTool.exe"="D:\Hry\Burnt out paradise\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"D:\Hry\Burnt out paradise\BurnoutParadise.exe"="D:\Hry\Burnt out paradise\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\WINDOWS\system32\mstsc.exe"="C:\WINDOWS\system32\mstsc.exe:*:Enabled:Remote Desktop Connection"
"C:\Program Files\TC UP\TOTALCMD.EXE"="C:\Program Files\TC UP\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\Hry\CS Source\hl2.exe"="D:\Hry\CS Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Hry\TmNationsForever\TmForever.exe"="D:\Hry\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"D:\Hry\TmNationsForever\TmForeverLauncher.exe"="D:\Hry\TmNationsForever\TmForeverLauncher.exe:*:Enabled:Spustit hru TmNationsForever"
"C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Documents and Settings\Robotka\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\Robotka\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"D:\Programy\ymp-dark-.nejnovejsi 3.8.2009-1\Miranda IM\miranda32.exe"="D:\Programy\ymp-dark-.nejnovejsi 3.8.2009-1\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"D:\Programy\teamviewer_5-0-7687_portable\App\teamviewer\TeamViewer.exe"="D:\Programy\teamviewer_5-0-7687_portable\App\teamviewer\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Dude\dude.exe"="C:\Program Files\Dude\dude.exe:*:Enabled:dude"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Hry\cs 1.6\hl.exe"="D:\Hry\cs 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Hry\cs 1.6\hlds.exe"="D:\Hry\cs 1.6\hlds.exe:*:Enabled:HLDS Launcher"
"D:\LiberKey\Apps\Networkstuff\App\NetworkStuff\Network Stuff.exe"="D:\LiberKey\Apps\Networkstuff\App\NetworkStuff\Network Stuff.exe:*:Enabled:Network Stuff"
"D:\LiberKey\Apps\TeamViewer\App\TeamViewer\TeamViewer.exe"="D:\LiberKey\Apps\TeamViewer\App\TeamViewer\TeamViewer.exe:*:Enabled:TeamViewer"
"D:\LiberKey\Apps\uTorrent\App\uTorrent\utorrent.exe"="D:\LiberKey\Apps\uTorrent\App\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\LiberKey\Apps\VLC\App\vlc\vlc.exe"="D:\LiberKey\Apps\VLC\App\vlc\vlc.exe:*:Enabled:VLC media player"
"D:\LiberKey\Apps\Opera\App\Opera\opera.exe"="D:\LiberKey\Apps\Opera\App\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a9ae4c8-3bb3-11df-882b-0025b34e2a57}]
shell\AutoRun\command - "H:\WD SmartWare.exe" autoplay=true


======List of files/folders created in the last 1 months======

2010-06-15 17:41:16 ----A---- C:\WINDOWS\Otebea.exe
2010-06-15 17:41:09 ----A---- C:\WINDOWS\system32\sshnas21.dll
2010-06-13 11:41:29 ----A---- C:\WINDOWS\system32\sun_debug1.txt
2010-06-13 11:41:29 ----A---- C:\WINDOWS\system32\sun_debug.txt
2010-06-12 21:54:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2010-06-12 15:38:18 ----D---- C:\Program Files\Actual Earth 3D
2010-06-11 12:30:17 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-11 12:30:06 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-11 12:24:21 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-06-11 12:24:15 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-11 12:21:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-11 12:19:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-06-11 12:19:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-11 12:18:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-11 10:59:31 ----D---- C:\WINDOWS\pss
2010-06-09 14:50:52 ----D---- C:\Program Files\SopCast
2010-06-09 11:00:20 ----D---- C:\Documents and Settings\Robotka\Data aplikací\EssentialPIM Pro
2010-06-09 02:02:50 ----D---- C:\Documents and Settings\Robotka\Data aplikací\Foxit Software
2010-06-09 00:50:07 ----D---- C:\Documents and Settings\Robotka\Data aplikací\CoreFTP
2010-06-09 00:34:22 ----D---- C:\Documents and Settings\Robotka\Data aplikací\Neowise
2010-06-09 00:20:32 ----D---- C:\Documents and Settings\Robotka\Data aplikací\FTPS
2010-06-09 00:04:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\AASync
2010-06-09 00:04:02 ----D---- C:\Program Files\Object Warehouse
2010-06-08 23:44:27 ----D---- C:\Documents and Settings\Robotka\Data aplikací\Jumping Bytes
2010-06-06 23:45:01 ----D---- C:\Program Files\Sandboxie
2010-05-31 22:56:56 ----D---- C:\Program Files\Common Files\Real
2010-05-31 22:56:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-05-31 22:56:51 ----D---- C:\Documents and Settings\Robotka\Data aplikací\Real
2010-05-31 10:44:20 ----N---- C:\WINDOWS\Setup1.exe
2010-05-31 10:44:19 ----A---- C:\WINDOWS\ST6UNST.EXE
2010-05-30 14:51:32 ----D---- C:\WINDOWS\Downloaded Installations
2010-05-30 14:32:32 ----D---- C:\Program Files\GoQ - NetRadio
2010-05-29 13:12:21 ----D---- C:\Program Files\Common Files\Skype
2010-05-29 13:12:12 ----RD---- C:\Program Files\Skype
2010-05-29 12:57:31 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-05-27 12:46:28 ----A---- C:\WINDOWS\system32\javaws.exe
2010-05-27 12:46:28 ----A---- C:\WINDOWS\system32\javaw.exe
2010-05-27 12:46:28 ----A---- C:\WINDOWS\system32\java.exe
2010-05-27 12:46:28 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-05-27 00:12:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-05-25 16:51:48 ----D---- C:\Program Files\ATI
2010-05-25 10:25:11 ----D---- C:\Documents and Settings\Robotka\Data aplikací\UltraVNC
2010-05-24 23:06:00 ----D---- C:\Program Files\Haali
2010-05-24 23:05:28 ----D---- C:\Program Files\CoreCodec
2010-05-24 01:03:49 ----D---- C:\CrystalMark000B4B4B
2010-05-23 18:56:00 ----D---- C:\Documents and Settings\Robotka\Data aplikací\vlc
2010-05-23 18:54:51 ----D---- C:\Program Files\VideoLAN
2010-05-23 18:49:13 ----D---- C:\Program Files\Readon Technology
2010-05-22 17:31:03 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2010-05-22 17:31:03 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-05-22 17:31:01 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2010-05-22 17:31:00 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-05-21 14:45:42 ----D---- C:\Documents and Settings\Robotka\Data aplikací\JAlbum
2010-05-20 19:55:57 ----D---- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition

======List of files/folders modified in the last 1 months======

2010-06-15 19:41:05 ----A---- C:\Documents and Settings\All Users\Data aplikací\HPWALog.txt
2010-06-15 19:41:02 ----D---- C:\Program Files\trend micro
2010-06-15 19:41:01 ----D---- C:\WINDOWS\Temp
2010-06-15 19:40:57 ----D---- C:\Documents and Settings\Robotka\Data aplikací\Skype
2010-06-15 19:39:26 ----AD---- C:\WINDOWS\system32
2010-06-15 19:38:55 ----AD---- C:\WINDOWS
2010-06-15 19:38:06 ----SD---- C:\WINDOWS\Tasks
2010-06-15 19:38:03 ----D---- C:\Qoobox
2010-06-15 19:37:37 ----D---- C:\Documents and Settings\Robotka\Data aplikací\Hamachi
2010-06-15 19:36:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-15 19:33:10 ----D---- C:\Documents and Settings\Robotka\Data aplikací\skypePM
2010-06-15 19:14:41 ----D---- C:\WINDOWS\Debug
2010-06-15 19:12:51 ----D---- C:\WINDOWS\system32\config
2010-06-15 19:06:41 ----AD---- C:\Documents and Settings\All Users\Data aplikací\Temp
2010-06-15 17:45:10 ----D---- C:\WINDOWS\Prefetch
2010-06-14 16:41:59 ----D---- C:\Documents and Settings\Robotka\Data aplikací\Thinstall
2010-06-14 16:13:34 ----HD---- C:\WINDOWS\inf
2010-06-14 16:13:34 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-14 16:13:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-14 12:12:23 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-14 11:49:43 ----D---- C:\Program Files\ABBYY FineReader 10
2010-06-13 12:29:42 ----D---- C:\Program Files\EarthView
2010-06-13 12:29:42 ----D---- C:\Documents and Settings\Robotka\Data aplikací\DeskSoft
2010-06-13 11:47:40 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2010-06-13 10:42:13 ----D---- C:\Program Files\JDownloader
2010-06-12 21:57:20 ----D---- C:\WINDOWS\system32\wbem
2010-06-12 21:57:19 ----D---- C:\WINDOWS\Registration
2010-06-12 21:56:27 ----D---- C:\Config.Msi
2010-06-12 21:56:07 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-12 21:56:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-06-12 21:55:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-12 21:55:52 ----D---- C:\Program Files\Internet Explorer
2010-06-12 21:55:35 ----D---- C:\Program Files\Outlook Express
2010-06-12 21:55:05 ----D---- C:\WINDOWS\WinSxS
2010-06-12 15:38:18 ----D---- C:\Program Files
2010-06-11 17:57:47 ----D---- C:\Games
2010-06-11 13:38:04 ----RSD---- C:\WINDOWS\assembly
2010-06-11 12:30:06 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-11 12:29:54 ----SHD---- C:\WINDOWS\Installer
2010-06-11 12:17:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-11 11:02:39 ----D---- C:\Documents and Settings\Robotka\Data aplikací\IObit
2010-06-10 16:25:24 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-09 00:32:43 ----D---- C:\Program Files\Common Files
2010-06-08 10:33:28 ----D---- C:\Program Files\Hewlett-Packard
2010-06-08 09:02:54 ----D---- C:\Documents and Settings\Robotka\Data aplikací\Mozilla
2010-06-07 22:34:35 ----D---- C:\WINDOWS\repair
2010-06-07 22:34:35 ----D---- C:\WINDOWS\Logs
2010-06-06 23:45:27 ----A---- C:\WINDOWS\Sandboxie.ini
2010-06-03 19:31:40 ----D---- C:\Documents and Settings\Robotka\Data aplikací\TeamViewer
2010-06-03 19:30:23 ----D---- C:\WINDOWS\system32\inetsrv
2010-06-01 18:36:05 ----D---- C:\Program Files\EurotelSMS
2010-05-31 22:56:57 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-05-29 13:12:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-05-28 12:37:36 ----A---- C:\WINDOWS\system32\MRT.exe
2010-05-27 12:39:32 ----D---- C:\Program Files\7-Zip
2010-05-27 00:12:55 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-05-27 00:12:34 ----D---- C:\Program Files\Common Files\Java
2010-05-27 00:01:55 ----SHD---- C:\System Volume Information
2010-05-25 18:45:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\TrackMania
2010-05-25 16:52:00 ----D---- C:\Program Files\ATI Technologies
2010-05-25 12:36:54 ----D---- C:\Program Files\Formosoft
2010-05-22 17:31:06 ----D---- C:\WINDOWS\system32\DirectX
2010-05-21 14:45:56 ----D---- C:\Program Files\Jalbum
2010-05-21 12:06:58 ----D---- C:\WINDOWS\Minidump
2010-05-21 12:06:46 ----D---- C:\Documents and Settings\Robotka\Data aplikací\Vso
2010-05-21 12:06:46 ----D---- C:\Documents and Settings\Robotka\Data aplikací\VoxOx2
2010-05-21 12:06:46 ----D---- C:\Documents and Settings\Robotka\Data aplikací\ManyCam
2010-05-21 12:06:46 ----D---- C:\Documents and Settings\Robotka\Data aplikací\hpqLog
2010-05-21 12:06:46 ----D---- C:\Documents and Settings\Robotka\Data aplikací\esmska
2010-05-21 12:06:46 ----D---- C:\Documents and Settings\Robotka\Data aplikací\AIMP
2010-05-21 12:06:44 ----D---- C:\WINDOWS\Hewlett-Packard
2010-05-21 12:06:44 ----D---- C:\Program Files\Mumble
2010-05-21 12:06:43 ----D---- C:\HLIDAMSI
2010-05-21 12:06:11 ----D---- C:\Program Files\Net Tools
2010-05-20 18:58:14 ----D---- C:\Program Files\SpeedFan
2010-05-19 09:56:52 ----D---- C:\Program Files\The KMPlayer
2010-05-18 11:10:25 ----D---- C:\Documents and Settings\Robotka\Data aplikací\Nitro PDF
2010-05-16 09:13:22 ----D---- C:\Program Files\PSPad editor
2010-05-16 09:12:37 ----D---- C:\Program Files\Ask.com

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 19445923-6d81-4778-ad9a-a972b464971f;19445923-6d81-4778-ad9a-a972b464971f; \??\C:\WINDOWS\iprot\19445923-6d81-4778-ad9a-a972b464971f\PhysMem.sys []
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32-2\HWiNFO32.SYS []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 RsvLock;RsvLock; C:\WINDOWS\system32\drivers\RsvLock.sys [2008-10-01 12528]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2009-09-28 217664]
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R2 nxsIO32;NextSensor Kernel I/O Driver; \??\C:\WINDOWS\System32\DRIVERS\nxsIO32.sys []
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-09-15 44704]
R3 Accelerometer;HP Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2008-05-23 28592]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2009-01-16 339456]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-10-29 1204128]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-07-23 1735296]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-12 1342602]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nhcDriverDevice;Notebook Hardware Control Driver; \??\C:\WINDOWS\system32\drivers\nhcDriver.sys []
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2007-01-11 3624832]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-02-06 205232]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\WINDOWS\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
R3 xpvcom;XPVCOM Port; C:\WINDOWS\System32\Drivers\xpvcom.sys [2007-03-23 30032]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-11-24 296320]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 ASInsHelp;ASInsHelp; \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys []
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-04-01 93184]
S3 ATP;Comodo EasyVPN Miniport Driver; C:\WINDOWS\system32\DRIVERS\cmdatp.sys []
S3 AVerAF15DMBTH;AVerMedia A850 USB; C:\WINDOWS\System32\Drivers\AVerAF15DMBTH.sys [2009-07-27 554368]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-12 401664]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-12 30363]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-12 148168]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz132;cpuz132; \??\D:\LiberKey\Apps\Pcwizard\App\PCWizard\pcwiz32.sys []
S3 DAMDrv;DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv.sys [2008-08-06 32256]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2004-03-10 12953]
S3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2004-03-03 14095]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2004-03-03 37887]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys []
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NANMp50;NANMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\NANMp50.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-02 47360]
S3 SliceDisk5;SliceDisk5; \??\D:\LiberKey\Apps\PartitionFindandMount\App\PartitionFindandMount\slicedisk.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 uafilter;uafilter; C:\WINDOWS\System32\DRIVERS\uafilter.sys [2003-09-18 9874]
S3 UnlockerDriver4;UnlockerDriver4 Driver; \??\C:\Program Files\Unlocker\UnlockerDriver4.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-07-24 715248]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-22 814344]
R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-11-27 185896]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-11-10 554264]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 astcc;AST Service; C:\WINDOWS\system32\ASTSRV.EXE [2009-09-15 61760]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-04 602112]
R2 ATService;AuthenTec Fingerprint Service; c:\Program Files\Fingerprint Sensor\AtService.exe [2008-10-03 1185016]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-12 258103]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 DisplayLinkService;DisplayLink Service; C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe [2009-03-10 447848]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-02-11 45056]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-10-01 256544]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-01-14 77824]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-27 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-10-16 73728]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-09-15 188736]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-18 66872]
R2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-11-17 1021256]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-04 222512]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-21 228656]
S2 GCALDaemon;GCALDaemon; C:\Program Files\GCALDaemon\bin\wrapper.exe -s C:\Program Files\GCALDaemon\conf\nt-service.cfg []
S2 HamachiService;Hamachi Service; C:\Program Files\Hamachi\hamachi.exe [2009-09-28 625952]
S2 Jserver;Jserver SMS service; C:\Documents and Settings\Robotka\Plocha\jserver\wrapper.exe -s C:\Documents and Settings\Robotka\Plocha\jserver\service\wrapper.conf []
S2 NETTEST_SERVICE;Optimax NetTest Service; C:\Documents and Settings\Robotka\Plocha\nettest.exe /s 2222 []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 e8SXhP;e8SXhP; D:\LiberKey\Apps\Pcwizard\App\PCWizard\Data\pcwizntl.exe [2010-03-27 53248]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-12-21 19200]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\WINDOWS\system32\flcdlock.exe [2008-08-06 349432]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-05-26 30192]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-03-21 435016]
S3 ULvEwE;ULvEwE; D:\LiberKey\Apps\Pcwizard\App\PCWizard\Data\pcwizntl.exe [2010-03-27 53248]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 YB3LI3;YB3LI3; D:\LiberKey\Apps\Pcwizard\App\PCWizard\Data\pcwizntl.exe [2010-03-27 53248]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vyosek]

Zdravim,

Kdyz umite pouzivat Combofix, ktery preci jen vyzaduje hodne zkusnosti, tak asi neni problem i logy a skripty pro nej delat a doresit, ne? Nebo se Vam pokusy vymlky kontrole ?Jak jinak si mam vysvetlit jeho pritomnost a spousteni, kdyz zde ma kazdy napsano ze se ma spoustet jen pod dozorem
Ja bych mel tez divny pocit kdybych mel v PC tolik marastu...
Prosim odpoved na otazky hore a pak zacnem lecit, jelikoz tam toho je opravdu povicero...

[William_CZ]

No jo no. Combofix a RSIt. Hlavní problém je v tom, že sem si to spletl, mám ty dva prográmky uložený u sebe a a prostě sem se ukliknul. Comboxif jsem sice spustil,ale nic sem v něm nedělal. Na začátku po restartu mi to jen napsalo, že mám starou verzi a jestli ji chci aktualizovat a pokračovat. No to mi to už bylo divný a dal nenechal sem ji aktualizovat a tím se Combifix sám vypnul.

Takže se jednalo o omyl. Combofix nebyl spuštěn záměrně, ale omylem. Pomozte prosím dořešit problémy.

[vyosek]

OK, omlouvam se za neprijemne napadeni, ale je tu dost "expertu" co pouzivaji CF a pak chteji PC lecit - jenze CF zamaskuje stopy a my pak nevime kde havet je. A opravdu muze poslat system i do kytek
Pred spustenim ctete kroky nize a pak pri spusteni CF potvrdte aktualizaci

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Vložte do PC vsechny USB klice (flash disky, ext.disky apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte

[William_CZ]

Provedeno, tu je roport:


ComboFix 10-06-15.02 - Robotka 15.06.2010 21:48:01.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3036.2081 [GMT 2:00]
Spuštěný z: c:\documents and settings\Robotka\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Robotka\LOCALS~1\Temp\VolumeControlDLL[0].dll
c:\documents and settings\Robotka\Local Settings\temp\VolumeControlDLL[0].dll
c:\windows\Otebea.exe
c:\windows\system32\sshnas21.dll
c:\windows\system32\Temp
c:\windows\system32\Temp\aawfhriejlcmbvbhxjui.list
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Soubory vytvořené od 2010-05-15 do 2010-06-15 )))))))))))))))))))))))))))))))
.

2010-06-15 19:42 . 2010-06-15 19:42 390144 ----a-w- c:\windows\system32\CF30741.exe
2010-06-13 09:39 . 2010-06-13 09:39 -------- d-----w- c:\documents and settings\Robotka\Data aplikaci
2010-06-12 19:57 . 2010-06-12 19:57 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-12 13:38 . 2010-06-13 09:22 -------- d-----w- c:\program files\Actual Earth 3D
2010-06-11 10:06 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 12:50 . 2010-06-09 12:51 -------- d-----w- c:\program files\SopCast
2010-06-08 22:04 . 2010-06-08 22:04 -------- d-----w- c:\program files\Object Warehouse
2010-06-06 21:45 . 2010-06-06 21:49 -------- d-----w- c:\program files\Sandboxie
2010-05-31 20:56 . 2010-06-01 16:54 -------- d-----w- c:\program files\Common Files\Real
2010-05-31 08:44 . 2010-05-31 08:44 286720 ------w- c:\windows\Setup1.exe
2010-05-31 08:44 . 2010-05-31 08:44 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-05-30 12:51 . 2010-05-30 12:51 -------- d-----w- c:\windows\Downloaded Installations
2010-05-30 12:32 . 2010-05-30 12:38 -------- d-----w- c:\program files\GoQ - NetRadio
2010-05-29 11:12 . 2010-05-29 11:12 -------- d-----w- c:\program files\Common Files\Skype
2010-05-29 11:12 . 2010-05-29 11:12 -------- d-----r- c:\program files\Skype
2010-05-29 10:57 . 2010-05-29 10:57 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-05-27 10:46 . 2010-05-27 10:46 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-25 14:51 . 2010-05-25 14:51 -------- d-----w- c:\program files\ATI
2010-05-24 21:06 . 2010-05-24 21:06 -------- d-----w- c:\program files\Haali
2010-05-24 21:05 . 2010-05-24 21:05 -------- d-----w- c:\program files\CoreCodec
2010-05-23 23:03 . 2010-05-28 14:49 -------- d-----w- C:\CrystalMark000B4B4B
2010-05-23 16:54 . 2010-05-23 17:37 -------- d-----w- c:\program files\VideoLAN
2010-05-23 16:49 . 2010-05-23 16:49 -------- d-----w- c:\program files\Readon Technology
2010-05-22 15:31 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-05-22 15:31 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-05-22 15:31 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-05-22 15:31 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-05-20 17:55 . 2010-05-20 18:22 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 19:54 . 2009-07-23 14:48 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-06-15 17:41 . 2010-01-06 20:08 -------- d-----w- c:\program files\trend micro
2010-06-14 09:49 . 2010-03-31 07:02 -------- d-----w- c:\program files\ABBYY FineReader 10
2010-06-13 10:29 . 2009-10-06 13:47 -------- d-----w- c:\program files\EarthView
2010-06-13 08:42 . 2010-03-06 10:13 -------- d-----w- c:\program files\JDownloader
2010-06-12 19:56 . 2010-02-18 16:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-12 19:54 . 2010-06-12 19:54 4904 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-06-12 19:54 . 2001-10-25 12:00 84142 ----a-w- c:\windows\system32\perfc005.dat
2010-06-12 19:54 . 2001-10-25 12:00 441156 ----a-w- c:\windows\system32\perfh005.dat
2010-06-11 07:50 . 2010-01-05 17:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-10 14:25 . 2009-07-23 04:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-08 08:33 . 2009-07-23 04:57 -------- d-----w- c:\program files\Hewlett-Packard
2010-06-01 16:36 . 2009-07-26 14:20 -------- d-----w- c:\program files\EurotelSMS
2010-05-31 20:56 . 2009-08-03 18:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-27 10:39 . 2009-08-28 21:04 -------- d-----w- c:\program files\7-Zip
2010-05-26 22:12 . 2009-07-26 10:41 -------- d-----w- c:\program files\Common Files\Java
2010-05-25 14:52 . 2009-07-23 05:25 -------- d-----w- c:\program files\ATI Technologies
2010-05-25 10:36 . 2010-01-28 14:35 -------- d-----w- c:\program files\Formosoft
2010-05-21 12:45 . 2010-01-31 11:41 -------- d-----w- c:\program files\Jalbum
2010-05-21 10:06 . 2010-02-13 13:25 -------- d-----w- c:\program files\Mumble
2010-05-21 10:06 . 2009-09-28 20:27 -------- d-----w- c:\program files\Net Tools
2010-05-20 16:58 . 2009-12-06 10:07 -------- d-----w- c:\program files\SpeedFan
2010-05-19 07:56 . 2009-07-24 12:51 -------- d-----w- c:\program files\The KMPlayer
2010-05-16 07:13 . 2009-08-02 14:19 -------- d-----w- c:\program files\PSPad editor
2010-05-16 07:12 . 2010-05-12 09:44 -------- d-----w- c:\program files\Ask.com
2010-05-15 13:01 . 2009-12-10 21:27 -------- d-----w- c:\program files\Foxit Software
2010-05-15 11:19 . 2009-11-30 11:16 -------- d-----w- c:\program files\Inkscape
2010-05-14 16:27 . 2009-07-24 12:30 -------- d-----w- c:\program files\Opera
2010-05-14 14:29 . 2010-05-14 14:29 -------- d-----w- c:\program files\NutsAboutNets
2010-05-13 13:29 . 2009-07-24 13:06 -------- d-----w- c:\program files\TC UP
2010-05-13 07:44 . 2009-11-12 21:55 72336 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-12 13:45 . 2010-05-12 13:37 -------- d-----w- c:\program files\Moje slovíčka
2010-05-12 13:36 . 2010-05-12 13:13 -------- d-----w- c:\program files\T-Lexicon
2010-05-12 12:51 . 2010-05-12 12:51 -------- d-----w- c:\program files\Common Files\Borland Shared
2010-05-12 12:50 . 2010-05-12 12:50 -------- d-----w- c:\program files\LangExpert
2010-05-10 15:51 . 2010-02-24 20:44 -------- d-----w- c:\program files\LanTopolog
2010-05-10 14:34 . 2009-12-04 23:28 -------- d-----w- c:\program files\DreamCom
2010-05-06 10:35 . 2004-08-17 12:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-17 12:44 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 12:32 . 2009-07-23 07:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-20 05:32 . 2004-08-17 12:48 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 12:19 . 2010-04-19 12:19 299008 ----a-w- c:\windows\system32\miccyhook.dll
2010-04-06 15:52 . 2010-04-06 15:52 8 ----a-w- C:\DFIMB.DAT
2010-03-29 11:07 . 2010-03-29 11:07 2950 ----a-w- c:\windows\system32\unins000.dat
2010-03-29 11:07 . 2010-03-29 11:07 716153 ----a-w- c:\windows\system32\unins000.exe
2010-03-21 20:36 . 2010-03-21 20:36 29480 ----a-w- c:\windows\system32\msxml3a.dll
2008-03-09 05:25 . 2010-03-29 11:07 236 ----a-w- c:\program files\Common Files\dx.reg
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-05-26 2346192]
"Google Update"="c:\documents and settings\Robotka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-11-02 135664]
"SystemExplorerAutoStart"="d:\liberkey\Apps\SystemExplorer\App\SystemExplorer\SystemExplorer.exe" [2010-06-08 2211328]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-10 26959144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"zCpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-12-11 81920]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-18 177720]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-01-16 1044480]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-05-26 30192]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"\\192.168.100.254\EPSON Stylus DX5000 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-02-14 131072]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-03-10 506936]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-12-16 962128]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-10 165144]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-27 298536]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-02-11 355896]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-01-28 24848]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2008-10-08 147456]
"ASuite"="d:\liberkey\Apps\Asuite\LKrun.exe" [2010-05-10 1392640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Robotka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - miranda32.lnk - d:\programy\ymp-dark-.nejnovejsi 3.8.2009-1\Miranda IM\miranda32.exe [2009-8-3 691296]

c:\documents and settings\Robotka\Nabˇdka Start\Programy\Po spuçtŘnˇ\SystemExplorerDisabled
Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2010-1-18 1105920]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2010-1-18 1105920]
Z stupce - SNXUACP.lnk - c:\program files\Sound Station\SNXUACP.exe [2009-9-17 643072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-11-27 15:41 109568 ----a-w- c:\windows\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-11-27 15:40 286720 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2008-08-06 13:23 69632 ----a-w- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2009-01-28 02:15 186640 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programy\\Miranda IM\\miranda32.exe"=
"d:\\Programy\\nova verze Mirnady 8.6.2009\\ymp-dark\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Hry\\Burnt out paradise\\BurnoutLauncher.exe"=
"d:\\Hry\\Burnt out paradise\\BurnoutConfigTool.exe"=
"d:\\Hry\\Burnt out paradise\\BurnoutParadise.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\\Program Files\\TC UP\\TOTALCMD.EXE"=
"d:\\Hry\\CS Source\\hl2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Hry\\TmNationsForever\\TmForever.exe"=
"d:\\Hry\\TmNationsForever\\TmForeverLauncher.exe"=
"c:\\Documents and Settings\\Robotka\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Robotka\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Documents and Settings\\Robotka\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"d:\\Programy\\ymp-dark-.nejnovejsi 3.8.2009-1\\Miranda IM\\miranda32.exe"=
"d:\\Programy\\teamviewer_5-0-7687_portable\\App\\teamviewer\\TeamViewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Dude\\dude.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Hry\\cs 1.6\\hl.exe"=
"d:\\Hry\\cs 1.6\\hlds.exe"=
"d:\\LiberKey\\Apps\\Networkstuff\\App\\NetworkStuff\\Network Stuff.exe"=
"d:\\LiberKey\\Apps\\TeamViewer\\App\\TeamViewer\\TeamViewer.exe"=
"d:\\LiberKey\\Apps\\uTorrent\\App\\uTorrent\\utorrent.exe"=
"d:\\LiberKey\\Apps\\VLC\\App\\vlc\\vlc.exe"=
"d:\\LiberKey\\Apps\\Opera\\App\\Opera\\opera.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [1.10.2008 15:01 109216]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [1.10.2008 15:02 51408]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [1.10.2008 15:02 12960]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.3.2008 11:14 24064]
R1 19445923-6d81-4778-ad9a-a972b464971f;19445923-6d81-4778-ad9a-a972b464971f;c:\windows\iprot\19445923-6d81-4778-ad9a-a972b464971f\PhysMem.sys [2.8.2009 21:34 3584]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32-2\HWiNFO32.SYS [28.9.2009 17:17 19064]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [1.10.2008 15:02 12528]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [22.12.2009 1:08 814344]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [27.11.2007 17:42 185896]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Bioscrypt [17.8.2004 14:49 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Bioscrypt [17.8.2004 14:49 14336]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [3.10.2008 13:33 1185016]
R2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [10.3.2009 7:47 447848]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [11.2.2009 23:01 45056]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [1.10.2008 15:01 256544]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [20.9.2009 17:07 77824]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [15.9.2009 11:20 188736]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [29.1.2010 18:53 2208]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17.11.2009 11:34 1021256]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [23.7.2009 7:14 222512]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 8:24 10064]
R3 uafilter;uafilter;c:\windows\system32\drivers\UAFilter.sys [17.9.2009 15:10 9874]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [25.1.2007 17:45 6784]
R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [23.3.2007 2:00 30032]
S2 GCALDaemon;GCALDaemon;"c:\program files\GCALDaemon\bin\wrapper.exe" -s "c:\program files\GCALDaemon\conf\nt-service.cfg" --> c:\program files\GCALDaemon\bin\wrapper.exe [?]
S2 HamachiService;Hamachi Service;c:\program files\Hamachi\hamachi.exe [27.9.2009 10:01 625952]
S2 Jserver;Jserver SMS service;"c:\documents and settings\Robotka\Plocha\jserver\wrapper.exe" -s "c:\documents and settings\Robotka\Plocha\jserver\service\wrapper.conf" --> c:\documents and settings\Robotka\Plocha\jserver\wrapper.exe [?]
S2 NETTEST_SERVICE;Optimax NetTest Service;"c:\documents and settings\Robotka\Plocha\nettest.exe" /s 2222 --> c:\documents and settings\Robotka\Plocha\nettest.exe [?]
S3 ATP;Comodo EasyVPN Miniport Driver;c:\windows\system32\DRIVERS\cmdatp.sys --> c:\windows\system32\DRIVERS\cmdatp.sys [?]
S3 AVerAF15DMBTH;AVerMedia A850 USB;c:\windows\system32\drivers\AVerAF15DMBTH.sys [24.4.2010 20:57 554368]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [6.8.2008 14:43 32256]
S3 e8SXhP;e8SXhP;d:\liberkey\Apps\Pcwizard\App\PCWizard\Data\pcwizntl.exe -s --> d:\liberkey\Apps\Pcwizard\App\PCWizard\Data\pcwizntl.exe -s [?]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [6.8.2008 15:24 349432]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [23.7.2009 21:10 30192]
S3 itchfltr;iTouch Keyboard Filter;c:\windows\system32\drivers\itchfltr.sys [17.9.2009 17:19 12953]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANMp50.sys --> c:\windows\system32\Drivers\NANMp50.sys [?]
S3 SliceDisk5;SliceDisk5;d:\liberkey\Apps\PartitionFindandMount\App\PartitionFindandMount\slicedisk.sys [15.5.2010 13:32 10240]
S3 ULvEwE;ULvEwE;d:\liberkey\Apps\Pcwizard\App\PCWizard\Data\pcwizntl.exe -s --> d:\liberkey\Apps\Pcwizard\App\PCWizard\Data\pcwizntl.exe -s [?]
S3 UnlockerDriver4;UnlockerDriver4 Driver;c:\program files\Unlocker\UnlockerDriver4.sys [24.4.2005 11:08 3584]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [30.3.2010 6:22 11520]
S3 YB3LI3;YB3LI3;d:\liberkey\Apps\Pcwizard\App\PCWizard\Data\pcwizntl.exe -s --> d:\liberkey\Apps\Pcwizard\App\PCWizard\Data\pcwizntl.exe -s [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.7.2009 17:22 715248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Bioscrypt REG_MULTI_SZ ASBroker ASChannel

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 11:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-06-15 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-11-17 09:40]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ask.com?o=15187&l=dis
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-15 21:53
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
zCpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Xanthic\{290A6A8A-0F70-FC9A-A343-BE3AB91B8116}*_]
"fr"="078F6746405F4A"
"lr"="078F4972585F4B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(320)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\accrypto.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\itmsg.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\windows\system32\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll
c:\windows\system32\DeviceNP.dll
c:\windows\system32\SSREGLIB.dll
c:\windows\system32\HPPTLog.dll

- - - - - - - > 'explorer.exe'(3232)
c:\windows\system32\APSHook.dll
c:\advanc~1\wh_hook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files\DisplayLink Core Software\DisplayLinkManager.exe
c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\documents and settings\Robotka\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
d:\liberkey\LiberKeyTools\LKAppsVCheck\LKAppsVCheck.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-06-15 22:01:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-15 20:01
ComboFix2.txt 2010-01-07 21:26
ComboFix3.txt 2010-01-07 18:53

Před spuštěním: Volných bajtů: 35 646 578 688
Po spuštění: Volných bajtů: 35 603 615 744

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=PHPQED /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=PHPQED-BAK

- - End Of File - - 33FC59BBBEBF6882ADEAD2F804109C50

[vyosek]

Pokud nemate, tak presunte Combofix na plochu
Spusste poznamkovy blok

• Start-spustit-notepad
• Zkopirujte skript nize

• Kód: Vybrat vše

  DDS::
  uStart Page = hxxp://www.ask.com?o=15187&l=dis
  
  REGLOCK::
  HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Xanthic\{290A6A8A-0F70-FC9A-A343-BE3AB91B8116}*_]
  
  RegNull::
  [HKEY_LOCAL_MACHINE\software\Xanthic\{290A6A8A-0F70-FC9A-A343-BE3AB91B8116}*_]
  

• Ulozte vytvoreny TXT jako CFScript.txt

Pretahnete vytvoreny CFScript.txt nad Combofix a pustte

Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[William_CZ]

Opět provedeno a zde je log:


ComboFix 10-06-15.02 - Robotka 15.06.2010 22:53:26.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3036.1687 [GMT 2:00]
Spuštěný z: c:\documents and settings\Robotka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Robotka\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Robotka\LOCALS~1\Temp\VolumeControlDLL[0].dll
c:\documents and settings\Robotka\Local Settings\temp\VolumeControlDLL[0].dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-15 do 2010-06-15 )))))))))))))))))))))))))))))))
.

2010-06-15 19:42 . 2010-06-15 19:42 390144 ----a-w- c:\windows\system32\CF30741.exe
2010-06-13 09:39 . 2010-06-13 09:39 -------- d-----w- c:\documents and settings\Robotka\Data aplikaci
2010-06-12 19:57 . 2010-06-12 19:57 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-12 13:38 . 2010-06-13 09:22 -------- d-----w- c:\program files\Actual Earth 3D
2010-06-11 10:06 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 12:50 . 2010-06-09 12:51 -------- d-----w- c:\program files\SopCast
2010-06-08 22:04 . 2010-06-08 22:04 -------- d-----w- c:\program files\Object Warehouse
2010-06-06 21:45 . 2010-06-06 21:49 -------- d-----w- c:\program files\Sandboxie
2010-05-31 20:56 . 2010-06-01 16:54 -------- d-----w- c:\program files\Common Files\Real
2010-05-31 08:44 . 2010-05-31 08:44 286720 ------w- c:\windows\Setup1.exe
2010-05-31 08:44 . 2010-05-31 08:44 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-05-30 12:51 . 2010-05-30 12:51 -------- d-----w- c:\windows\Downloaded Installations
2010-05-30 12:32 . 2010-05-30 12:38 -------- d-----w- c:\program files\GoQ - NetRadio
2010-05-29 11:12 . 2010-05-29 11:12 -------- d-----w- c:\program files\Common Files\Skype
2010-05-29 11:12 . 2010-05-29 11:12 -------- d-----r- c:\program files\Skype
2010-05-29 10:57 . 2010-05-29 10:57 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-05-27 10:46 . 2010-05-27 10:46 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-25 14:51 . 2010-05-25 14:51 -------- d-----w- c:\program files\ATI
2010-05-24 21:06 . 2010-05-24 21:06 -------- d-----w- c:\program files\Haali
2010-05-24 21:05 . 2010-05-24 21:05 -------- d-----w- c:\program files\CoreCodec
2010-05-23 23:03 . 2010-05-28 14:49 -------- d-----w- C:\CrystalMark000B4B4B
2010-05-23 16:54 . 2010-05-23 17:37 -------- d-----w- c:\program files\VideoLAN
2010-05-23 16:49 . 2010-05-23 16:49 -------- d-----w- c:\program files\Readon Technology
2010-05-22 15:31 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-05-22 15:31 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-05-22 15:31 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-05-22 15:31 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-05-20 17:55 . 2010-05-20 18:22 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 21:01 . 2009-07-23 14:48 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-06-15 17:41 . 2010-01-06 20:08 -------- d-----w- c:\program files\trend micro
2010-06-14 09:49 . 2010-03-31 07:02 -------- d-----w- c:\program files\ABBYY FineReader 10
2010-06-13 10:29 . 2009-10-06 13:47 -------- d-----w- c:\program files\EarthView
2010-06-13 08:42 . 2010-03-06 10:13 -------- d-----w- c:\program files\JDownloader
2010-06-12 19:56 . 2010-02-18 16:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-12 19:54 . 2010-06-12 19:54 4904 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-06-12 19:54 . 2001-10-25 12:00 84142 ----a-w- c:\windows\system32\perfc005.dat
2010-06-12 19:54 . 2001-10-25 12:00 441156 ----a-w- c:\windows\system32\perfh005.dat
2010-06-11 07:50 . 2010-01-05 17:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-10 14:25 . 2009-07-23 04:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-08 08:33 . 2009-07-23 04:57 -------- d-----w- c:\program files\Hewlett-Packard
2010-06-01 16:36 . 2009-07-26 14:20 -------- d-----w- c:\program files\EurotelSMS
2010-05-31 20:56 . 2009-08-03 18:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-27 10:39 . 2009-08-28 21:04 -------- d-----w- c:\program files\7-Zip
2010-05-26 22:12 . 2009-07-26 10:41 -------- d-----w- c:\program files\Common Files\Java
2010-05-25 14:52 . 2009-07-23 05:25 -------- d-----w- c:\program files\ATI Technologies
2010-05-25 10:36 . 2010-01-28 14:35 -------- d-----w- c:\program files\Formosoft
2010-05-21 12:45 . 2010-01-31 11:41 -------- d-----w- c:\program files\Jalbum
2010-05-21 10:06 . 2010-02-13 13:25 -------- d-----w- c:\program files\Mumble
2010-05-21 10:06 . 2009-09-28 20:27 -------- d-----w- c:\program files\Net Tools
2010-05-20 16:58 . 2009-12-06 10:07 -------- d-----w- c:\program files\SpeedFan
2010-05-19 07:56 . 2009-07-24 12:51 -------- d-----w- c:\program files\The KMPlayer
2010-05-16 07:13 . 2009-08-02 14:19 -------- d-----w- c:\program files\PSPad editor
2010-05-16 07:12 . 2010-05-12 09:44 -------- d-----w- c:\program files\Ask.com
2010-05-15 13:01 . 2009-12-10 21:27 -------- d-----w- c:\program files\Foxit Software
2010-05-15 11:19 . 2009-11-30 11:16 -------- d-----w- c:\program files\Inkscape
2010-05-14 16:27 . 2009-07-24 12:30 -------- d-----w- c:\program files\Opera
2010-05-14 14:29 . 2010-05-14 14:29 -------- d-----w- c:\program files\NutsAboutNets
2010-05-13 13:29 . 2009-07-24 13:06 -------- d-----w- c:\program files\TC UP
2010-05-13 07:44 . 2009-11-12 21:55 72336 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-12 13:45 . 2010-05-12 13:37 -------- d-----w- c:\program files\Moje slovíčka
2010-05-12 13:36 . 2010-05-12 13:13 -------- d-----w- c:\program files\T-Lexicon
2010-05-12 12:51 . 2010-05-12 12:51 -------- d-----w- c:\program files\Common Files\Borland Shared
2010-05-12 12:50 . 2010-05-12 12:50 -------- d-----w- c:\program files\LangExpert
2010-05-10 15:51 . 2010-02-24 20:44 -------- d-----w- c:\program files\LanTopolog
2010-05-10 14:34 . 2009-12-04 23:28 -------- d-----w- c:\program files\DreamCom
2010-05-06 10:35 . 2004-08-17 12:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-17 12:44 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 12:32 . 2009-07-23 07:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-20 05:32 . 2004-08-17 12:48 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 12:19 . 2010-04-19 12:19 299008 ----a-w- c:\windows\system32\miccyhook.dll
2010-04-06 15:52 . 2010-04-06 15:52 8 ----a-w- C:\DFIMB.DAT
2010-03-29 11:07 . 2010-03-29 11:07 2950 ----a-w- c:\windows\system32\unins000.dat
2010-03-29 11:07 . 2010-03-29 11:07 716153 ----a-w- c:\windows\system32\unins000.exe
2010-03-21 20:36 . 2010-03-21 20:36 29480 ----a-w- c:\windows\system32\msxml3a.dll
2008-03-09 05:25 . 2010-03-29 11:07 236 ----a-w- c:\program files\Common Files\dx.reg
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-05-26 2346192]
"Google Update"="c:\documents and settings\Robotka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-11-02 135664]
"SystemExplorerAutoStart"="d:\liberkey\Apps\SystemExplorer\App\SystemExplorer\SystemExplorer.exe" [2010-06-08 2211328]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-10 26959144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"zCpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-12-11 81920]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-18 177720]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-01-16 1044480]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-05-26 30192]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"\\192.168.100.254\EPSON Stylus DX5000 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-02-14 131072]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-03-10 506936]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-12-16 962128]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-10 165144]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-27 298536]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-02-11 355896]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-01-28 24848]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2008-10-08 147456]
"ASuite"="d:\liberkey\Apps\Asuite\LKrun.exe" [2010-05-10 1392640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Robotka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - miranda32.lnk - d:\programy\ymp-dark-.nejnovejsi 3.8.2009-1\Miranda IM\miranda32.exe [2009-8-3 691296]

c:\documents and settings\Robotka\Nabˇdka Start\Programy\Po spuçtŘnˇ\SystemExplorerDisabled
Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2010-1-18 1105920]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2010-1-18 1105920]
Z stupce - SNXUACP.lnk - c:\program files\Sound Station\SNXUACP.exe [2009-9-17 643072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-11-27 15:41 109568 ----a-w- c:\windows\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-11-27 15:40 286720 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2008-08-06 13:23 69632 ----a-w- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2009-01-28 02:15 186640 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programy\\Miranda IM\\miranda32.exe"=
"d:\\Programy\\nova verze Mirnady 8.6.2009\\ymp-dark\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Hry\\Burnt out paradise\\BurnoutLauncher.exe"=
"d:\\Hry\\Burnt out paradise\\BurnoutConfigTool.exe"=
"d:\\Hry\\Burnt out paradise\\BurnoutParadise.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\\Program Files\\TC UP\\TOTALCMD.EXE"=
"d:\\Hry\\CS Source\\hl2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Hry\\TmNationsForever\\TmForever.exe"=
"d:\\Hry\\TmNationsForever\\TmForeverLauncher.exe"=
"c:\\Documents and Settings\\Robotka\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Robotka\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Documents and Settings\\Robotka\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"d:\\Programy\\ymp-dark-.nejnovejsi 3.8.2009-1\\Miranda IM\\miranda32.exe"=
"d:\\Programy\\teamviewer_5-0-7687_portable\\App\\teamviewer\\TeamViewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Dude\\dude.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Hry\\cs 1.6\\hl.exe"=
"d:\\Hry\\cs 1.6\\hlds.exe"=
"d:\\LiberKey\\Apps\\Networkstuff\\App\\NetworkStuff\\Network Stuff.exe"=
"d:\\LiberKey\\Apps\\TeamViewer\\App\\TeamViewer\\TeamViewer.exe"=
"d:\\LiberKey\\Apps\\uTorrent\\App\\uTorrent\\utorrent.exe"=
"d:\\LiberKey\\Apps\\VLC\\App\\vlc\\vlc.exe"=
"d:\\LiberKey\\Apps\\Opera\\App\\Opera\\opera.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [1.10.2008 15:01 109216]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [1.10.2008 15:02 51408]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [1.10.2008 15:02 12960]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.3.2008 11:14 24064]
R1 19445923-6d81-4778-ad9a-a972b464971f;19445923-6d81-4778-ad9a-a972b464971f;c:\windows\iprot\19445923-6d81-4778-ad9a-a972b464971f\PhysMem.sys [2.8.2009 21:34 3584]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32-2\HWiNFO32.SYS [28.9.2009 17:17 19064]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [1.10.2008 15:02 12528]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [22.12.2009 1:08 814344]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [27.11.2007 17:42 185896]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Bioscrypt [17.8.2004 14:49 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Bioscrypt [17.8.2004 14:49 14336]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [3.10.2008 13:33 1185016]
R2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [10.3.2009 7:47 447848]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [11.2.2009 23:01 45056]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [1.10.2008 15:01 256544]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [20.9.2009 17:07 77824]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [15.9.2009 11:20 188736]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [29.1.2010 18:53 2208]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17.11.2009 11:34 1021256]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [23.7.2009 7:14 222512]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 8:24 10064]
R3 uafilter;uafilter;c:\windows\system32\drivers\UAFilter.sys [17.9.2009 15:10 9874]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [25.1.2007 17:45 6784]
R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [23.3.2007 2:00 30032]
S2 GCALDaemon;GCALDaemon;"c:\program files\GCALDaemon\bin\wrapper.exe" -s "c:\program files\GCALDaemon\conf\nt-service.cfg" --> c:\program files\GCALDaemon\bin\wrapper.exe [?]
S2 HamachiService;Hamachi Service;c:\program files\Hamachi\hamachi.exe [27.9.2009 10:01 625952]
S2 Jserver;Jserver SMS service;"c:\documents and settings\Robotka\Plocha\jserver\wrapper.exe" -s "c:\documents and settings\Robotka\Plocha\jserver\service\wrapper.conf" --> c:\documents and settings\Robotka\Plocha\jserver\wrapper.exe [?]
S2 NETTEST_SERVICE;Optimax NetTest Service;"c:\documents and settings\Robotka\Plocha\nettest.exe" /s 2222 --> c:\documents and settings\Robotka\Plocha\nettest.exe [?]
S3 ATP;Comodo EasyVPN Miniport Driver;c:\windows\system32\DRIVERS\cmdatp.sys --> c:\windows\system32\DRIVERS\cmdatp.sys [?]
S3 AVerAF15DMBTH;AVerMedia A850 USB;c:\windows\system32\drivers\AVerAF15DMBTH.sys [24.4.2010 20:57 554368]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [6.8.2008 14:43 32256]
S3 e8SXhP;e8SXhP;d:\liberkey\Apps\Pcwizard\App\PCWizard\Data\pcwizntl.exe -s --> d:\liberkey\Apps\Pcwizard\App\PCWizard\Data\pcwizntl.exe -s [?]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [6.8.2008 15:24 349432]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [23.7.2009 21:10 30192]
S3 itchfltr;iTouch Keyboard Filter;c:\windows\system32\drivers\itchfltr.sys [17.9.2009 17:19 12953]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANMp50.sys --> c:\windows\system32\Drivers\NANMp50.sys [?]
S3 SliceDisk5;SliceDisk5;d:\liberkey\Apps\PartitionFindandMount\App\PartitionFindandMount\slicedisk.sys [15.5.2010 13:32 10240]
S3 ULvEwE;ULvEwE;d:\liberkey\Apps\Pcwizard\App\PCWizard\Data\pcwizntl.exe -s --> d:\liberkey\Apps\Pcwizard\App\PCWizard\Data\pcwizntl.exe -s [?]
S3 UnlockerDriver4;UnlockerDriver4 Driver;c:\program files\Unlocker\UnlockerDriver4.sys [24.4.2005 11:08 3584]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [30.3.2010 6:22 11520]
S3 YB3LI3;YB3LI3;d:\liberkey\Apps\Pcwizard\App\PCWizard\Data\pcwizntl.exe -s --> d:\liberkey\Apps\Pcwizard\App\PCWizard\Data\pcwizntl.exe -s [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.7.2009 17:22 715248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Bioscrypt REG_MULTI_SZ ASBroker ASChannel

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 11:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-06-15 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-11-17 09:40]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-15 23:00
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
zCpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(320)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\accrypto.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\itmsg.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\windows\system32\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll
c:\windows\system32\DeviceNP.dll
c:\windows\system32\SSREGLIB.dll
c:\windows\system32\HPPTLog.dll

- - - - - - - > 'explorer.exe'(4540)
c:\windows\system32\APSHook.dll
c:\advanc~1\wh_hook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files\DisplayLink Core Software\DisplayLinkManager.exe
c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\System32\SCardSvr.exe
c:\documents and settings\Robotka\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
d:\liberkey\LiberKeyTools\LKAppsVCheck\LKAppsVCheck.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-06-15 23:06:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-15 21:06
ComboFix2.txt 2010-06-15 20:01
ComboFix3.txt 2010-01-07 21:26
ComboFix4.txt 2010-01-07 18:53

Před spuštěním: Volných bajtů: 35 614 339 072
Po spuštění: Volných bajtů: 35 581 038 592

- - End Of File - - 14BA3D2EC9EC94153C17A78D49D19B3B

[vyosek]

Log vypada OK, jak se chova PC

[William_CZ]

Vypadá to dobře, mě tam zmátly nějaký ty programy co mi naskočily v systému Cho.exe a ještě jeden (nebo tak nějak se menovaly), měli k sobě přidruženej autorun po spuštění systému, kterej se i po blokování opět sám zapínal, zakázal sem jejich spouštění systému a stejně se navzájem spouštěly po pár minutách. Nyní vypadá vše OK.

[vyosek]

Ok, dame se do cisteni

Dejte Start-Spustit (nebo klavesova zkratka Win+R) a napisteComboFix /Uninstall a odenterujte

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

• Stahnete na plochu a spustte
• Pro potvrzeni volby mackejte A a enterujte
• Nektere antiviry muzou ho oznacit jako vir - falesny poplach - vypnete antivir na chvili a stahnete

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni