Asi hezký virus

[zzuzu]

Ahoj,

vždy jste mi tu poradili, tak se na Vás obracím i tentokrát.

Včéra jsem zapnula PC a vyskočila na mě modrá obrazovka s Bad_pool_caller. Tak jsem PC resetla a bylo to ok. Dnes jsem probudila PC z úsporného režimu a ukázala se opět MO tentokráte s problémem u tdi.sys. Opět reset a good.

Udělala jsem scan pomocý Panda.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-07-17 16:18:04
PROTECTIONS: 1
MALWARE: 6
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ESET Smart Security 4.2 4.2 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\zzuzu\cookies\zzuzu@atdmt[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\zzuzu\cookies\zzuzu@com[1].txt
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No c:\system volume information\_restore{4ac9cf39-40bf-4574-904c-6622e8a530b8}\rp148\a0084715.sys
01675833 Trj/SMSlock.C Virus/Trojan No 0 Yes No c:\system volume information\_restore{4ac9cf39-40bf-4574-904c-6622e8a530b8}\rp148\a0084720.exe
06162619 Trj/Banbra.GQU Virus/Trojan No 1 Yes No c:\documents and settings\zzuzu\desktop\avenger.exe
06812040 Trj/Buzus.MM Virus/Trojan No 0 Yes No c:\documents and settings\zzuzu\desktop\pics\image grabber ii.net.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
Yes c:\program files\siemens adsl modem\disk1\stmc1632.dll
Yes c:\system volume information\_restore{4ac9cf39-40bf-4574-904c-6622e8a530b8}\rp154\a0086139.exe[²üç\sobar.exe]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Dále jsem zkusila Combofix. U "mažu soubory" na mě vyskočila opět MO s Bad_Pool_Header 0,00000019 (0x00000020, 0x88E632A0, 0x88E636B8, 0x1A83001A).

Tak jsem přepla do nouzáku a tam se mi povedlo dokončit test. Vtipné je, že Eset jsem v procesech v nouzáku nenašla, takže jsem ho nemohla vypnout. GMER mi šlape také pouze v nouzáku.

Předem děkuji za pomoc.

Zde je Combofix log: http://www.edisk.cz/stahni/70997/ComboF ... .56KB.html

a RSIT
Logfile of random's system information tool 1.08 (written by random/random)
Run by zzuzu at 2010-07-17 17:20:37
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 147 GB (61%) free of 238 GB
Total RAM: 3326 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:20:39, on 17.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\FlashFolder\FlashFolder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ASUS\AASP\1.00.91\aaCenter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft Time Zone\TimeZone.exe
C:\Program Files\VistaSwitcher\vswitch.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
c:\program files\itunes\itunes.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Documents and Settings\zzuzu\Desktop\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\zzuzu\Desktop\RSIT.exe
C:\Program Files\trend micro\zzuzu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.flashvideodownloader.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\ZZUZU\Application Data\Mozilla\Profiles\default\lg3b3v79.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\zzuzu\Application Data\FlashGetBHO\FlashGetBHO3.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Timezone] "C:\Program Files\Microsoft Time Zone\TimeZone.exe"
O4 - HKCU\..\Run: [VistaSwitcher] "C:\Program Files\VistaSwitcher\vswitch.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech . Registrace produktu.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: BDARemote.lnk = C:\Program Files\USB TV\EM28XX\BDARemote.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\zzuzu\Application Data\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\zzuzu\Application Data\FlashGetBHO\GetUrl.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5937139272
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6011788250
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{599C9212-35EA-48C5-819E-2D1FD1178561}: NameServer = 212.158.128.2 212.158.128.3
O18 - Protocol: bw+0 - {D4C8FC0A-4FAA-41A5-80E6-3322DBB421D9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D4C8FC0A-4FAA-41A5-80E6-3322DBB421D9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D4C8FC0A-4FAA-41A5-80E6-3322DBB421D9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FlashFolder - zett42 - C:\Program Files\FlashFolder\FlashFolder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12791 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1123561945-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1123561945-839522115-1003UA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-1123561945-839522115-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-1123561945-839522115-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}]
FlashGetBHO - C:\Documents and Settings\zzuzu\Application Data\FlashGetBHO\FlashGetBHO3.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"AdslTaskBar"=stmctrl.dll,TaskBar []
"V0220Mon.exe"=C:\WINDOWS\V0220Mon.exe [2006-05-16 28672]
"Ai Nap"=C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe [2009-05-25 1431040]
"QFan Help"=C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe [2009-04-30 598528]
"CPU Power Monitor"=C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe [2008-01-09 627200]
"ASUS Energy Saving"=C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe [2009-01-22 1352704]
"Cpu Level Up help"=C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe [2007-11-30 881152]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-06-08 19552872]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]
"TkBellExe"=realsched.exe -osboot []
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-05-18 1311312]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2010-06-09 101888]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-07-02 2202704]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-07-13 47904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-06-07 32768]
"Timezone"=C:\Program Files\Microsoft Time Zone\TimeZone.exe [2005-01-14 712704]
"VistaSwitcher"=C:\Program Files\VistaSwitcher\vswitch.exe [2010-05-11 191440]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-07-02 2347216]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2010-06-09 2920448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
C:\Program Files\AIM\aim.exe [2010-05-21 3824472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-07-13 47904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVFX Engine]
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe [2006-06-09 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [2006-05-31 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FVDSuite]
C:\Program Files\FVD Suite\fvdbox.exe [2010-02-18 43520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\zzuzu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-13 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.2\ICQ.exe [2010-06-08 133368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2008-05-15 54576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2006-07-07 348160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune 3.6.lnk]
C:\PROGRA~1\SEC\MAGICT~1.6\MAGICT~2.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
C:\PROGRA~1\SEC\NATURA~1\NATURA~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^zzuzu^Start Menu^Programs^Startup^Logitech . Registrace produktu.lnk]
C:\PROGRA~1\COMMON~1\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^zzuzu^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-02-16 384512]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BDARemote.lnk - C:\Program Files\USB TV\EM28XX\BDARemote.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

C:\Documents and Settings\zzuzu\Start Menu\Programs\Startup
Logitech . Registrace produktu.lnk - C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2010-05-06 64592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-07-17 17:19:48 ----D---- C:\rsit
2010-07-17 17:19:48 ----D---- C:\Program Files\trend micro
2010-07-17 17:00:33 ----SHD---- C:\RECYCLER
2010-07-17 16:55:59 ----D---- C:\WINDOWS\temp
2010-07-17 16:55:58 ----A---- C:\ComboFix.txt
2010-07-17 16:45:33 ----A---- C:\WINDOWS\zip.exe
2010-07-17 16:45:33 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-17 16:45:33 ----A---- C:\WINDOWS\SWSC.exe
2010-07-17 16:45:33 ----A---- C:\WINDOWS\SWREG.exe
2010-07-17 16:45:33 ----A---- C:\WINDOWS\sed.exe
2010-07-17 16:45:33 ----A---- C:\WINDOWS\PEV.exe
2010-07-17 16:45:33 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-17 16:45:33 ----A---- C:\WINDOWS\MBR.exe
2010-07-17 16:45:33 ----A---- C:\WINDOWS\grep.exe
2010-07-17 16:45:30 ----D---- C:\ComboFix
2010-07-17 12:15:13 ----A---- C:\WINDOWS\system32\drivers\pavboot.sys
2010-07-17 12:15:04 ----D---- C:\Program Files\Panda Security
2010-07-16 12:21:12 ----D---- C:\Program Files\Split Files
2010-07-16 11:23:24 ----A---- C:\WINDOWS\libem.INI
2010-07-16 11:23:20 ----D---- C:\Documents and Settings\zzuzu\Application Data\FlashGet
2010-07-14 19:54:58 ----D---- C:\Program Files\ESET
2010-07-14 19:54:58 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2010-07-14 12:43:31 ----A---- C:\WINDOWS\imsins.BAK
2010-07-14 12:43:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 01:35:50 ----D---- C:\Documents and Settings\All Users\Application Data\ArcSoft
2010-07-14 01:35:46 ----D---- C:\Program Files\Common Files\ArcSoft
2010-07-14 01:35:33 ----A---- C:\WINDOWS\system32\drivers\ULCDRHlp.sys
2010-07-14 01:35:18 ----D---- C:\Program Files\Windows Sidebar
2010-07-13 17:10:47 ----A---- C:\WINDOWS\system32\unins000.exe
2010-07-13 17:10:47 ----A---- C:\WINDOWS\system32\camcodec.dll
2010-07-13 16:01:03 ----D---- C:\Documents and Settings\zzuzu\Application Data\Real
2010-07-13 16:00:27 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2010-07-13 15:57:02 ----A---- C:\WINDOWS\avisplitter.ini
2010-07-13 15:57:00 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-07-13 15:57:00 ----A---- C:\WINDOWS\system32\x264vfw.dll
2010-07-13 15:57:00 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2010-07-13 15:57:00 ----A---- C:\WINDOWS\system32\lameACM.acm.bak
2010-07-13 15:57:00 ----A---- C:\WINDOWS\system32\huffyuv.dll
2010-07-13 15:56:59 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-07-13 15:56:59 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-07-13 15:56:59 ----A---- C:\WINDOWS\system32\vp6vfw.dll
2010-07-13 15:56:57 ----A---- C:\WINDOWS\system32\dpl100.dll
2010-07-13 15:56:49 ----A---- C:\WINDOWS\system32\divx.dll
2010-07-13 15:56:48 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-07-13 15:56:48 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-07-13 15:54:33 ----D---- C:\Documents and Settings\zzuzu\Application Data\Yahoo!
2010-07-13 15:54:16 ----D---- C:\Documents and Settings\zzuzu\Application Data\Media Player Classic
2010-07-13 15:38:36 ----D---- C:\Program Files\Nokia
2010-07-13 15:38:31 ----A---- C:\WINDOWS\system32\drivers\pccsmcfd.sys
2010-07-13 15:37:50 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2010-07-13 15:25:43 ----D---- C:\Documents and Settings\zzuzu\Application Data\ProgSense
2010-07-13 14:57:24 ----D---- C:\Program Files\ProgSense
2010-07-13 14:57:10 ----D---- C:\Program Files\GeoVid
2010-07-13 14:56:13 ----D---- C:\Documents and Settings\zzuzu\Application Data\AnvSoft
2010-07-13 14:56:08 ----D---- C:\Program Files\3GPplayer2010
2010-07-13 14:55:54 ----D---- C:\Program Files\AnvSoft
2010-07-13 14:54:09 ----D---- C:\Program Files\Google
2010-07-13 14:53:54 ----D---- C:\Program Files\Youtube Downloader HD
2010-07-13 14:53:39 ----D---- C:\Program Files\Translate Client
2010-07-13 14:53:25 ----D---- C:\Documents and Settings\zzuzu\Application Data\IObit
2010-07-13 14:53:24 ----D---- C:\Program Files\IObit
2010-07-13 14:53:00 ----D---- C:\Documents and Settings\zzuzu\Application Data\FVDToolbar
2010-07-13 14:52:49 ----D---- C:\Program Files\FVD Suite
2010-07-13 12:51:38 ----D---- C:\Program Files\FreeTime
2010-07-11 17:01:04 ----D---- C:\Program Files\Moleskinsoft Clone Remover 3.8
2010-07-11 16:34:54 ----D---- C:\Documents and Settings\zzuzu\Application Data\Similarity
2010-07-11 14:35:55 ----D---- C:\Program Files\Common Files\xing shared
2010-07-11 01:15:28 ----D---- C:\Program Files\DAEMON Tools Lite
2010-07-10 14:45:41 ----D---- C:\Documents and Settings\All Users\Application Data\RegCure
2010-07-10 12:08:13 ----D---- C:\Avenger
2010-07-10 12:08:13 ----A---- C:\avenger.txt
2010-07-09 22:46:19 ----D---- C:\Documents and Settings\zzuzu\Application Data\Malwarebytes
2010-07-09 22:46:14 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-09 22:46:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-09 22:46:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-09 22:46:12 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-09 22:10:11 ----D---- C:\WINDOWS\ERDNT
2010-07-09 22:08:28 ----D---- C:\Qoobox
2010-07-04 22:16:57 ----D---- C:\Documents and Settings\zzuzu\Application Data\Xentient
2010-07-04 22:14:49 ----D---- C:\Program Files\FlashFolder
2010-07-04 22:11:46 ----D---- C:\Program Files\Xentient
2010-07-04 22:11:38 ----D---- C:\Program Files\InfoTag Magic 1.0
2010-07-04 21:33:16 ----HD---- C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-07-04 21:32:39 ----D---- C:\Program Files\DOSBox-0.72
2010-07-04 21:31:55 ----D---- C:\Program Files\VistaSwitcher
2010-07-04 21:31:55 ----D---- C:\Program Files\ioIsland
2010-07-04 00:25:18 ----D---- C:\Documents and Settings\All Users\Application Data\Last.fm
2010-07-04 00:24:35 ----D---- C:\Program Files\Last.fm
2010-07-02 22:53:57 ----D---- C:\Documents and Settings\zzuzu\Application Data\com.adobe.kuler.Desktop.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-02 22:53:45 ----D---- C:\Documents and Settings\zzuzu\Application Data\com.levitation.ColorBrowser.E8C85B0D1658562C6BF4EE77663EB3C86B87123C.1
2010-07-02 22:53:42 ----D---- C:\Program Files\colorbrowser
2010-07-02 22:53:35 ----D---- C:\Documents and Settings\zzuzu\Application Data\jp.playwell.Saezuri.58F200D7EEA7AA1DF3962E867638EFEED92471BE.1
2010-07-02 22:52:20 ----D---- C:\Documents and Settings\zzuzu\Application Data\iPhone.F4B6EDD4861104DF103CA831FC6755522BBBD9C1.1
2010-07-02 22:51:05 ----D---- C:\Documents and Settings\zzuzu\Application Data\com.AccuWeather.air.stratus.6AF67E59E785A9A644FCA43BED05A7731922EF40.1
2010-07-02 22:24:58 ----D---- C:\Documents and Settings\zzuzu\Application Data\jp.clockmaker.IconGeneratorPro
2010-07-02 21:26:51 ----D---- C:\Documents and Settings\zzuzu\Application Data\VideoMobile.99B084A7F5209066C71E0DB67A343FF6B8A0C954.1
2010-07-02 17:46:23 ----D---- C:\Documents and Settings\zzuzu\Application Data\Nvu
2010-07-02 11:01:16 ----D---- C:\Documents and Settings\zzuzu\Application Data\DVDVideoSoftIEHelpers
2010-07-02 10:58:10 ----DC---- C:\Documents and Settings\All Users\Application Data\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2010-07-01 23:53:48 ----D---- C:\Program Files\DOSBox-0.74
2010-07-01 18:21:12 ----D---- C:\Documents and Settings\zzuzu\Application Data\xNeat Clipboard Manager
2010-07-01 18:13:24 ----D---- C:\Program Files\ZSoft
2010-07-01 18:12:59 ----D---- C:\Program Files\iWisoft Free Video Converter
2010-07-01 18:12:00 ----D---- C:\Program Files\The KMPlayer
2010-06-23 16:49:12 ----D---- C:\Program Files\Kino
2010-06-23 16:20:19 ----D---- C:\Program Files\TweetDeck
2010-06-23 16:16:55 ----D---- C:\Program Files\Home Audiometer
2010-06-23 16:15:29 ----D---- C:\Program Files\Notepad++
2010-06-23 16:09:05 ----D---- C:\Program Files\Audacity
2010-06-23 16:08:32 ----D---- C:\Program Files\TeamViewer
2010-06-23 16:06:07 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-06-23 16:06:06 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-06-23 16:05:17 ----D---- C:\Program Files\Winamp Detect
2010-06-23 16:05:03 ----D---- C:\Program Files\Winamp
2010-06-23 14:18:31 ----D---- C:\Program Files\Microsoft.NET
2010-06-23 14:16:55 ----D---- C:\WINDOWS\system32\WindowsPowerShell
2010-06-23 14:16:53 ----D---- C:\WINDOWS\system32\winrm
2010-06-23 14:16:48 ----HDC---- C:\WINDOWS\$968930Uinstall_KB968930$
2010-06-23 14:16:47 ----D---- C:\WINDOWS\$NtUninstallKB968930$
2010-06-22 23:45:14 ----D---- C:\Program Files\DVDVideoSoft
2010-06-22 23:45:14 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-06-22 23:44:46 ----A---- C:\WINDOWS\system32\fmod.dll
2010-06-22 23:44:45 ----A---- C:\WINDOWS\system32\smartsubclass.dll
2010-06-22 23:44:45 ----A---- C:\WINDOWS\system32\dsetup.dll
2010-06-22 23:44:40 ----D---- C:\Program Files\Atmosphere Lite
2010-06-22 21:03:42 ----D---- C:\Program Files\Animated Screen
2010-06-22 21:03:30 ----D---- C:\Program Files\Alleycode
2010-06-22 17:50:32 ----D---- C:\Documents and Settings\zzuzu\Application Data\DivX
2010-06-22 17:50:11 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-06-22 17:50:11 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2010-06-22 17:50:11 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2010-06-22 17:50:11 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2010-06-22 17:50:11 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-06-22 17:50:11 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2010-06-22 17:50:11 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2010-06-22 17:50:11 ----N---- C:\WINDOWS\system32\pxafs.dll
2010-06-22 17:50:11 ----N---- C:\WINDOWS\system32\drivers\cdralw2k.sys
2010-06-22 17:50:11 ----N---- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2010-06-22 17:50:10 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-06-22 17:50:10 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-06-22 17:50:10 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-06-22 17:50:10 ----N---- C:\WINDOWS\system32\px.dll
2010-06-22 17:49:46 ----D---- C:\Program Files\Common Files\DivX Shared
2010-06-22 17:42:09 ----D---- C:\Program Files\DivX
2010-06-22 17:39:37 ----D---- C:\Documents and Settings\All Users\Application Data\DivX
2010-06-22 17:34:26 ----D---- C:\Program Files\iPod
2010-06-22 17:32:12 ----D---- C:\Program Files\QuickTime
2010-06-22 17:30:01 ----D---- C:\Program Files\Bonjour
2010-06-22 16:55:28 ----D---- C:\Program Files\Alex Buturuga
2010-06-22 16:55:28 ----D---- C:\Program Files\7-Zip
2010-06-22 16:10:42 ----A---- C:\WINDOWS\ntbtlog.txt
2010-06-20 16:30:44 ----D---- C:\Documents and Settings\zzuzu\Application Data\mioObjects
2010-06-19 22:44:27 ----D---- C:\Program Files\Microsoft
2010-06-19 22:11:20 ----D---- C:\Documents and Settings\zzuzu\Application Data\XnView
2010-06-19 20:09:36 ----D---- C:\Documents and Settings\zzuzu\Application Data\Mipony

======List of files/folders modified in the last 1 months======

2010-07-17 17:19:58 ----D---- C:\WINDOWS\Prefetch
2010-07-17 17:19:48 ----D---- C:\Program Files
2010-07-17 17:01:48 ----D---- C:\WINDOWS\Registration
2010-07-17 17:01:46 ----D---- C:\WINDOWS
2010-07-17 16:59:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-17 16:55:23 ----SD---- C:\WINDOWS\Tasks
2010-07-17 16:54:50 ----A---- C:\WINDOWS\system.ini
2010-07-17 16:54:46 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-17 16:54:24 ----D---- C:\WINDOWS\system32
2010-07-17 16:52:56 ----D---- C:\WINDOWS\system32\drivers
2010-07-17 16:51:50 ----D---- C:\WINDOWS\AppPatch
2010-07-17 16:51:48 ----D---- C:\Program Files\Common Files
2010-07-17 16:41:30 ----D---- C:\WINDOWS\Minidump
2010-07-17 16:28:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-17 16:25:59 ----D---- C:\downloads
2010-07-17 12:15:04 ----HD---- C:\WINDOWS\inf
2010-07-17 12:14:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-17 01:39:40 ----D---- C:\Documents and Settings\zzuzu\Application Data\FileZilla
2010-07-17 01:21:02 ----D---- C:\Program Files\PSPad editor
2010-07-16 15:52:50 ----SHD---- C:\WINDOWS\Installer
2010-07-16 15:52:50 ----D---- C:\Config.Msi
2010-07-16 12:13:43 ----D---- C:\Documents and Settings\zzuzu\Application Data\Notepad++
2010-07-16 00:45:45 ----D---- C:\Documents and Settings\zzuzu\Application Data\Skype
2010-07-15 17:55:13 ----D---- C:\Documents and Settings\zzuzu\Application Data\skypePM
2010-07-14 20:26:45 ----SH---- C:\boot.ini
2010-07-14 20:26:45 ----A---- C:\WINDOWS\win.ini
2010-07-14 20:22:09 ----D---- C:\Program Files\Windows Desktop Search
2010-07-14 20:19:17 ----D---- C:\WINDOWS\system32\wbem
2010-07-14 20:13:29 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-14 19:58:13 ----D---- C:\Program Files\Yahoo!
2010-07-14 12:45:50 ----D---- C:\Program Files\SpeedFan
2010-07-14 12:43:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-14 12:43:13 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-14 12:41:06 ----D---- C:\WINDOWS\Debug
2010-07-14 01:36:53 ----D---- C:\Documents and Settings\zzuzu\Application Data\ArcSoft
2010-07-14 01:35:19 ----D---- C:\WINDOWS\system32\WinFast
2010-07-14 01:35:05 ----D---- C:\Program Files\WinFast
2010-07-13 17:10:19 ----D---- C:\Program Files\CamStudio
2010-07-13 17:01:18 ----D---- C:\Program Files\Common Files\LogiShrd
2010-07-13 17:00:45 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd
2010-07-13 17:00:44 ----D---- C:\Program Files\Logitech
2010-07-13 16:54:46 ----D---- C:\Program Files\XnView
2010-07-13 15:57:04 ----D---- C:\Program Files\K-Lite Codec Pack
2010-07-13 15:54:41 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2010-07-13 15:38:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-13 15:38:24 ----D---- C:\Program Files\PC Connectivity Solution
2010-07-13 15:35:52 ----D---- C:\Program Files\Mozilla Firefox
2010-07-13 14:53:44 ----RSD---- C:\WINDOWS\Fonts
2010-07-12 22:27:03 ----D---- C:\Documents and Settings\zzuzu\Application Data\Mozilla
2010-07-11 16:59:00 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-11 14:36:10 ----D---- C:\Program Files\Common Files\Real
2010-07-11 14:36:02 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-07-11 14:36:02 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-07-11 14:36:01 ----D---- C:\Program Files\Real
2010-07-11 14:35:37 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-07-11 14:35:37 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-07-11 14:35:37 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-07-10 17:17:38 ----D---- C:\WINDOWS\system32\Adobe
2010-07-10 17:15:14 ----D---- C:\Documents and Settings\zzuzu\Application Data\Adobe
2010-07-10 16:06:12 ----D---- C:\WINDOWS\pss
2010-07-10 14:55:03 ----D---- C:\Program Files\CCleaner
2010-07-08 17:55:53 ----D---- C:\Documents and Settings\zzuzu\Application Data\Opera
2010-07-08 17:36:35 ----D---- C:\Program Files\FileZilla FTP Client
2010-07-05 13:03:29 ----D---- C:\Program Files\PeaZip
2010-07-04 22:51:43 ----D---- C:\Program Files\iTunes
2010-07-04 21:44:22 ----D---- C:\Program Files\Opera
2010-07-04 21:36:45 ----D---- C:\WINDOWS\system32\config
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-02 11:00:40 ----RSD---- C:\WINDOWS\assembly
2010-07-01 22:44:02 ----D---- C:\WINDOWS\Help
2010-06-23 17:11:40 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-23 16:16:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-06-23 16:07:03 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-06-23 16:06:10 ----D---- C:\WINDOWS\system32\DirectX
2010-06-23 16:05:03 ----D---- C:\Documents and Settings\zzuzu\Application Data\Winamp
2010-06-23 14:23:46 ----D---- C:\WINDOWS\security
2010-06-23 14:22:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-23 14:19:04 ----D---- C:\WINDOWS\WinSxS
2010-06-23 14:18:38 ----D---- C:\WINDOWS\system32\en-US
2010-06-22 17:34:23 ----D---- C:\Program Files\Common Files\Apple
2010-06-22 17:02:49 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-22 16:59:53 ----D---- C:\WINDOWS\system32\inetsrv
2010-06-22 16:59:53 ----D---- C:\Inetpub
2010-06-22 16:59:49 ----D---- C:\WINDOWS\addins
2010-06-22 16:59:41 ----D---- C:\WINDOWS\Media
2010-06-22 16:59:37 ----DC---- C:\WINDOWS\$NtUninstallKB970483$
2010-06-22 16:59:37 ----DC---- C:\WINDOWS\$NtUninstallKB953155$
2010-06-22 16:59:31 ----DC---- C:\Documents and Settings\All Users\Application Data\{8B88DB61-156A-4B73-B41B-358CC0CC7BE9}
2010-06-22 16:59:06 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-22 16:55:13 ----D---- C:\WINDOWS\system32\LogFiles
2010-06-22 16:12:16 ----D---- C:\Documents and Settings
2010-06-20 00:55:42 ----D---- C:\Program Files\Common Files\Adobe
2010-06-19 22:33:06 ----D---- C:\WINDOWS\system
2010-06-19 22:32:43 ----D---- C:\Documents and Settings\zzuzu\Application Data\MxBoost

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2009-06-30 164896]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 pavboot;pavboot; C:\WINDOWS\system32\drivers\pavboot.sys [2009-06-30 28552]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-04-27 45648]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-07-02 55256]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-06-28 163584]
R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2005-06-28 30976]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-07-02 140752]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-04-28 134488]
R2 LBeepKE;Logitech Beep Suppression Driver; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2010-03-18 10448]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2009-02-04 170496]
R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2005-06-28 9728]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-04-28 32584]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-06-08 6056040]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2010-03-18 20304]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2010-03-18 63312]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2010-03-18 79568]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2009-07-01 66688]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2009-07-01 13824]
R3 Stmatm;ATM/ADSL miniport; C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 60255]
R3 TaurusUsb;ADSL Modem USB Service; C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-12-23 549421]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 V0220Dev;Live! Cam Video IM; C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-05-24 145472]
R3 V0220Vfx;V0220VFX; C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-03-24 6272]
S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-04 105984]
S3 catchme;catchme; \??\C:\DOCUME~1\zzuzu\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-04 13824]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-07-11 691696]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-15 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-07-02 810144]
R2 FlashFolder;FlashFolder; C:\Program Files\FlashFolder\FlashFolder.exe [2008-03-21 71680]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2009-07-23 387616]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2009-07-23 178720]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\PEV.cfxxe EXEC /i C:\ComboFix\REGT.cfxxe /S C:\ComboFix\CregB.dat []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-07-02 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-05-06 293456]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-09-08 575488]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Dělat sken RSIT cca 1/2hod. po skenu ComboFixem není dobrý nápad, neboť v tom případě RSIT nenajde nic. Log z CF je uložen v C:\combofix.txt. Vložte ho sem.

[zzuzu]

Bohužel se mi ukazuje "Vaše zpráva obsahuje 61381 znaků. Maximální povolený počet znaků je 60000." a jako příloha mi taktéž log nejde přiložit.

Tak jsem to nahrála na edisk: http://www.edisk.cz/stahni/70997/ComboF ... .56KB.html

Tady je výpis z AVPTools

17.7.2010 17:51:25 Task started
17.7.2010 19:19:21 Detected: not-a-virus:AdWare.Win32.Relevant.p C:\System Volume Information\_restore{4AC9CF39-40BF-4574-904C-6622E8A530B8}\RP89\A0039350.exe/data0031
17.7.2010 19:21:38 Detected: not-a-virus:AdWare.Win32.Relevant.q C:\System Volume Information\_restore{4AC9CF39-40BF-4574-904C-6622E8A530B8}\RP89\A0039350.exe/data0032
17.7.2010 19:21:38 Deleted: not-a-virus:AdWare.Win32.Relevant.q C:\System Volume Information\_restore{4AC9CF39-40BF-4574-904C-6622E8A530B8}\RP89\A0039350.exe
17.7.2010 19:33:43 Task completed

[Rudy]

Přesuňte Combofix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\AF15IRTBL.bin

Uložte na plochu jako ComboFix.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.



CF několik položek smazal, tohle zbylo. Po akci s CF ještě vypněte obnovu systému, restartujte PC a obnovu opět zapněte.

[zzuzu]

Hotovo. Ale musela jsem do nouzáku, protože mi to v normálním režimu zase během mazání vyběhlo "bad_pool_header"

ComboFix 10-07-15.05 - zzuzu 17.07.2010 21:55:32.4.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3326.3040 [GMT 2:00]
Spuštěný z: c:\documents and settings\zzuzu\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\zzuzu\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

file zipped: c:\windows\system32\AF15IRTBL.bin
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AF15IRTBL.bin

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-17 do 2010-07-17 )))))))))))))))))))))))))))))))
.

2010-07-17 15:47 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\11996292.sys
2010-07-17 15:47 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\1199629.sys
2010-07-17 15:47 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\11996291.sys
2010-07-17 15:19 . 2010-07-17 15:20 -------- d-----w- c:\program files\trend micro
2010-07-17 15:19 . 2010-07-17 15:20 -------- d-----w- C:\rsit
2010-07-17 10:15 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-17 10:15 . 2010-07-17 10:15 -------- d-----w- c:\program files\Panda Security
2010-07-16 10:21 . 2010-07-16 10:23 -------- d-----w- c:\program files\Split Files
2010-07-16 09:23 . 2010-07-16 09:23 -------- d-----w- c:\documents and settings\zzuzu\Application Data\FlashGet
2010-07-14 17:54 . 2010-07-14 17:54 -------- d-----w- c:\program files\ESET
2010-07-14 17:54 . 2010-07-14 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-07-13 23:37 . 2010-07-13 23:37 -------- d-----w- c:\documents and settings\zzuzu\Local Settings\Application Data\ArcSoft
2010-07-13 23:35 . 2010-07-13 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-07-13 23:35 . 2010-07-13 23:35 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-07-13 23:35 . 2004-12-23 15:27 27392 ----a-w- c:\windows\system32\drivers\ULCDRHlp.sys
2010-07-13 23:35 . 2010-07-13 23:35 -------- d-----w- c:\program files\Windows Sidebar
2010-07-13 15:10 . 2010-07-13 15:10 1068 ----a-w- c:\windows\system32\unins000.dat
2010-07-13 15:10 . 2010-07-13 15:10 695578 ----a-w- c:\windows\system32\unins000.exe
2010-07-13 15:10 . 2008-09-30 17:35 65536 ----a-w- c:\windows\system32\camcodec.dll
2010-07-13 15:01 . 2010-07-13 15:01 53248 ----a-r- c:\documents and settings\zzuzu\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-07-13 13:57 . 2010-06-25 15:19 2995200 ----a-w- c:\windows\system32\x264vfw.dll
2010-07-13 13:57 . 2006-04-02 12:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2010-07-13 13:57 . 2004-05-18 18:16 39936 ----a-w- c:\windows\system32\huffyuv.dll
2010-07-13 13:57 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-07-13 13:57 . 1997-04-07 17:19 391680 ----a-w- c:\windows\system32\I263_32.drv
2010-07-13 13:56 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-13 13:56 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-13 13:56 . 2004-12-10 08:03 438272 ----a-w- c:\windows\system32\vp6vfw.dll
2010-07-13 13:56 . 2010-03-10 19:29 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-07-13 13:56 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\divx.dll
2010-07-13 13:56 . 2010-06-28 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-07-13 13:54 . 2010-07-13 13:54 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Yahoo!
2010-07-13 13:54 . 2010-07-13 13:54 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Media Player Classic
2010-07-13 13:38 . 2010-07-13 13:38 -------- d-----w- c:\program files\Nokia
2010-07-13 13:38 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-07-13 13:38 . 2008-09-08 13:11 13099456 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\PCCS_8.22.7.0.exe
2010-07-13 13:38 . 2010-07-13 13:38 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\Installer\CommonCustomActions\UninstCCD.exe
2010-07-13 13:37 . 2010-07-13 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-07-13 13:27 . 2010-07-13 13:30 -------- d-----w- c:\documents and settings\zzuzu\Local Settings\Application Data\Temp
2010-07-13 13:25 . 2010-07-13 13:25 -------- d-----w- c:\documents and settings\zzuzu\Application Data\ProgSense
2010-07-13 13:22 . 2010-07-13 13:22 -------- d-----w- c:\documents and settings\zzuzu\Local Settings\Application Data\FVD Suite
2010-07-13 12:57 . 2010-07-13 12:57 -------- d-----w- c:\program files\ProgSense
2010-07-13 12:57 . 2010-07-13 12:57 -------- d-----w- c:\program files\GeoVid
2010-07-13 12:56 . 2010-07-13 12:56 -------- d-----w- c:\documents and settings\zzuzu\Application Data\AnvSoft
2010-07-13 12:56 . 2010-07-13 12:56 -------- d-----w- c:\program files\3GPplayer2010
2010-07-13 12:55 . 2010-07-13 12:55 -------- d-----w- c:\program files\AnvSoft
2010-07-13 12:54 . 2010-07-13 12:54 -------- d-----w- c:\program files\Google
2010-07-13 12:53 . 2010-07-13 12:53 -------- d-----w- c:\program files\Youtube Downloader HD
2010-07-13 12:53 . 2010-07-14 18:07 -------- d-----w- c:\program files\Translate Client
2010-07-13 12:53 . 2010-07-13 13:16 -------- d-----w- c:\documents and settings\zzuzu\Application Data\IObit
2010-07-13 12:53 . 2010-07-13 12:53 -------- d-----w- c:\program files\IObit
2010-07-13 12:53 . 2010-07-13 12:53 -------- d-----w- c:\documents and settings\zzuzu\Application Data\FVDToolbar
2010-07-13 12:52 . 2010-07-13 12:52 -------- d-----w- c:\program files\FVD Suite
2010-07-13 10:51 . 2010-07-13 10:51 -------- d-----w- c:\program files\FreeTime
2010-07-11 15:01 . 2010-07-11 15:01 -------- d-----w- c:\program files\Moleskinsoft Clone Remover 3.8
2010-07-11 14:34 . 2010-07-11 14:59 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Similarity
2010-07-11 12:35 . 2010-07-11 12:35 -------- d-----w- c:\program files\Common Files\xing shared
2010-07-10 23:15 . 2010-07-11 09:14 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-10 13:19 . 2010-07-10 13:19 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-10 13:19 . 2010-07-10 13:19 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-10 13:19 . 2010-07-10 13:19 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-10 13:19 . 2010-07-10 13:19 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-10 12:45 . 2010-07-10 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-07-09 20:46 . 2010-07-09 20:46 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Malwarebytes
2010-07-09 20:46 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-09 20:46 . 2010-07-09 20:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-09 20:46 . 2010-07-09 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-09 20:46 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 20:51 . 2010-07-04 20:51 92 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
2010-07-04 20:51 . 2010-07-04 20:51 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstITW\unins000.exe
2010-07-04 20:16 . 2010-07-04 20:16 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Xentient
2010-07-04 20:14 . 2010-07-04 20:14 -------- d-----w- c:\program files\FlashFolder
2010-07-04 20:11 . 2010-07-04 20:11 -------- d-----w- c:\program files\Xentient
2010-07-04 20:11 . 2010-07-04 20:11 -------- d-----w- c:\program files\InfoTag Magic 1.0
2010-07-04 19:36 . 2010-07-04 19:36 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-04 19:33 . 2010-07-04 19:33 -------- d--h--w- c:\documents and settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-07-04 19:32 . 2010-07-10 23:09 -------- d-----w- c:\program files\DOSBox-0.72
2010-07-04 19:31 . 2010-07-04 20:53 -------- d-----w- c:\program files\VistaSwitcher
2010-07-04 19:31 . 2010-07-04 19:31 -------- d-----w- c:\program files\ioIsland
2010-07-04 19:17 . 2010-07-04 19:17 -------- d-----w- c:\documents and settings\zzuzu\Local Settings\Application Data\Stardock
2010-07-03 22:25 . 2010-07-03 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm
2010-07-03 22:24 . 2010-07-03 22:24 -------- d-----w- c:\documents and settings\zzuzu\Local Settings\Application Data\Last.fm
2010-07-03 22:24 . 2010-07-04 20:24 -------- d-----w- c:\program files\Last.fm
2010-07-02 20:53 . 2010-07-02 20:53 -------- d-----w- c:\documents and settings\zzuzu\Application Data\com.adobe.kuler.Desktop.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-02 20:53 . 2010-07-02 20:53 -------- d-----w- c:\documents and settings\zzuzu\Application Data\com.levitation.ColorBrowser.E8C85B0D1658562C6BF4EE77663EB3C86B87123C.1
2010-07-02 20:53 . 2010-07-02 20:53 -------- d-----w- c:\program files\colorbrowser
2010-07-02 20:53 . 2010-07-02 20:53 -------- d-----w- c:\documents and settings\zzuzu\Application Data\jp.playwell.Saezuri.58F200D7EEA7AA1DF3962E867638EFEED92471BE.1
2010-07-02 20:52 . 2010-07-02 20:52 -------- d-----w- c:\documents and settings\zzuzu\Application Data\iPhone.F4B6EDD4861104DF103CA831FC6755522BBBD9C1.1
2010-07-02 20:51 . 2010-07-02 20:51 -------- d-----w- c:\documents and settings\zzuzu\Application Data\com.AccuWeather.air.stratus.6AF67E59E785A9A644FCA43BED05A7731922EF40.1
2010-07-02 20:24 . 2010-07-02 20:24 -------- d-----w- c:\documents and settings\zzuzu\Application Data\jp.clockmaker.IconGeneratorPro
2010-07-02 19:26 . 2010-07-02 19:26 -------- d-----w- c:\documents and settings\zzuzu\Application Data\VideoMobile.99B084A7F5209066C71E0DB67A343FF6B8A0C954.1
2010-07-02 15:46 . 2010-07-04 19:32 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Nvu
2010-07-02 09:01 . 2010-07-02 09:01 -------- d-----w- c:\documents and settings\zzuzu\Application Data\DVDVideoSoftIEHelpers
2010-07-02 08:58 . 2010-07-04 19:32 -------- dc----w- c:\documents and settings\All Users\Application Data\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2010-07-01 22:04 . 2010-07-01 22:04 -------- d-----w- c:\documents and settings\zzuzu\Local Settings\Application Data\OLYMPUS
2010-07-01 21:53 . 2010-07-04 19:33 -------- d-----w- c:\program files\DOSBox-0.74
2010-07-01 16:21 . 2010-07-01 16:21 -------- d-----w- c:\documents and settings\zzuzu\Application Data\xNeat Clipboard Manager
2010-07-01 16:13 . 2010-07-01 16:13 -------- d-----w- c:\program files\ZSoft
2010-07-01 16:12 . 2010-07-04 19:34 -------- d-----w- c:\program files\iWisoft Free Video Converter
2010-07-01 16:12 . 2010-07-10 18:05 -------- d-----w- c:\program files\The KMPlayer
2010-06-24 21:29 . 2010-07-04 19:36 -------- d-----w- c:\documents and settings\zzuzu\Local Settings\Application Data\Wikipedia
2010-06-24 21:25 . 2010-07-04 19:36 -------- d-----w- c:\documents and settings\zzuzu\Local Settings\Application Data\Google Translator (2)
2010-06-23 14:49 . 2010-06-23 14:49 -------- d-----w- c:\program files\Kino
2010-06-23 14:20 . 2010-06-23 14:20 -------- d-----w- c:\program files\TweetDeck
2010-06-23 14:16 . 2010-06-23 14:16 -------- d-----w- c:\program files\Home Audiometer
2010-06-23 14:15 . 2010-07-13 13:36 -------- d-----w- c:\program files\Notepad++
2010-06-23 14:09 . 2010-07-02 09:58 -------- d-----w- c:\program files\Audacity
2010-06-23 14:08 . 2010-06-23 14:08 -------- d-----w- c:\program files\TeamViewer
2010-06-23 14:06 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-06-23 14:06 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-06-23 14:05 . 2010-07-13 14:55 -------- d-----w- c:\program files\Winamp Detect
2010-06-23 14:05 . 2010-07-13 14:56 -------- d-----w- c:\program files\Winamp
2010-06-23 12:18 . 2010-06-23 12:18 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 12:16 . 2010-06-23 12:16 -------- d-----w- c:\windows\system32\winrm
2010-06-23 12:16 . 2010-06-23 12:17 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-06-22 21:45 . 2010-07-04 19:32 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-22 21:45 . 2010-07-02 09:00 -------- d-----w- c:\program files\DVDVideoSoft
2010-06-22 21:44 . 2005-12-28 14:44 162816 ----a-w- c:\windows\system32\fmod.dll
2010-06-22 21:44 . 2005-11-11 16:42 40208 ----a-w- c:\windows\system32\dsetup.dll
2010-06-22 21:44 . 2001-04-27 13:11 24576 ----a-w- c:\windows\system32\smartsubclass.dll
2010-06-22 21:44 . 2010-06-22 21:44 -------- d-----w- c:\program files\Atmosphere Lite
2010-06-22 19:03 . 2010-06-22 19:04 -------- d-----w- c:\program files\Animated Screen
2010-06-22 19:03 . 2010-06-22 19:03 -------- d-----w- c:\program files\Alleycode
2010-06-22 15:51 . 2010-07-10 13:21 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-22 15:49 . 2010-06-22 15:49 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 18:52 . 2010-06-08 12:11 -------- d-----w- c:\documents and settings\zzuzu\Application Data\FileZilla
2010-07-16 23:21 . 2010-06-07 22:38 -------- d-----w- c:\program files\PSPad editor
2010-07-16 10:13 . 2010-06-17 18:59 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Notepad++
2010-07-15 22:45 . 2010-06-08 09:43 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Skype
2010-07-15 15:55 . 2010-06-08 12:27 -------- d-----w- c:\documents and settings\zzuzu\Application Data\skypePM
2010-07-14 18:22 . 2010-06-08 18:21 -------- d-----w- c:\program files\Windows Desktop Search
2010-07-14 18:13 . 2010-06-07 19:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-14 17:58 . 2010-06-07 22:43 -------- d-----w- c:\program files\Yahoo!
2010-07-14 16:05 . 2010-06-12 20:41 1 ----a-w- c:\documents and settings\zzuzu\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-14 10:45 . 2010-06-07 22:42 -------- d-----w- c:\program files\SpeedFan
2010-07-13 23:36 . 2010-06-08 12:11 -------- d-----w- c:\documents and settings\zzuzu\Application Data\ArcSoft
2010-07-13 23:35 . 2010-06-07 20:02 -------- d-----w- c:\program files\WinFast
2010-07-13 15:10 . 2010-06-07 22:47 -------- d-----w- c:\program files\CamStudio
2010-07-13 15:01 . 2010-06-15 21:14 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-13 15:00 . 2010-06-15 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-07-13 15:00 . 2010-06-07 19:27 -------- d-----w- c:\program files\Logitech
2010-07-13 14:54 . 2010-06-07 22:42 -------- d-----w- c:\program files\XnView
2010-07-13 13:57 . 2010-06-07 22:52 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-13 13:54 . 2010-06-07 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-13 13:38 . 2010-06-07 19:56 -------- d-----w- c:\program files\PC Connectivity Solution
2010-07-13 13:00 . 2010-06-07 19:15 66488 ----a-w- c:\documents and settings\zzuzu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-11 12:36 . 2010-06-07 22:46 -------- d-----w- c:\program files\Common Files\Real
2010-07-11 12:36 . 2010-06-07 22:46 -------- d-----w- c:\program files\Real
2010-07-11 12:35 . 2010-06-07 19:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-11 12:35 . 2010-06-07 19:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-10 23:15 . 2010-06-07 22:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-10 13:03 . 2010-06-22 15:50 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-10 13:03 . 2010-06-22 15:50 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-10 12:55 . 2010-06-07 22:41 -------- d-----w- c:\program files\CCleaner
2010-07-08 15:36 . 2010-06-07 22:42 -------- d-----w- c:\program files\FileZilla FTP Client
2010-07-05 11:03 . 2010-06-11 11:16 -------- d-----w- c:\program files\PeaZip
2010-07-04 20:51 . 2010-06-07 23:00 -------- d-----w- c:\program files\iTunes
2010-07-04 19:44 . 2010-06-07 20:35 -------- d-----w- c:\program files\Opera
2010-07-04 19:38 . 2010-06-15 13:08 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-02 10:43 . 2010-04-07 19:08 55256 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2010-07-02 10:43 . 2010-04-07 19:03 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-06-23 14:07 . 2010-06-17 18:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-23 14:05 . 2010-06-17 19:06 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Winamp
2010-06-22 15:50 . 2010-06-22 15:50 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-22 15:50 . 2010-06-22 15:50 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-22 15:50 . 2010-06-22 15:50 -------- d-----w- c:\documents and settings\zzuzu\Application Data\DivX
2010-06-22 15:50 . 2010-06-22 15:50 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-22 15:50 . 2010-06-22 15:50 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-22 15:50 . 2010-06-22 15:50 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-22 15:50 . 2010-06-22 15:50 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-22 15:50 . 2010-06-22 15:50 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-22 15:50 . 2010-06-22 15:50 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-22 15:50 . 2010-06-22 15:50 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-22 15:34 . 2010-06-07 22:50 -------- d-----w- c:\program files\Common Files\Apple
2010-06-22 14:59 . 2010-06-17 18:56 -------- dc----w- c:\documents and settings\All Users\Application Data\{8B88DB61-156A-4B73-B41B-358CC0CC7BE9}
2010-06-22 14:55 . 2010-06-20 14:30 -------- d-----w- c:\documents and settings\zzuzu\Application Data\mioObjects
2010-06-22 14:55 . 2010-06-22 14:55 -------- d-----w- c:\program files\Alex Buturuga
2010-06-22 14:12 . 2010-06-22 14:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Stardock
2010-06-19 22:55 . 2010-06-07 19:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-17 19:43 . 2010-06-17 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickMediaConverter
2010-06-17 19:43 . 2010-06-17 19:43 -------- d-----w- c:\documents and settings\zzuzu\Application Data\CocoonSoftware
2010-06-17 18:56 . 2010-06-17 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardock
2010-06-17 18:56 . 2010-06-10 22:52 -------- d-----w- c:\program files\Stardock
2010-06-15 21:43 . 2010-06-15 21:43 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Leadertech
2010-06-15 21:14 . 2010-06-15 21:14 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Logishrd
2010-06-15 21:14 . 2010-06-07 20:04 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Logitech
2010-06-15 18:01 . 2010-06-15 18:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-15 17:55 . 2010-06-07 19:27 -------- d-----w- c:\program files\ATI Technologies
2010-06-15 17:51 . 2010-06-07 20:04 -------- d-----w- c:\documents and settings\zzuzu\Application Data\ATI
2010-06-15 17:36 . 2010-06-07 23:02 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Apple Computer
2010-06-15 12:37 . 2010-06-14 21:52 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-15 12:36 . 2010-06-15 12:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2010-06-15 12:36 . 2010-06-15 12:36 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-06-15 12:36 . 2010-06-15 12:36 -------- d-----w- c:\documents and settings\zzuzu\Application Data\InstallShield
2010-06-15 12:22 . 2010-06-14 10:24 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Rainmeter
2010-06-14 20:57 . 2010-06-14 20:57 9158 ----a-r- c:\documents and settings\zzuzu\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2010-06-14 20:57 . 2010-06-14 20:57 -------- d-----w- c:\program files\USB TV
2010-06-14 20:00 . 2010-06-14 20:00 0 ----a-w- c:\windows\ativpsrm.bin
2010-06-14 14:31 . 2010-06-07 18:44 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 20:55 . 2010-06-13 20:55 65112 ----a-w- c:\windows\BricoPackUninst.cmd
2010-06-13 20:55 . 2010-06-13 20:53 6114 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-06-13 20:55 . 2006-03-15 12:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2010-06-12 20:41 . 2010-06-12 20:41 -------- d-----w- c:\documents and settings\zzuzu\Application Data\OpenOffice.org
2010-06-11 22:18 . 2010-06-11 22:18 -------- d-----w- c:\documents and settings\zzuzu\Application Data\AMPSoft
2010-06-11 19:52 . 2010-06-11 19:46 -------- d-----w- c:\program files\ReNamer
2010-06-11 14:41 . 2010-06-11 14:41 -------- d-----w- c:\program files\AMP Font Viewer
2010-06-11 14:03 . 2010-06-08 09:43 -------- d-----w- c:\program files\Safari
2010-06-11 13:59 . 2010-06-11 13:59 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-11 12:22 . 2010-06-11 12:20 -------- d-----w- c:\documents and settings\zzuzu\Application Data\PeaZip
2010-06-11 11:48 . 2010-06-11 11:48 -------- d-----w- c:\program files\OpenOffice.org 3
2010-06-11 11:24 . 2010-06-11 11:24 -------- d-----w- c:\documents and settings\zzuzu\Application Data\KC Softwares
2010-06-11 11:24 . 2010-06-11 11:24 -------- d-----w- c:\program files\KC Softwares
2010-06-11 11:21 . 2010-06-08 09:42 -------- d-----r- c:\program files\Skype
2010-06-10 22:52 . 2010-06-10 22:52 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Stardock
2010-06-10 22:50 . 2010-06-10 22:50 -------- d-----w- c:\program files\Unknown Device Identifier
2010-06-10 22:26 . 2010-06-10 22:26 -------- d-----w- c:\program files\Windows Media Bonus Pack for Windows XP
2010-06-10 22:10 . 2010-06-10 22:10 23558 ----a-r- c:\documents and settings\zzuzu\Application Data\Microsoft\Installer\{A908E57D-71A3-4AE1-9A76-C239521BBED9}\_294823.exe
2010-06-10 22:10 . 2010-06-10 22:10 23558 ----a-r- c:\documents and settings\zzuzu\Application Data\Microsoft\Installer\{A908E57D-71A3-4AE1-9A76-C239521BBED9}\_18be6784.exe
2010-06-10 22:10 . 2010-06-10 22:10 -------- d-----w- c:\program files\Microsoft Kalkulačka+
2010-06-10 22:10 . 2010-06-10 22:10 -------- d-----w- c:\program files\Microsoft Time Zone
2010-06-08 22:40 . 2010-06-08 22:40 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Windows Search
2010-06-08 22:35 . 2010-06-08 22:35 503808 ----a-w- c:\documents and settings\zzuzu\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-799ac91b-n\msvcp71.dll
2010-06-08 22:35 . 2010-06-08 22:35 499712 ----a-w- c:\documents and settings\zzuzu\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-799ac91b-n\jmc.dll
2010-06-08 22:35 . 2010-06-08 22:35 348160 ----a-w- c:\documents and settings\zzuzu\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-799ac91b-n\msvcr71.dll
2010-06-08 22:35 . 2010-06-08 22:35 -------- d-----w- c:\program files\Common Files\Java
.

------- Sigcheck -------

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[-] 2010-05-06 . 2FFDB270D0BC419421F3B3B2F7165790 . 6224896 . . [8.00.6001.18928] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2010-05-06 . 2FFDB270D0BC419421F3B3B2F7165790 . 6224896 . . [8.00.6001.18928] . . c:\windows\system32\mshtml.dll
[7] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[7] 2009-12-22 . 5747867041C33E26DA5CC893C9532DB8 . 3071488 . . [6.00.2900.3660] . . c:\windows\ie8\mshtml.dll
[7] 2009-12-22 . A758F0891A87EE005848A0BC740A5B96 . 3071488 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\mshtml.dll
[7] 2009-12-22 . AD17006339C1934D86449F335C241FF1 . 3073536 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
[7] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[7] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2006-03-15 . FD99AD515CBCA109A3D0832F3482DDA1 . 3049472 . . [6.00.2900.2853] . . c:\windows\$NtUninstallKB911164$\mshtml.dll
[-] 2006-02-20 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll
[-] 2006-02-20 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\$NtUninstallKB978207$\mshtml.dll

[-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2006-03-15 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-06-07 32768]
"Timezone"="c:\program files\Microsoft Time Zone\TimeZone.exe" [2005-01-14 712704]
"VistaSwitcher"="c:\program files\VistaSwitcher\vswitch.exe" [2010-05-11 191440]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-07-02 2347216]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-06-09 2920448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AdslTaskBar"="stmctrl.dll" [2003-12-03 155648]
"V0220Mon.exe"="c:\windows\V0220Mon.exe" [2006-05-16 28672]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2009-05-25 1431040]
"QFan Help"="c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2009-04-30 598528]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"ASUS Energy Saving"="c:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe" [2009-01-22 1352704]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"RTHDCPL"="RTHDCPL.EXE" [2010-06-08 19552872]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1311312]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2010-06-09 101888]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-07-02 2202704]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\zzuzu\Start Menu\Programs\Startup\
Logitech . Registrace produktu.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
setup_9.0.0.722_17.07.2010_19-23.lnk - c:\documents and settings\zzuzu\Desktop\Virus Removal Tool\setup_9.0.0.722_17.07.2010_19-23\startup.exe [2010-7-17 72208]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-6-14 81997]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-6-7 450560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune 3.6.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MagicTune 3.6.lnk
backup=c:\windows\pss\MagicTune 3.6.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk
backup=c:\windows\pss\NaturalColorLoad.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^zzuzu^Start Menu^Programs^Startup^Logitech . Registrace produktu.lnk]
path=c:\documents and settings\zzuzu\Start Menu\Programs\Startup\Logitech . Registrace produktu.lnk
backup=c:\windows\pss\Logitech . Registrace produktu.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^zzuzu^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\zzuzu\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-05-21 15:36 3824472 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 13:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-04-02 16:05 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVFX Engine]
2006-06-08 23:11 24576 ------w- c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
2006-05-31 14:00 143360 ------w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FVDSuite]
2010-02-18 19:48 43520 ----a-w- c:\program files\FVD Suite\fvdbox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-13 13:27 136176 ----atw- c:\documents and settings\zzuzu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-06-07 22:50 133368 ----a-w- c:\program files\ICQ7.2\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 08:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2008-05-15 15:25 54576 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 10:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 11:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2006-07-07 15:15 348160 ----a-w- c:\program files\WinFast\WFTVFM\WFWIZ.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 11996292;11996292 Boot Guard Driver;c:\windows\system32\drivers\11996292.sys [17.7.2010 17:47 37392]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [17.7.2010 12:15 28552]
S1 11996291;11996291;c:\windows\system32\drivers\11996291.sys [17.7.2010 17:47 128016]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 21:07 114984]
S1 setup_9.0.0.722_17.07.2010_19-23drv;setup_9.0.0.722_17.07.2010_19-23drv;c:\windows\system32\drivers\1199629.sys [17.7.2010 17:47 315408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2.7.2010 12:43 810144]
S2 FlashFolder;FlashFolder;c:\program files\FlashFolder\FlashFolder.exe [21.3.2008 0:55 71680]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [7.6.2010 21:57 233472]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [15.6.2010 23:42 10448]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.6.2010 0:43 1691480]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [7.6.2010 21:57 36608]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [7.6.2010 21:57 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [7.6.2010 21:57 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [7.6.2010 21:57 121856]
S3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [7.6.2010 20:55 60255]
S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [7.6.2010 20:55 549421]
S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [7.6.2010 21:50 145472]
S3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [7.6.2010 21:50 6272]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [7.6.2010 22:02 9446]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [15.3.2006 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.6.2010 0:44 691696]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - CXTUNE
*NewlyCreated* - LBEEPKE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'

2010-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1123561945-839522115-1003Core.job
- c:\documents and settings\zzuzu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-13 13:27]

2010-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1123561945-839522115-1003UA.job
- c:\documents and settings\zzuzu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-13 13:27]

2010-07-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-1123561945-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-07-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-1123561945-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.flashvideodownloader.org/
mStart Page = about:blank
IE: Download all by FlashGet3 - c:\documents and settings\zzuzu\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\zzuzu\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?? - c:\documents and settings\zzuzu\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\zzuzu\Application Data\FlashGetBHO\GetAllUrl.htm
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: {599C9212-35EA-48C5-819E-2D1FD1178561} = 212.158.128.2 212.158.128.3
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\zzuzu\Application Data\Mozilla\Firefox\Profiles\z8b2ld6q.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.flashvideodownloader.org/
FF - component: c:\program files\FVD Suite\addons\Firefox\components\fvd_connector.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-17 22:03
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1801674531-1123561945-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="c:\\Documents and Settings\\zzuzu\\Application Data\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-1801674531-1123561945-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\zzuzu\\Application Data\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(220)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Celkový čas: 2010-07-17 22:05:43
ComboFix-quarantined-files.txt 2010-07-17 20:05
ComboFix2.txt 2010-07-17 14:55

Před spuštěním: 153 383 845 888 bytes free
Po spuštění: 153 361 330 176 bytes free

- - End Of File - - CBAD06DFC473A7B4308C26FCCD4DE7FD

[Rudy]

Ještě jednou spusťte CF tímto skriptem:

Collect::
c:\windows\system32\drivers\11996292.sys
c:\windows\system32\drivers\1199629.sys
c:\windows\system32\drivers\11996291.sys

Driver::
11996292
1199629
11996291

[zzuzu]

Opět zdravím. Omlouvám se za pozdní odpověď. Script jsem zkoušela přidat před 2 dny. Zapnula jsem ho v nouzáku a jelikož pak CF restartoval PC, po restartu se opět objevila hláška bad_pool_header, což znamená, že se mi nevytvořil log. Tak jsem tedy počkala 2 dny a opět jsem ho rozjela v nouzáku a zde je log:

ComboFix 10-07-18.05 - zzuzu 19.07.2010 20:26:23.6.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3326.2944 [GMT 2:00]
Spuštěný z: c:\documents and settings\zzuzu\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\zzuzu\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\zzuzu\My Documents\cc_20100718_012342.reg

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_11996291
-------\Legacy_11996292


((((((((((((((((((((((((( Soubory vytvořené od 2010-06-19 do 2010-07-19 )))))))))))))))))))))))))))))))
.

2010-07-18 19:13 . 2010-07-18 19:13 -------- d-----w- c:\program files\MWA Software
2010-07-18 19:06 . 2010-07-18 19:06 -------- d-----w- c:\program files\XML Copy Editor
2010-07-18 18:56 . 2010-07-18 18:56 -------- d-----w- c:\program files\Vim
2010-07-17 23:31 . 2010-07-17 23:31 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Megaupload
2010-07-17 23:30 . 2010-07-17 23:30 -------- d-----w- c:\program files\Megaupload
2010-07-17 23:22 . 2010-07-17 23:22 -------- d-----w- c:\program files\Alleycode
2010-07-17 15:19 . 2010-07-17 15:20 -------- d-----w- c:\program files\trend micro
2010-07-17 15:19 . 2010-07-17 15:20 -------- d-----w- C:\rsit
2010-07-17 10:15 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-17 10:15 . 2010-07-17 10:15 -------- d-----w- c:\program files\Panda Security
2010-07-16 10:21 . 2010-07-16 10:23 -------- d-----w- c:\program files\Split Files
2010-07-16 09:23 . 2010-07-16 09:23 -------- d-----w- c:\documents and settings\zzuzu\Application Data\FlashGet
2010-07-14 17:55 . 2010-07-14 17:55 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ESET
2010-07-14 17:54 . 2010-07-14 17:54 -------- d-----w- c:\program files\ESET
2010-07-14 17:54 . 2010-07-14 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-07-13 23:37 . 2010-07-13 23:37 -------- d-----w- c:\documents and settings\zzuzu\Local Settings\Application Data\ArcSoft
2010-07-13 23:35 . 2010-07-13 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-07-13 23:35 . 2010-07-13 23:35 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-07-13 23:35 . 2004-12-23 15:27 27392 ----a-w- c:\windows\system32\drivers\ULCDRHlp.sys
2010-07-13 23:35 . 2010-07-13 23:35 -------- d-----w- c:\program files\Windows Sidebar
2010-07-13 15:10 . 2010-07-13 15:10 1068 ----a-w- c:\windows\system32\unins000.dat
2010-07-13 15:10 . 2010-07-13 15:10 695578 ----a-w- c:\windows\system32\unins000.exe
2010-07-13 15:10 . 2008-09-30 17:35 65536 ----a-w- c:\windows\system32\camcodec.dll
2010-07-13 15:01 . 2010-07-13 15:01 53248 ----a-r- c:\documents and settings\zzuzu\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-07-13 13:57 . 2010-06-25 15:19 2995200 ----a-w- c:\windows\system32\x264vfw.dll
2010-07-13 13:57 . 2006-04-02 12:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2010-07-13 13:57 . 2004-05-18 18:16 39936 ----a-w- c:\windows\system32\huffyuv.dll
2010-07-13 13:57 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-07-13 13:57 . 1997-04-07 17:19 391680 ----a-w- c:\windows\system32\I263_32.drv
2010-07-13 13:56 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-13 13:56 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-13 13:56 . 2004-12-10 08:03 438272 ----a-w- c:\windows\system32\vp6vfw.dll
2010-07-13 13:56 . 2010-03-10 19:29 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-07-13 13:56 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\divx.dll
2010-07-13 13:56 . 2010-06-28 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-07-13 13:54 . 2010-07-13 13:54 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Yahoo!
2010-07-13 13:54 . 2010-07-13 13:54 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Media Player Classic
2010-07-13 13:38 . 2010-07-13 13:38 -------- d-----w- c:\program files\Nokia
2010-07-13 13:38 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-07-13 13:38 . 2008-09-08 13:11 13099456 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\PCCS_8.22.7.0.exe
2010-07-13 13:38 . 2010-07-13 13:38 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\Installer\CommonCustomActions\UninstCCD.exe
2010-07-13 13:37 . 2010-07-13 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-07-13 13:27 . 2010-07-13 13:30 -------- d-----w- c:\documents and settings\zzuzu\Local Settings\Application Data\Temp
2010-07-13 13:25 . 2010-07-13 13:25 -------- d-----w- c:\documents and settings\zzuzu\Application Data\ProgSense
2010-07-13 13:22 . 2010-07-13 13:22 -------- d-----w- c:\documents and settings\zzuzu\Local Settings\Application Data\FVD Suite
2010-07-13 12:57 . 2010-07-13 12:57 -------- d-----w- c:\program files\ProgSense
2010-07-13 12:57 . 2010-07-13 12:57 -------- d-----w- c:\program files\GeoVid
2010-07-13 12:56 . 2010-07-13 12:56 -------- d-----w- c:\documents and settings\zzuzu\Application Data\AnvSoft
2010-07-13 12:56 . 2010-07-13 12:56 -------- d-----w- c:\program files\3GPplayer2010
2010-07-13 12:55 . 2010-07-13 12:55 -------- d-----w- c:\program files\AnvSoft
2010-07-13 12:54 . 2010-07-13 12:54 -------- d-----w- c:\program files\Google
2010-07-13 12:53 . 2010-07-13 12:53 -------- d-----w- c:\program files\Youtube Downloader HD
2010-07-13 12:53 . 2010-07-14 18:07 -------- d-----w- c:\program files\Translate Client
2010-07-13 12:53 . 2010-07-13 13:16 -------- d-----w- c:\documents and settings\zzuzu\Application Data\IObit
2010-07-13 12:53 . 2010-07-13 12:53 -------- d-----w- c:\program files\IObit
2010-07-13 12:53 . 2010-07-13 12:53 -------- d-----w- c:\documents and settings\zzuzu\Application Data\FVDToolbar
2010-07-13 12:52 . 2010-07-13 12:52 -------- d-----w- c:\program files\FVD Suite
2010-07-13 10:51 . 2010-07-13 10:51 -------- d-----w- c:\program files\FreeTime
2010-07-11 15:01 . 2010-07-11 15:01 -------- d-----w- c:\program files\Moleskinsoft Clone Remover 3.8
2010-07-11 14:34 . 2010-07-11 14:59 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Similarity
2010-07-11 12:35 . 2010-07-11 12:35 -------- d-----w- c:\program files\Common Files\xing shared
2010-07-10 23:15 . 2010-07-11 09:14 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-10 13:19 . 2010-07-10 13:19 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-10 13:19 . 2010-07-10 13:19 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-10 13:19 . 2010-07-10 13:19 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-10 13:19 . 2010-07-10 13:19 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-10 12:45 . 2010-07-10 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-07-09 20:46 . 2010-07-09 20:46 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Malwarebytes
2010-07-09 20:46 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-09 20:46 . 2010-07-09 20:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-09 20:46 . 2010-07-09 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-09 20:46 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 20:51 . 2010-07-04 20:51 92 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
2010-07-04 20:51 . 2010-07-04 20:51 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstITW\unins000.exe
2010-07-04 20:16 . 2010-07-04 20:16 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Xentient
2010-07-04 20:14 . 2010-07-04 20:14 -------- d-----w- c:\program files\FlashFolder
2010-07-04 20:11 . 2010-07-04 20:11 -------- d-----w- c:\program files\Xentient
2010-07-04 20:11 . 2010-07-04 20:11 -------- d-----w- c:\program files\InfoTag Magic 1.0
2010-07-04 19:36 . 2010-07-04 19:36 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-04 19:33 . 2010-07-04 19:33 -------- d--h--w- c:\documents and settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-07-04 19:32 . 2010-07-10 23:09 -------- d-----w- c:\program files\DOSBox-0.72
2010-07-04 19:31 . 2010-07-04 20:53 -------- d-----w- c:\program files\VistaSwitcher
2010-07-04 19:31 . 2010-07-04 19:31 -------- d-----w- c:\program files\ioIsland
2010-07-04 19:17 . 2010-07-04 19:17 -------- d-----w- c:\documents and settings\zzuzu\Local Settings\Application Data\Stardock
2010-07-03 22:25 . 2010-07-03 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm
2010-07-03 22:24 . 2010-07-03 22:24 -------- d-----w- c:\documents and settings\zzuzu\Local Settings\Application Data\Last.fm
2010-07-03 22:24 . 2010-07-04 20:24 -------- d-----w- c:\program files\Last.fm
2010-07-02 20:53 . 2010-07-02 20:53 -------- d-----w- c:\documents and settings\zzuzu\Application Data\com.adobe.kuler.Desktop.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-02 20:53 . 2010-07-02 20:53 -------- d-----w- c:\documents and settings\zzuzu\Application Data\com.levitation.ColorBrowser.E8C85B0D1658562C6BF4EE77663EB3C86B87123C.1
2010-07-02 20:53 . 2010-07-02 20:53 -------- d-----w- c:\program files\colorbrowser
2010-07-02 20:53 . 2010-07-02 20:53 -------- d-----w- c:\documents and settings\zzuzu\Application Data\jp.playwell.Saezuri.58F200D7EEA7AA1DF3962E867638EFEED92471BE.1
2010-07-02 20:52 . 2010-07-02 20:52 -------- d-----w- c:\documents and settings\zzuzu\Application Data\iPhone.F4B6EDD4861104DF103CA831FC6755522BBBD9C1.1
2010-07-02 20:51 . 2010-07-02 20:51 -------- d-----w- c:\documents and settings\zzuzu\Application Data\com.AccuWeather.air.stratus.6AF67E59E785A9A644FCA43BED05A7731922EF40.1
2010-07-02 20:24 . 2010-07-02 20:24 -------- d-----w- c:\documents and settings\zzuzu\Application Data\jp.clockmaker.IconGeneratorPro
2010-07-02 19:26 . 2010-07-02 19:26 -------- d-----w- c:\documents and settings\zzuzu\Application Data\VideoMobile.99B084A7F5209066C71E0DB67A343FF6B8A0C954.1
2010-07-02 15:46 . 2010-07-04 19:32 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Nvu
2010-07-02 09:01 . 2010-07-02 09:01 -------- d-----w- c:\documents and settings\zzuzu\Application Data\DVDVideoSoftIEHelpers
2010-07-02 08:58 . 2010-07-04 19:32 -------- dc----w- c:\documents and settings\All Users\Application Data\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2010-07-01 22:04 . 2010-07-01 22:04 -------- d-----w- c:\documents and settings\zzuzu\Local Settings\Application Data\OLYMPUS
2010-07-01 21:53 . 2010-07-04 19:33 -------- d-----w- c:\program files\DOSBox-0.74
2010-07-01 16:21 . 2010-07-01 16:21 -------- d-----w- c:\documents and settings\zzuzu\Application Data\xNeat Clipboard Manager
2010-07-01 16:13 . 2010-07-01 16:13 -------- d-----w- c:\program files\ZSoft
2010-07-01 16:12 . 2010-07-04 19:34 -------- d-----w- c:\program files\iWisoft Free Video Converter
2010-07-01 16:12 . 2010-07-10 18:05 -------- d-----w- c:\program files\The KMPlayer
2010-06-24 21:29 . 2010-07-04 19:36 -------- d-----w- c:\documents and settings\zzuzu\Local Settings\Application Data\Wikipedia
2010-06-24 21:25 . 2010-07-04 19:36 -------- d-----w- c:\documents and settings\zzuzu\Local Settings\Application Data\Google Translator (2)
2010-06-23 14:49 . 2010-06-23 14:49 -------- d-----w- c:\program files\Kino
2010-06-23 14:20 . 2010-06-23 14:20 -------- d-----w- c:\program files\TweetDeck
2010-06-23 14:16 . 2010-06-23 14:16 -------- d-----w- c:\program files\Home Audiometer
2010-06-23 14:15 . 2010-07-13 13:36 -------- d-----w- c:\program files\Notepad++
2010-06-23 14:09 . 2010-07-02 09:58 -------- d-----w- c:\program files\Audacity
2010-06-23 14:08 . 2010-06-23 14:08 -------- d-----w- c:\program files\TeamViewer
2010-06-23 14:06 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-06-23 14:06 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-06-23 14:05 . 2010-07-13 14:55 -------- d-----w- c:\program files\Winamp Detect
2010-06-23 14:05 . 2010-07-13 14:56 -------- d-----w- c:\program files\Winamp
2010-06-23 12:18 . 2010-06-23 12:18 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 12:16 . 2010-06-23 12:16 -------- d-----w- c:\windows\system32\winrm
2010-06-23 12:16 . 2010-06-23 12:17 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-06-22 21:45 . 2010-07-04 19:32 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-22 21:45 . 2010-07-02 09:00 -------- d-----w- c:\program files\DVDVideoSoft
2010-06-22 21:44 . 2005-12-28 14:44 162816 ----a-w- c:\windows\system32\fmod.dll
2010-06-22 21:44 . 2005-11-11 16:42 40208 ----a-w- c:\windows\system32\dsetup.dll
2010-06-22 21:44 . 2001-04-27 13:11 24576 ----a-w- c:\windows\system32\smartsubclass.dll
2010-06-22 21:44 . 2010-06-22 21:44 -------- d-----w- c:\program files\Atmosphere Lite

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-19 17:42 . 2010-06-12 20:41 1 ----a-w- c:\documents and settings\zzuzu\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-19 15:36 . 2010-06-08 09:43 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Skype
2010-07-19 15:36 . 2010-06-08 12:27 -------- d-----w- c:\documents and settings\zzuzu\Application Data\skypePM
2010-07-19 14:44 . 2010-06-08 12:11 -------- d-----w- c:\documents and settings\zzuzu\Application Data\FileZilla
2010-07-17 23:30 . 2010-06-07 19:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-16 23:21 . 2010-06-07 22:38 -------- d-----w- c:\program files\PSPad editor
2010-07-16 10:13 . 2010-06-17 18:59 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Notepad++
2010-07-14 18:22 . 2010-06-08 18:21 -------- d-----w- c:\program files\Windows Desktop Search
2010-07-14 17:58 . 2010-06-07 22:43 -------- d-----w- c:\program files\Yahoo!
2010-07-14 10:45 . 2010-06-07 22:42 -------- d-----w- c:\program files\SpeedFan
2010-07-13 23:36 . 2010-06-08 12:11 -------- d-----w- c:\documents and settings\zzuzu\Application Data\ArcSoft
2010-07-13 23:35 . 2010-06-07 20:02 -------- d-----w- c:\program files\WinFast
2010-07-13 15:10 . 2010-06-07 22:47 -------- d-----w- c:\program files\CamStudio
2010-07-13 15:01 . 2010-06-15 21:14 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-13 15:00 . 2010-06-15 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-07-13 15:00 . 2010-06-07 19:27 -------- d-----w- c:\program files\Logitech
2010-07-13 14:54 . 2010-06-07 22:42 -------- d-----w- c:\program files\XnView
2010-07-13 13:57 . 2010-06-07 22:52 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-13 13:54 . 2010-06-07 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-13 13:38 . 2010-06-07 19:56 -------- d-----w- c:\program files\PC Connectivity Solution
2010-07-13 13:00 . 2010-06-07 19:15 66488 ----a-w- c:\documents and settings\zzuzu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-11 12:36 . 2010-06-07 22:46 -------- d-----w- c:\program files\Common Files\Real
2010-07-11 12:36 . 2010-06-07 22:46 -------- d-----w- c:\program files\Real
2010-07-11 12:35 . 2010-06-07 19:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-11 12:35 . 2010-06-07 19:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-10 23:15 . 2010-06-07 22:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-10 13:03 . 2010-06-22 15:50 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-10 13:03 . 2010-06-22 15:50 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-10 12:55 . 2010-06-07 22:41 -------- d-----w- c:\program files\CCleaner
2010-07-08 15:36 . 2010-06-07 22:42 -------- d-----w- c:\program files\FileZilla FTP Client
2010-07-05 11:03 . 2010-06-11 11:16 -------- d-----w- c:\program files\PeaZip
2010-07-04 20:51 . 2010-06-07 23:00 -------- d-----w- c:\program files\iTunes
2010-07-04 19:44 . 2010-06-07 20:35 -------- d-----w- c:\program files\Opera
2010-07-04 19:38 . 2010-06-15 13:08 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-02 10:43 . 2010-04-07 19:08 55256 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2010-07-02 10:43 . 2010-04-07 19:03 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-06-23 14:07 . 2010-06-17 18:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-23 14:05 . 2010-06-17 19:06 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Winamp
2010-06-22 15:50 . 2010-06-22 15:50 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-22 15:50 . 2010-06-22 15:50 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-22 15:50 . 2010-06-22 15:50 -------- d-----w- c:\documents and settings\zzuzu\Application Data\DivX
2010-06-22 15:50 . 2010-06-22 15:50 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-22 15:50 . 2010-06-22 15:50 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-22 15:50 . 2010-06-22 15:50 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-22 15:50 . 2010-06-22 15:50 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-22 15:50 . 2010-06-22 15:50 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-22 15:50 . 2010-06-22 15:50 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-22 15:50 . 2010-06-22 15:50 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-22 15:34 . 2010-06-07 22:50 -------- d-----w- c:\program files\Common Files\Apple
2010-06-22 14:59 . 2010-06-17 18:56 -------- dc----w- c:\documents and settings\All Users\Application Data\{8B88DB61-156A-4B73-B41B-358CC0CC7BE9}
2010-06-22 14:59 . 2010-06-17 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-22 14:55 . 2010-06-20 14:30 -------- d-----w- c:\documents and settings\zzuzu\Application Data\mioObjects
2010-06-22 14:55 . 2010-06-22 14:55 -------- d-----w- c:\program files\Alex Buturuga
2010-06-22 14:12 . 2010-06-22 14:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Stardock
2010-06-19 22:55 . 2010-06-07 19:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-19 20:32 . 2010-06-17 21:23 -------- d-----w- c:\documents and settings\zzuzu\Application Data\MxBoost
2010-06-19 18:11 . 2010-06-19 18:09 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Mipony
2010-06-17 21:35 . 2010-06-17 21:35 -------- d-----w- c:\documents and settings\zzuzu\Application Data\TeamViewer
2010-06-17 21:32 . 2010-06-17 21:32 -------- d-----w- c:\documents and settings\zzuzu\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-06-17 19:43 . 2010-06-17 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickMediaConverter
2010-06-17 19:43 . 2010-06-17 19:43 -------- d-----w- c:\documents and settings\zzuzu\Application Data\CocoonSoftware
2010-06-17 18:56 . 2010-06-17 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardock
2010-06-17 18:56 . 2010-06-10 22:52 -------- d-----w- c:\program files\Stardock
2010-06-15 21:43 . 2010-06-15 21:43 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Leadertech
2010-06-15 21:14 . 2010-06-15 21:14 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Logishrd
2010-06-15 21:14 . 2010-06-07 20:04 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Logitech
2010-06-15 18:01 . 2010-06-15 18:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-15 17:55 . 2010-06-07 19:27 -------- d-----w- c:\program files\ATI Technologies
2010-06-15 17:51 . 2010-06-07 20:04 -------- d-----w- c:\documents and settings\zzuzu\Application Data\ATI
2010-06-15 17:36 . 2010-06-07 23:02 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Apple Computer
2010-06-15 12:37 . 2010-06-14 21:52 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-15 12:36 . 2010-06-15 12:36 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-06-15 12:36 . 2010-06-15 12:36 -------- d-----w- c:\documents and settings\zzuzu\Application Data\InstallShield
2010-06-15 12:22 . 2010-06-14 10:24 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Rainmeter
2010-06-14 20:57 . 2010-06-14 20:57 9158 ----a-r- c:\documents and settings\zzuzu\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2010-06-14 20:57 . 2010-06-14 20:57 -------- d-----w- c:\program files\USB TV
2010-06-14 20:00 . 2010-06-14 20:00 0 ----a-w- c:\windows\ativpsrm.bin
2010-06-14 14:31 . 2010-06-07 18:44 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 20:55 . 2010-06-13 20:55 65112 ----a-w- c:\windows\BricoPackUninst.cmd
2010-06-13 20:55 . 2010-06-13 20:53 6114 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-06-13 20:55 . 2006-03-15 12:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2010-06-12 20:41 . 2010-06-12 20:41 -------- d-----w- c:\documents and settings\zzuzu\Application Data\OpenOffice.org
2010-06-11 22:18 . 2010-06-11 22:18 -------- d-----w- c:\documents and settings\zzuzu\Application Data\AMPSoft
2010-06-11 19:52 . 2010-06-11 19:46 -------- d-----w- c:\program files\ReNamer
2010-06-11 14:41 . 2010-06-11 14:41 -------- d-----w- c:\program files\AMP Font Viewer
2010-06-11 14:03 . 2010-06-08 09:43 -------- d-----w- c:\program files\Safari
2010-06-11 13:59 . 2010-06-11 13:59 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-11 12:22 . 2010-06-11 12:20 -------- d-----w- c:\documents and settings\zzuzu\Application Data\PeaZip
2010-06-11 11:48 . 2010-06-11 11:48 -------- d-----w- c:\program files\OpenOffice.org 3
2010-06-11 11:24 . 2010-06-11 11:24 -------- d-----w- c:\documents and settings\zzuzu\Application Data\KC Softwares
2010-06-11 11:24 . 2010-06-11 11:24 -------- d-----w- c:\program files\KC Softwares
2010-06-11 11:21 . 2010-06-08 09:42 -------- d-----r- c:\program files\Skype
2010-06-10 22:52 . 2010-06-10 22:52 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Stardock
2010-06-10 22:50 . 2010-06-10 22:50 -------- d-----w- c:\program files\Unknown Device Identifier
2010-06-10 22:26 . 2010-06-10 22:26 -------- d-----w- c:\program files\Windows Media Bonus Pack for Windows XP
2010-06-10 22:10 . 2010-06-10 22:10 23558 ----a-r- c:\documents and settings\zzuzu\Application Data\Microsoft\Installer\{A908E57D-71A3-4AE1-9A76-C239521BBED9}\_294823.exe
2010-06-10 22:10 . 2010-06-10 22:10 23558 ----a-r- c:\documents and settings\zzuzu\Application Data\Microsoft\Installer\{A908E57D-71A3-4AE1-9A76-C239521BBED9}\_18be6784.exe
2010-06-10 22:10 . 2010-06-10 22:10 -------- d-----w- c:\program files\Microsoft Kalkulačka+
2010-06-10 22:10 . 2010-06-10 22:10 -------- d-----w- c:\program files\Microsoft Time Zone
2010-06-08 22:40 . 2010-06-08 22:40 -------- d-----w- c:\documents and settings\zzuzu\Application Data\Windows Search
.

------- Sigcheck -------

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[-] 2010-05-06 . 2FFDB270D0BC419421F3B3B2F7165790 . 6224896 . . [8.00.6001.18928] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2010-05-06 . 2FFDB270D0BC419421F3B3B2F7165790 . 6224896 . . [8.00.6001.18928] . . c:\windows\system32\mshtml.dll
[7] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[7] 2009-12-22 . 5747867041C33E26DA5CC893C9532DB8 . 3071488 . . [6.00.2900.3660] . . c:\windows\ie8\mshtml.dll
[7] 2009-12-22 . A758F0891A87EE005848A0BC740A5B96 . 3071488 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\mshtml.dll
[7] 2009-12-22 . AD17006339C1934D86449F335C241FF1 . 3073536 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
[7] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[7] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2006-03-15 . FD99AD515CBCA109A3D0832F3482DDA1 . 3049472 . . [6.00.2900.2853] . . c:\windows\$NtUninstallKB911164$\mshtml.dll
[-] 2006-02-20 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll
[-] 2006-02-20 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\$NtUninstallKB978207$\mshtml.dll

[-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2006-03-15 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-07-17_20.03.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-18 19:13 . 2010-07-18 19:13 40960 c:\windows\Installer\{E0B7E33E-B89F-406A-899E-DCE36F1258A2}\NewShortcut4.exe
+ 2010-07-18 19:13 . 2010-07-18 19:13 40960 c:\windows\Installer\{E0B7E33E-B89F-406A-899E-DCE36F1258A2}\NewShortcut2.exe
+ 2010-07-18 19:13 . 2010-07-18 19:13 406016 c:\windows\Installer\208594d.msi
+ 2010-07-17 23:30 . 2010-07-17 23:30 160256 c:\windows\Installer\14cebc.msi
+ 2010-07-18 19:12 . 2010-07-18 19:12 801792 c:\windows\Downloaded Installations\{CD95A4A6-30D2-4E03-86F5-841641B8A3AA}\JWrite Text Editor.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-06-07 32768]
"Timezone"="c:\program files\Microsoft Time Zone\TimeZone.exe" [2005-01-14 712704]
"VistaSwitcher"="c:\program files\VistaSwitcher\vswitch.exe" [2010-05-11 191440]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-07-02 2347216]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-06-09 2920448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AdslTaskBar"="stmctrl.dll" [2003-12-03 155648]
"V0220Mon.exe"="c:\windows\V0220Mon.exe" [2006-05-16 28672]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2009-05-25 1431040]
"QFan Help"="c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2009-04-30 598528]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"ASUS Energy Saving"="c:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe" [2009-01-22 1352704]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"RTHDCPL"="RTHDCPL.EXE" [2010-06-08 19552872]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1311312]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2010-06-09 101888]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-07-02 2202704]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\zzuzu\Start Menu\Programs\Startup\
Logitech . Registrace produktu.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-6-14 81997]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-6-7 450560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune 3.6.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MagicTune 3.6.lnk
backup=c:\windows\pss\MagicTune 3.6.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk
backup=c:\windows\pss\NaturalColorLoad.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^zzuzu^Start Menu^Programs^Startup^Logitech . Registrace produktu.lnk]
path=c:\documents and settings\zzuzu\Start Menu\Programs\Startup\Logitech . Registrace produktu.lnk
backup=c:\windows\pss\Logitech . Registrace produktu.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^zzuzu^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\zzuzu\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-05-21 15:36 3824472 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 13:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-04-02 16:05 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVFX Engine]
2006-06-08 23:11 24576 ------w- c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
2006-05-31 14:00 143360 ------w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FVDSuite]
2010-02-18 19:48 43520 ----a-w- c:\program files\FVD Suite\fvdbox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-13 13:27 136176 ----atw- c:\documents and settings\zzuzu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-06-07 22:50 133368 ----a-w- c:\program files\ICQ7.2\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 08:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2008-05-15 15:25 54576 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 10:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 11:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2006-07-07 15:15 348160 ----a-w- c:\program files\WinFast\WFTVFM\WFWIZ.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [17.7.2010 12:15 28552]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 21:07 114984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2.7.2010 12:43 810144]
S2 FlashFolder;FlashFolder;c:\program files\FlashFolder\FlashFolder.exe [21.3.2008 0:55 71680]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [7.6.2010 21:57 233472]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [15.6.2010 23:42 10448]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.6.2010 0:43 1691480]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [7.6.2010 21:57 36608]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [7.6.2010 21:57 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [7.6.2010 21:57 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [7.6.2010 21:57 121856]
S3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [7.6.2010 20:55 60255]
S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [7.6.2010 20:55 549421]
S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [7.6.2010 21:50 145472]
S3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [7.6.2010 21:50 6272]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [7.6.2010 22:02 9446]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [15.3.2006 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.6.2010 0:44 691696]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - CXTUNE
*NewlyCreated* - LBEEPKE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'

2010-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1123561945-839522115-1003Core.job
- c:\documents and settings\zzuzu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-13 13:27]

2010-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1123561945-839522115-1003UA.job
- c:\documents and settings\zzuzu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-13 13:27]

2010-07-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-1123561945-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-07-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-1123561945-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.flashvideodownloader.org/
mStart Page = about:blank
IE: Download all by FlashGet3 - c:\documents and settings\zzuzu\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\zzuzu\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?? - c:\documents and settings\zzuzu\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\zzuzu\Application Data\FlashGetBHO\GetAllUrl.htm
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: {599C9212-35EA-48C5-819E-2D1FD1178561} = 212.158.128.2 212.158.128.3
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\zzuzu\Application Data\Mozilla\Firefox\Profiles\z8b2ld6q.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.flashvideodownloader.org/
FF - component: c:\program files\FVD Suite\addons\Firefox\components\fvd_connector.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1801674531-1123561945-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="c:\\Documents and Settings\\zzuzu\\Application Data\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-1801674531-1123561945-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\zzuzu\\Application Data\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(220)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Celkový čas: 2010-07-19 20:34:41
ComboFix-quarantined-files.txt 2010-07-19 18:34
ComboFix2.txt 2010-07-17 20:05
ComboFix3.txt 2010-07-17 14:55

Před spuštěním: 166 948 646 912 bytes free
Po spuštění: 166 929 588 224 bytes free

- - End Of File - - 817266AB652D6D88804571963831C6D5

[Rudy]

Log již vypadá čistý.

[zzuzu]

Děkuji mockrát za pomoc.

Tak mám zas na nějakou dobu pokoj. Stejně nevím, jak se mi ta havět sem dostala

[Rudy]

Dnes se havěť do PC dostane téměř výhradně z internetu. Zvláště pak tehdy, když se kliká na odkazy, či bannery bez přemýšlení, nebo pokud se navštěvují "temná zákoutí" internetu. Nemáte zač!