Nod hlasí červy...prosím o pomoc

[Duhen]

Tady je .

[Duhen]

A tady je log RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dumastr at 2010-11-19 09:47:21
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (44%) free of 30 GB
Total RAM: 894 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:41, on 19.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\Ovladaci panel ATI\atiptaxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\HipServ Desktop Applications\HipServAgent\HipServAgent.exe
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Eject.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IncrediMail\Bin\IncMail.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\Dumastr\Plocha\Léčba\RSIT.exe
C:\Program Files\trend micro\Dumastr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/english/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\Ovladaci panel ATI\atiptaxx.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [HipServ Agent] C:\Program Files\HipServ Desktop Applications\HipServAgent\HipServAgent.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateReminder] C:\Program Files\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Startup: Zástupce - Eject.lnk = C:\Program Files\Eject.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Výstrahy a protokolování výkonu SysmonLogDUMeterSvc (SysmonLogDUMeterSvc) - Unknown owner - .exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12541 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2009-10-17 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2009-10-17 491520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\Ovladaci panel ATI\atiptaxx.exe [2005-07-13 344064]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2005-12-13 917504]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-18 1848648]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-08-11 63048]
"OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-03-15 2225208]
"HipServ Agent"=C:\Program Files\HipServ Desktop Applications\HipServAgent\HipServAgent.exe [2008-08-22 1942816]
"FineReader7NewsReaderPro"=C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe [2003-08-20 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"NPSStartup"= []
"UpdateReminder"=C:\Program Files\Eset\UpdateReminder.exe [2010-11-03 413696]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2010-08-18 353736]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2007-11-13 2585360]
"OEXPRESS"=C:\WINDOWS\OETRN.EXE [2009-10-17 26624]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-10-16 102400]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe

C:\Documents and Settings\Dumastr\Nabídka Start\Programy\Po spuštění
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
Zástupce - Eject.lnk - C:\Program Files\Eject.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-07-14 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2010-09-30 87424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Strong\StrongDC.exe"="D:\Strong\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\DreamCom\DreamCom.exe"="C:\Program Files\DreamCom\DreamCom.exe:*:Enabled:DreamCom"
"C:\Program Files\viphone communicator\viphone communicator.exe"="C:\Program Files\viphone communicator\viphone communicator.exe:*:Enabled:viphone communicator"
"C:\Program Files\IncrediMail\bin\ImLc.exe"="C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail"
"C:\Program Files\HipServ Desktop Applications\DesktopMirror\rsync.exe"="C:\Program Files\HipServ Desktop Applications\DesktopMirror\rsync.exe:*:Enabled:HipServ DesktopMirror (rsync)"
"C:\Program Files\HipServ Desktop Applications\DesktopMirror\ssh.exe"="C:\Program Files\HipServ Desktop Applications\DesktopMirror\ssh.exe:*:Enabled:HipServ DesktopMirror (ssh)"
"C:\Program Files\HipServ Desktop Applications\QuickConnect\AxentraPicturesWizard.exe"="C:\Program Files\HipServ Desktop Applications\QuickConnect\AxentraPicturesWizard.exe:*:Enabled:HipServ Pictures Wizard"
"C:\Program Files\HipServ Desktop Applications\QuickConnect\AxentraSmartShortcut.exe"="C:\Program Files\HipServ Desktop Applications\QuickConnect\AxentraSmartShortcut.exe:*:Enabled:HipServ SmartShortcut"
"C:\Program Files\HipServ Desktop Applications\HipServAgent\HipServAgent.exe"="C:\Program Files\HipServ Desktop Applications\HipServAgent\HipServAgent.exe:*:Enabled:HipServAgent"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\SAMSUNG\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\SAMSUNG\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\SAMSUNG\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\SAMSUNG\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dc534b4-65a2-11df-84b7-0014a5b9ab7f}]
shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0530f9f-804a-11df-84bf-0014a5b9ab7f}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-12-04 17:50:31 ----D---- C:\Documents and Settings\Dumastr\Data aplikací\Thunderbird
2010-12-04 17:49:05 ----D---- C:\Program Files\Mozilla Thunderbird
2010-11-19 09:47:23 ----D---- C:\Program Files\trend micro
2010-11-19 09:47:21 ----D---- C:\rsit
2010-11-13 16:21:33 ----D---- C:\Documents and Settings\Dumastr\Data aplikací\ABBYY
2010-11-13 16:20:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\ABBYY
2010-11-13 16:18:23 ----D---- C:\Program Files\ABBYY FineReader 7.0 Professional Edition
2010-11-13 15:10:17 ----D---- C:\Program Files\YouTube Downloader
2010-11-09 14:50:18 ----HDC---- C:\WINDOWS\$NtUninstallWudf01009$
2010-11-09 14:43:15 ----SHD---- C:\Config.Msi
2010-11-09 14:42:21 ----A---- C:\WINDOWS\system32\wdfcoinstaller01009.dll
2010-11-09 14:42:21 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2010-10-22 09:57:55 ----A---- C:\WINDOWS\system32\javaws.exe
2010-10-22 09:57:55 ----A---- C:\WINDOWS\system32\javaw.exe
2010-10-22 09:57:55 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2010-11-19 09:47:41 ----D---- C:\WINDOWS\Prefetch
2010-11-19 09:47:32 ----D---- C:\WINDOWS\Temp
2010-11-19 09:47:23 ----RD---- C:\Program Files
2010-11-19 09:46:50 ----D---- C:\WINDOWS
2010-11-19 09:46:50 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-11-19 09:43:12 ----A---- C:\WINDOWS\wincmd.ini
2010-11-19 09:43:09 ----D---- C:\WINDOWS\Internet Logs
2010-11-19 09:40:16 ----AD---- C:\WINDOWS\system32
2010-11-19 09:40:02 ----D---- C:\Program Files\LogMeIn
2010-11-15 18:18:43 ----A---- C:\WINDOWS\posta2.ini
2010-11-15 18:18:08 ----D---- C:\Program Files\Pošta a kancelář 2
2010-11-14 13:55:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-14 11:25:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-11-12 17:00:58 ----D---- C:\Documents and Settings\Dumastr\Data aplikací\Canon
2010-11-12 17:00:52 ----A---- C:\WINDOWS\CSTBox.INI
2010-11-12 13:15:20 ----D---- C:\Program Files\CommViewWiFi
2010-11-11 10:33:11 ----D---- C:\FORM studio 2009
2010-11-11 09:39:13 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-10 15:16:59 ----D---- C:\Documents and Settings\Dumastr\Data aplikací\Nokia
2010-11-09 14:53:05 ----D---- C:\WINDOWS\system32\drivers
2010-11-09 14:50:29 ----HD---- C:\WINDOWS\inf
2010-11-09 14:49:29 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-09 14:44:00 ----SHD---- C:\WINDOWS\Installer
2010-11-09 14:43:57 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-09 14:43:43 ----D---- C:\Program Files\PC Connectivity Solution
2010-11-09 14:42:09 ----D---- C:\Program Files\Nokia
2010-11-09 14:40:40 ----D---- C:\Program Files\Common Files\Nokia
2010-11-09 14:39:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-11-09 14:34:44 ----D---- C:\Documents and Settings\Dumastr\Data aplikací\MOBILedit
2010-11-06 09:32:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-06 09:27:53 ----D---- C:\WINDOWS\Minidump
2010-11-03 16:54:28 ----D---- C:\Program Files\ESET
2010-10-22 09:57:50 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2010-10-16 5632]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-15 353672]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys []
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-06 12544]
R2 PARLDR2K;ParLdr2k; \??\C:\WINDOWS\system32\drivers\parldr2k.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-07-14 1269760]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-05-10 1294200]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-09-20 1342122]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-02-18 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-02-18 349696]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-23 1035008]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-23 231424]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-08-11 10144]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-06 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2009-04-23 10368]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vsb.sys [2008-07-23 15264]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-23 718464]
R4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2005-09-20 401664]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2005-09-19 30363]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-09-19 148040]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2005-09-19 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-09-19 56648]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2008-07-23 47744]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-07-14 380928]
R2 btwdins;Bluetooth Service; C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe [2005-09-19 258103]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2007-11-10 1382672]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-23 374152]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2010-09-30 116104]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-08-11 63040]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-04-23 495616]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-15 2402184]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-26 654848]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-09-29 616448]
S2 SysmonLogDUMeterSvc;Výstrahy a protokolování výkonu SysmonLogDUMeterSvc; srv []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2008-10-16 464264]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[motji]

A ještě poprosím, koukněte se do složky C:\WINDOWS\minidump, pokud tam budou nějaké soubory, rovněž mi je upněte jako přílohu. Měl by tam být rozbor těch modrých smrtí, mrkneme, co se děje. Bohužel tady budu asi až večer, omlouvám se

[Duhen]

Tady je Minidump a počkááám na Vás.

[motji]

A qoobox bude?

[Duhen]

Už je nahoře

[motji]

Omlouvám se, ted jsem se v tom ztratila. Tem minidump - je tam problém s ovladačem od combofixu, ale nedokážu určit, jestli s havětí nebo je to jen chyba combofixu. udělejte pro jistotu ještě gmer, zbytek večer. Koukám že tam máte starší minidumpy a máte tam nějaké problémy s grafikou a ovladačem od daemonu.

Pokračování později, te dmusím pro syna do školky

[Duhen]

Tak jsem otestoval paměti a HDD a vše v pořádku. Pak jsem ještě zkusil Combofix v nouzáku a proběhl s tím, že mázl i c:\windows\daemon.dll, tak jsem zatím raději daemona přes ccleanera odinstaloval.

Tady je log:

ComboFix 10-11-18.03 - Dumastr 19.11.2010 15:02:40.7.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.894.701 [GMT 1:00]
Spuštěný z: c:\documents and settings\Dumastr\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dumastr\Data aplikací\Desktopicon
c:\documents and settings\Dumastr\Data aplikací\Desktopicon\config.ini
c:\windows\daemon.dll
c:\windows\system32\2726875619.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-19 do 2010-11-19 )))))))))))))))))))))))))))))))
.

2010-12-04 16:50 . 2010-12-04 16:50 -------- d-----w- c:\documents and settings\Dumastr\Local Settings\Data aplikací\Thunderbird
2010-12-04 16:50 . 2010-12-04 16:50 -------- d-----w- c:\documents and settings\Dumastr\Data aplikací\Thunderbird
2010-12-04 16:49 . 2010-09-14 09:13 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-11-19 08:52 . 2010-11-19 08:51 416768 ----a-w- c:\windows\system32\CF28957.exe
2010-11-19 08:47 . 2010-11-19 08:47 -------- d-----w- c:\program files\trend micro
2010-11-19 08:47 . 2010-11-19 08:47 -------- d-----w- C:\rsit
2010-11-13 15:21 . 2010-11-13 15:44 -------- d-----w- c:\documents and settings\Dumastr\Local Settings\Data aplikací\ABBYY
2010-11-13 15:21 . 2010-11-13 15:21 -------- d-----w- c:\documents and settings\Dumastr\Data aplikací\ABBYY
2010-11-13 15:20 . 2010-11-13 15:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ABBYY
2010-11-13 15:18 . 2010-11-13 15:24 -------- d-----w- c:\program files\ABBYY FineReader 7.0 Professional Edition
2010-11-13 14:10 . 2010-11-13 14:10 -------- d-----w- c:\program files\YouTube Downloader
2010-11-09 13:43 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-11-09 13:42 . 2010-02-26 13:21 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2010-11-09 13:42 . 2010-02-26 13:21 137344 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2010-11-09 13:42 . 2010-02-26 13:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-11-09 13:42 . 2010-02-26 13:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-11-09 13:42 . 2010-02-26 13:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-11-09 13:42 . 2010-02-26 13:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-11-09 13:42 . 2010-02-26 13:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-11-09 13:42 . 2010-02-26 13:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-16 08:46 . 2009-10-15 20:47 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-09-30 10:09 . 2009-11-10 16:22 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-09-30 10:09 . 2009-11-10 16:22 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-30 10:09 . 2009-11-10 16:22 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-09-30 10:09 . 2009-11-10 16:21 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-09-18 10:23 . 2004-08-17 14:49 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-17 14:49 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-10-25 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-10-25 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 02:50 . 2010-07-23 16:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2009-05-10 11:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:52 . 2004-08-17 14:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2004-08-17 14:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:52 . 2004-08-17 14:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 11:52 . 2004-08-17 14:48 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2004-08-17 14:44 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2004-08-17 14:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2004-08-17 14:49 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2004-08-03 22:14 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2004-08-17 14:49 617472 ----a-w- c:\windows\system32\comctl32.dll
2000-03-30 14:22 . 2009-08-04 15:10 152576 ----a-r- c:\program files\Eject.exe
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-08-18 353736]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2007-11-13 2585360]
"OEXPRESS"="c:\windows\OETRN.EXE" [2009-10-17 26624]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-10-16 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\Ovladaci panel ATI\atiptaxx.exe" [2005-07-13 344064]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2005-12-13 917504]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-03-15 2225208]
"HipServ Agent"="c:\program files\HipServ Desktop Applications\HipServAgent\HipServAgent.exe" [2008-08-22 1942816]
"FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-08-19 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2010-11-03 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Dumastr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]
Z stupce - Eject.lnk - c:\program files\Eject.exe [2009-8-4 152576]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\MSI\Star Key Bluetooth Software\BTTray.exe [2005-9-19 581693]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-09-30 10:09 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\java.exe"=
"d:\\Strong\\StrongDC.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DreamCom\\DreamCom.exe"=
"c:\\Program Files\\viphone communicator\\viphone communicator.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\HipServ Desktop Applications\\DesktopMirror\\rsync.exe"=
"c:\\Program Files\\HipServ Desktop Applications\\DesktopMirror\\ssh.exe"=
"c:\\Program Files\\HipServ Desktop Applications\\QuickConnect\\AxentraPicturesWizard.exe"=
"c:\\Program Files\\HipServ Desktop Applications\\QuickConnect\\AxentraSmartShortcut.exe"=
"c:\\Program Files\\HipServ Desktop Applications\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SAMSUNG\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\SAMSUNG\\Samsung New PC Studio\\npsvsvr.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [26.4.2009 15:19 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [26.4.2009 15:19 5248]
S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [26.4.2009 16:57 1382672]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [16.10.2010 9:24 233472]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [30.9.2010 11:09 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11.8.2008 12:41 12856]
S2 PARLDR2K;ParLdr2k;c:\windows\system32\drivers\parldr2k.sys [25.4.2010 22:01 10454]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S2 SysmonLogDUMeterSvc;Výstrahy a protokolování výkonu SysmonLogDUMeterSvc; srv --> srv [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [16.10.2010 9:24 36608]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [23.4.2009 13:34 231424]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [9.11.2010 14:42 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [9.11.2010 14:42 8320]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [16.10.2010 9:25 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [16.10.2010 9:25 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [16.10.2010 9:25 121856]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [24.10.2009 13:45 464264]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MDMXSDK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'

2010-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://mystart.incredimail.com/english/
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs&search=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKLM-Run-NPSStartup - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-19 15:17
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLogDUMeterSvc]
"ImagePath"=" srv"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-484763869-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-484763869-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0B9B1882-0011-6330-9CEA-2DD213872BBF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oalipkbfimglelebboekpemimmdlbh"=hex:63,61,6c,63,67,6a,00,7c
"oahjpalmilfgpiaocfkjhccallpbpn"=hex:6a,61,69,63,67,6a,68,6b,6a,6c,65,6e,66,61,
6f,6c,68,6f,69,6c,00,fb
"nanijalnifcghpiomjflofamdpph"=hex:6b,61,6c,63,65,6a,67,62,66,67,65,6e,65,6e,
66,6b,63,6c,6d,69,67,6a,00,00

[HKEY_USERS\S-1-5-21-484763869-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FBC0D566-1D6A-4E68-D33E-E14C9AE91F16}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oahkekcmcfamfnlhiaoobhklflhiad"=hex:63,61,68,65,68,70,00,7c
"oadbephkmbkhmidmcckpdpfmhhlhke"=hex:6a,61,68,65,63,61,6a,6d,63,68,6c,69,61,70,
6e,61,67,69,63,67,00,fb
"nanacnhcnkokoojlgmjflfbkdpoj"=hex:6a,61,68,65,63,61,6a,6d,63,68,6c,69,61,70,
6e,61,67,69,63,67,00,fb
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(280)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
Celkový čas: 2010-11-19 15:22:16
ComboFix-quarantined-files.txt 2010-11-19 14:21

Před spuštěním: Volných bajtů: 13 771 603 968
Po spuštění: Volných bajtů: 13 883 064 320

- - End Of File - - B72AFB0983241FBDCAA4E7AA88FCE0F7

[motji]

Ten Eset je legální?

Otestujte na http://www.virustotal.com
c:\windows\explorer.exe

[Duhen]

Bohužel po spuštění gameru okamžitě modrá smrt a restart. Vkládám aktuální Minidump.

Nod není legální, ale používám ho 6 let a nikdy nečinil problém.Mám ho i na jiném PC a pohoda.

[Duhen]

File name:
explorer.exe
Submission date:
2010-11-19 14:50:52 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 41 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.11.19.00 2010.11.18 -
AntiVir 7.10.14.54 2010.11.19 -
Antiy-AVL 2.0.3.7 2010.11.19 -
Avast 4.8.1351.0 2010.11.19 -
Avast5 5.0.594.0 2010.11.19 -
AVG 9.0.0.851 2010.11.19 -
BitDefender 7.2 2010.11.19 -
CAT-QuickHeal 11.00 2010.11.09 -
ClamAV 0.96.4.0 2010.11.19 -
Command 5.2.11.5 2010.11.19 -
Comodo 6771 2010.11.19 -
DrWeb 5.0.2.03300 2010.11.19 -
eSafe 7.0.17.0 2010.11.18 -
eTrust-Vet 36.1.7986 2010.11.19 -
F-Prot 4.6.2.117 2010.11.19 -
F-Secure 9.0.16160.0 2010.11.19 -
Fortinet 4.2.254.0 2010.11.18 -
GData 21 2010.11.19 -
Ikarus T3.1.1.90.0 2010.11.19 -
Jiangmin 13.0.900 2010.11.19 -
K7AntiVirus 9.68.3021 2010.11.18 -
McAfee 5.400.0.1158 2010.11.19 -
McAfee-GW-Edition 2010.1C 2010.11.19 -
Microsoft 1.6402 2010.11.19 -
NOD32 5633 2010.11.19 -
Norman 6.06.10 2010.11.19 -
nProtect 2010-11-19.02 2010.11.19 -
Panda 10.0.2.7 2010.11.18 -
PCTools 7.0.3.5 2010.11.19 -
Prevx 3.0 2010.11.19 -
Rising 22.74.03.08 2010.11.19 -
Sophos 4.59.0 2010.11.19 -
SUPERAntiSpyware 4.40.0.1006 2010.11.19 -
Symantec 20101.2.0.161 2010.11.19 -
TheHacker 6.7.0.1.086 2010.11.18 -
TrendMicro 9.120.0.1004 2010.11.19 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.19 -
VBA32 3.12.14.2 2010.11.19 -
VIPRE 7351 2010.11.19 -
ViRobot 2010.10.30.4121 2010.11.19 -
VirusBuster 13.6.49.0 2010.11.19 -
Additional information
Show all
MD5 : 13e794e5591776cbc71055a7b3cc1d5f
SHA1 : ea91373fe86add7e86a8493dddfcfa2142199a92
SHA256: 8e82bdfe232008b2713d685a8abcd4309f0cf88632a3570febad47f36f712ae7

[motji]

Fajn, jen NOdu ve Vaší verzi končí na konci roku podpora, takže to chce upgrade.

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Tento počítač se chová jak?

[Duhen]

Takhle, když na něm pracuji se chová normálně.
Podle logů tam není nic závažného?
Trochu nechápu ty modré smrti po spuštění combofix a gmer.
jdu na ten Malwarebytes, brzo vložím log.

[motji]

Něco bych ještě domazala, ale raději přes OTL. Poprosila jsme kolegu, at na ty minidumpy pořádně mrkne, já jim až tak nerozumím, pouze jsme vyčetla, že za BSOD můžou drivery od obou programů. Kolega by mohl zjistit, jestli za tím není i nějaká havěť.

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT 

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

[Duhen]

Zde zatím MBAM, ale vypadá to , že našel jen mejch pár skalních keygenů.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 5153

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19.11.2010 20:17:49
mbam-log-2010-11-19 (20-17-49).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 323529
Uplynulý čas: 3 hodina(y), 15 minuta(y), 23 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 8

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
D:\Sos\Nero 7\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
D:\Mobily\6650\Aplikace\RootSiGN.exe (Hacktool.RootSign) -> No action taken.
D:\Mobily\n93\To co instaluju po formatu mobilu\xplore 1.05\Keygen.exe (Worm.SpyBot) -> No action taken.
D:\4GB\..!!!!!..PŘENOS..!!!!\6650\Aplikace\RootSiGN.exe (Hacktool.RootSign) -> No action taken.
D:\4GB\..!!!!!..PŘENOS..!!!!\Nero 7\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
D:\8GB\BSPLAYER2511021\Keygen\keygen.exe (Trojan.Agent) -> No action taken.
D:\8GB\Nero 7\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
D:\Věci z netu\Clone DVD 2.9.1.2\Slysoft Products Generic Crack 1.43.exe (RiskWare.Tool.CK) -> No action taken.