preventivni kontrola logu

[Kodlz]

zdravim chtel by jsem poprosit o kontrolu logu:


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\launch4j-tmp\frd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Stahnute\RSIT.exe
C:\Program Files\trend micro\Kaja.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Kaja\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Documents and Settings\Kaja\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Kaja\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\Qip\infium.exe (file missing) (HKCU)
O16 - DPF: {09910C34-59D2-4ED7-BFC3-59295B51918D} (RSComnUtil Control) - http://rsup.net/cab/rsupcomn.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4363237546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4374201406
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.co ... 3.11.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (file missing)

--
End of file - 10519 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-KODLL-Kaja.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Documents and Settings\Kaja\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll [2010-10-05 48080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Kaja\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2010-10-05 140752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-10-21 761945]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-01-19 18790432]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"IntelZeroConfig"=C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2009-11-03 1372160]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2009-11-03 1202448]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"uTorrent"=C:\Program Files\uTorrent\utorrent.exe [2010-09-26 328056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe -h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2215064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDInspector.exe]
C:\Program Files\Hard Drive Inspector\HDInspector.exe [2010-11-17 3190520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2009-11-03 1202448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2009-11-03 1372160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\lclock.exe [2004-09-19 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Documents and Settings\Kaja\Data aplikací\QipGuard\QipGuard.exe [2010-10-05 190928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2010-09-26 328056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [2009-12-08 2717024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kaja^Nabídka Start^Programy^Po spuštění^Stardock ObjectDock.lnk]
C:\PROGRA~1\Stardock\OBJECT~2\OBJECT~1.EXE [2007-05-27 3565296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\WINDOWS\system32\lxddcoms.exe"="C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Device Monitor Application"
"C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: "
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: "
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: "
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Lexmark 2500 Series\app4r.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 1 months======

2010-11-27 11:43:21 ----D---- C:\rsit
2010-11-27 11:43:21 ----D---- C:\Program Files\trend micro
2010-11-27 11:40:40 ----D---- C:\WINDOWS\LastGood
2010-11-27 11:05:10 ----A---- C:\WINDOWS\system32\NETw5r32.dll
2010-11-27 11:05:10 ----A---- C:\WINDOWS\system32\NETw5c32.dll
2010-11-27 11:05:10 ----A---- C:\WINDOWS\system32\drivers\NETw5x32.sys
2010-11-27 11:04:38 ----D---- C:\Program Files\Common Files\Intel
2010-11-27 11:01:13 ----ASH---- C:\hiberfil.sys
2010-11-27 10:59:07 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2010-11-27 10:58:51 ----D---- C:\Program Files\ATI Technologies
2010-11-26 23:46:27 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-26 23:37:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-26 22:54:49 ----D---- C:\WINDOWS\pss
2010-11-26 22:29:30 ----A---- C:\WINDOWS\WININIT.INI
2010-11-26 22:26:19 ----A---- C:\WINDOWS\system32\wcourier.exe
2010-11-26 22:02:46 ----D---- C:\WINDOWS\Prefetch
2010-11-26 21:54:29 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-11-26 21:51:39 ----D---- C:\Inetpub
2010-11-26 21:50:55 ----D---- C:\iissamples
2010-11-26 21:50:20 ----D---- C:\AdminScripts
2010-11-26 21:49:22 ----D---- C:\gvci
2010-11-26 21:33:24 ----A---- C:\WINDOWS\ModemLog_Nokia 5000 Bluetooth Modem.txt
2010-11-26 21:30:20 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-11-26 21:30:20 ----A---- C:\WINDOWS\system32\irclass.dll
2010-11-26 21:30:02 ----RA---- C:\WINDOWS\SET78.tmp
2010-11-26 21:29:59 ----RA---- C:\WINDOWS\SET6C.tmp
2010-11-26 21:29:57 ----RA---- C:\WINDOWS\SET69.tmp
2010-11-25 19:23:26 ----ASH---- C:\pagefile.sys
2010-11-21 07:55:00 ----D---- C:\Program Files\Hard Drive Inspector
2010-11-20 23:40:35 ----D---- C:\Program Files\FreeRapid
2010-11-20 12:29:59 ----D---- C:\Documents and Settings\Kaja\Data aplikací\QipGuard
2010-11-19 23:39:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2010-11-19 23:39:20 ----D---- C:\Program Files\IObit
2010-11-16 17:13:46 ----D---- C:\Documents and Settings\Kaja\Data aplikací\Opera
2010-11-16 17:13:38 ----D---- C:\Program Files\Opera
2010-11-06 20:21:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo
2010-11-06 19:14:58 ----D---- C:\Documents and Settings\Kaja\Data aplikací\VSO
2010-11-06 19:14:14 ----D---- C:\Program Files\VSO
2010-11-05 11:22:02 ----A---- C:\WINDOWS\system32\javaws.exe
2010-11-05 11:22:02 ----A---- C:\WINDOWS\system32\javaw.exe
2010-11-05 11:22:02 ----A---- C:\WINDOWS\system32\java.exe
2010-10-30 07:27:07 ----D---- C:\Documents and Settings\Kaja\Data aplikací\Intel
2010-10-30 07:27:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Intel

======List of files/folders modified in the last 1 months======

2010-11-27 11:43:22 ----D---- C:\WINDOWS\Temp
2010-11-27 11:43:21 ----RD---- C:\Program Files
2010-11-27 11:43:16 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-27 11:43:13 ----HD---- C:\WINDOWS\inf
2010-11-27 11:43:12 ----D---- C:\WINDOWS
2010-11-27 11:43:06 ----HD---- C:\WINDOWS\$hf_mig$
2010-11-27 11:43:03 ----D---- C:\Documents and Settings\Kaja\Data aplikací\uTorrent
2010-11-27 11:38:53 ----D---- C:\Documents and Settings\Kaja\Data aplikací\Skype
2010-11-27 11:37:06 ----D---- C:\WINDOWS\system32\inetsrv
2010-11-27 11:36:28 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-11-27 11:36:14 ----D---- C:\WINDOWS\system32
2010-11-27 11:30:05 ----D---- C:\WINDOWS\system32\drivers
2010-11-27 11:24:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-27 11:18:47 ----D---- C:\WINDOWS\system32\CatRoot
2010-11-27 11:18:35 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-11-27 11:12:36 ----D---- C:\Documents and Settings\Kaja\Data aplikací\skypePM
2010-11-27 11:10:41 ----D---- C:\Program Files\Qip
2010-11-27 11:07:29 ----D---- C:\WINDOWS\SoftwareDistribution
2010-11-27 11:07:27 ----D---- C:\WINDOWS\Help
2010-11-27 11:06:07 ----SHD---- C:\WINDOWS\Installer
2010-11-27 11:05:11 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-27 11:04:38 ----D---- C:\Program Files\Intel
2010-11-27 11:04:38 ----D---- C:\Program Files\Common Files
2010-11-27 10:14:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-26 23:50:48 ----D---- C:\Program Files\Google
2010-11-26 23:33:18 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-11-26 23:31:19 ----D---- C:\WINDOWS\Debug
2010-11-26 22:56:58 ----D---- C:\WINDOWS\security
2010-11-26 22:56:38 ----SH---- C:\boot.ini
2010-11-26 22:56:38 ----A---- C:\WINDOWS\win.ini
2010-11-26 22:56:38 ----A---- C:\WINDOWS\system.ini
2010-11-26 22:26:19 ----D---- C:\Program Files\Wireless Console 2
2010-11-26 22:11:05 ----D---- C:\WINDOWS\Registration
2010-11-26 22:10:55 ----D---- C:\Documents and Settings
2010-11-26 22:07:49 ----SHD---- C:\System Volume Information
2010-11-26 22:07:49 ----D---- C:\WINDOWS\system32\Restore
2010-11-26 22:02:02 ----D---- C:\WINDOWS\system32\config
2010-11-26 22:00:07 ----D---- C:\WINDOWS\repair
2010-11-26 21:55:20 ----A---- C:\WINDOWS\ODBCINST.INI
2010-11-26 21:55:08 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2010-11-26 21:55:04 ----D---- C:\WINDOWS\system32\ias
2010-11-26 21:54:32 ----RD---- C:\WINDOWS\Web
2010-11-26 21:54:20 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-11-26 21:53:50 ----D---- C:\WINDOWS\system32\oobe
2010-11-26 21:53:47 ----D---- C:\WINDOWS\srchasst
2010-11-26 21:53:43 ----D---- C:\Program Files\Windows Media Player
2010-11-26 21:53:27 ----D---- C:\Program Files\Movie Maker
2010-11-26 21:53:14 ----D---- C:\Program Files\NetMeeting
2010-11-26 21:53:09 ----D---- C:\Program Files\Outlook Express
2010-11-26 21:53:08 ----D---- C:\Program Files\Common Files\System
2010-11-26 21:52:52 ----D---- C:\Program Files\Internet Explorer
2010-11-26 21:52:09 ----D---- C:\WINDOWS\system32\wbem
2010-11-26 21:51:35 ----D---- C:\WINDOWS\system32\Com
2010-11-26 21:50:14 ----D---- C:\Program Files\Windows NT
2010-11-26 21:42:49 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-11-26 21:30:20 ----D---- C:\WINDOWS\system
2010-11-26 21:30:09 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-11-25 19:33:37 ----D---- C:\WINDOWS\system32\Setup
2010-11-25 19:33:22 ----D---- C:\WINDOWS\system32\usmt
2010-11-25 19:33:09 ----D---- C:\WINDOWS\AppPatch
2010-11-25 19:33:08 ----D---- C:\WINDOWS\ehome
2010-11-25 19:33:07 ----D---- C:\WINDOWS\ime
2010-11-25 19:33:05 ----RSD---- C:\WINDOWS\Fonts
2010-11-25 19:33:04 ----D---- C:\WINDOWS\Media
2010-11-25 19:32:41 ----D---- C:\WINDOWS\PeerNet
2010-11-25 19:32:21 ----D---- C:\WINDOWS\system32\npp
2010-11-25 19:32:10 ----D---- C:\WINDOWS\msagent
2010-11-25 19:27:50 ----D---- C:\WINDOWS\system32\1029
2010-11-25 19:27:31 ----D---- C:\WINDOWS\twain_32
2010-11-25 19:26:31 ----D---- C:\WINDOWS\system32\icsxml
2010-11-25 19:25:31 ----D---- C:\WINDOWS\system32\1033
2010-11-25 19:23:26 ----D---- C:\WINDOWS\WinSxS
2010-11-25 19:23:26 ----D---- C:\WINDOWS\Driver Cache
2010-11-25 19:02:46 ----A---- C:\WINDOWS\DUMP3aa7.tmp
2010-11-21 07:54:56 ----D---- C:\Program Files\Common Files\AltrixSoft
2010-11-20 23:27:20 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-20 16:40:32 ----D---- C:\Documents and Settings\Kaja\Data aplikací\ICQ
2010-11-20 16:39:28 ----D---- C:\Program Files\ICQ7.0
2010-11-20 00:00:25 ----SD---- C:\WINDOWS\Tasks
2010-11-19 11:58:47 ----D---- C:\Documents and Settings\Kaja\Data aplikací\AIMP
2010-11-18 19:36:47 ----D---- C:\Program Files\SystemRequirementsLab
2010-11-13 21:49:50 ----A---- C:\fftrlog.txt
2010-11-13 21:44:13 ----D---- C:\Program Files\Recepty doma
2010-11-10 17:41:34 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-10 17:41:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-11-06 19:09:21 ----D---- C:\Documents and Settings\Kaja\Data aplikací\ZoomBrowser EX
2010-11-06 17:34:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\ZoomBrowser
2010-11-05 11:21:58 ----D---- C:\Program Files\Java
2010-10-30 07:19:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-10-29 15:29:22 ----D---- C:\Program Files\Mozilla Thunderbird
2010-10-28 16:30:39 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hotcore3;hc3ServiceName; C:\WINDOWS\system32\DRIVERS\hotcore3.sys [2010-01-17 40560]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-18 61056]
R0 risdptsk;risdptsk; C:\WINDOWS\system32\DRIVERS\risdptsk.sys [2005-07-14 27904]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2010-06-17 169472]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-08-03 95896]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-18 223616]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2009-07-28 69480]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2010-01-17 385544]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2010-01-17 34392]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 MicroGuard;MicroGuard Copy Protection; \??\C:\WINDOWS\system32\drivers\mgnt.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-13 11904]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2010-06-10 44384]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-25 3565568]
R3 Cam5603D;BisonCam, NB Pro; C:\WINDOWS\System32\Drivers\BisonCam.sys [2005-04-18 646656]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-01-19 5818400]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-28 5760]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-10-26 4221952]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-07-06 234392]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-10-21 191936]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2009-06-17 46984]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-18 12416]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-18 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-18 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-18 274304]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-18 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys []
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\Kaja\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 cy2410B;HiVciUSB.sys, USB Driver for Hi-Diagnosis VCI; C:\WINDOWS\System32\Drivers\HiVciUSB.sys [2010-05-17 16768]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2010-03-30 58184]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2010-03-30 72520]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
S3 HIVMIUSB;HiVmiUSB.sys, USB Driver for Hi-Diagnosis VMI; C:\WINDOWS\System32\Drivers\HiVmiUSB.sys [2010-05-17 16032]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-18 10880]
S3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETwLx32.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys []
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys []
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys []
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys []
S3 NONDEVICEDRV;NONDEVICEDRV; C:\WINDOWS\system32\drivers\nondevicedrv.sys [2010-05-17 23488]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2004-10-25 17664]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-18 59648]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2007-05-14 445696]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-18 67584]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-18 11136]
S3 sffp_mmc;Ovladač protokolu úložiště SFF pro karty MMC; C:\WINDOWS\system32\DRIVERS\sffp_mmc.sys [2008-04-14 10240]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-18 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-18 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-18 15360]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2009-09-24 169320]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2009-06-11 36992]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2009-05-20 74368]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2009-07-24 21608]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2009-08-10 59888]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2009-09-14 49400]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2004-08-03 12672]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-18 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-18 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 26496]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-08-18 31744]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-25 602112]
R2 Autodata Limited License Service;Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [2010-05-16 68608]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-11-03 874768]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-17 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 lxdd_device;lxdd_device; C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-11-03 473360]
R2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2009-11-03 909312]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2009-10-21 148848]
R2 W3SVC;Publikování na webu; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-17 15872]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe /svc []
S2 HDDlife HDD Access service;HDDlife HDD Access service; C:\Program Files\Common Files\BinarySense\hldasvc.exe [2010-02-16 824640]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe []
S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-08-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 HDDSvc;HDD Information Service; C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe [2010-11-17 458488]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-02-26 652800]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe []
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[motji]

Dobrý večer

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[Kodlz]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 5203

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

28.11.2010 16:08:50
mbam-log-2010-11-28 (16-08-50).txt

Typ skenu: Úplný sken (C:\|D:\|E:\|)
Skenované objekty: 285985
Uplynulý čas: 2 hodina(y), 15 minuta(y), 29 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
D:\System Volume Information\_restore{9416BE2D-C68B-413A-9DBC-E66AC0327046}\RP278\A0104165.exe (RiskWare.Tool.CK) -> No action taken.

[motji]

Můžete smazat.

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

[Kodlz]

ComboFix 10-11-28.01 - Kaja 29.11.2010 17:42:36.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1410 [GMT 0:00]
Spuštěný z: d:\stahnute\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Cache

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-28 do 2010-11-29 )))))))))))))))))))))))))))))))
.

2010-11-28 02:58 . 2010-11-28 02:58 -------- d-----w- c:\documents and settings\Kaja\Data aplikací\Malwarebytes
2010-11-28 02:57 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-28 02:57 . 2010-11-28 02:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-28 02:57 . 2010-11-28 02:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-28 02:57 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-27 11:51 . 2010-11-27 11:51 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-11-27 11:47 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-27 11:46 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-27 11:45 . 2010-02-16 19:34 2060544 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-27 11:44 . 2010-02-16 19:34 2018816 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-27 11:44 . 2010-02-16 19:34 2183552 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-27 11:44 . 2010-02-16 19:34 2139136 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-27 11:43 . 2010-11-27 11:43 -------- d-----w- C:\rsit
2010-11-27 11:43 . 2010-11-27 11:43 -------- d-----w- c:\program files\trend micro
2010-11-27 11:05 . 2009-10-26 05:47 4221952 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-11-27 11:05 . 2008-06-20 09:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2010-11-27 11:05 . 2008-06-20 09:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2010-11-27 11:04 . 2010-11-27 11:04 -------- d-----w- c:\program files\Common Files\Intel
2010-11-27 10:59 . 2010-11-27 10:59 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2010-11-27 10:59 . 2010-11-27 10:59 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2010-11-27 10:59 . 2003-11-10 18:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2010-11-27 10:59 . 2003-11-10 18:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2010-11-27 10:59 . 2003-11-10 18:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2010-11-27 10:59 . 2003-11-10 18:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2010-11-27 10:59 . 2003-11-10 18:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2010-11-27 10:59 . 2009-02-25 15:15 593920 ----a-w- c:\windows\system32\ati2sgag.exe
2010-11-27 10:58 . 2010-11-27 10:59 -------- d-----w- c:\program files\ATI Technologies
2010-11-26 22:26 . 2005-10-17 17:09 987136 ----a-w- c:\windows\system32\wcourier.exe
2010-11-26 22:26 . 2010-11-26 22:26 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2010-11-26 22:26 . 2010-11-26 22:26 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2010-11-26 22:26 . 2004-07-16 00:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2010-11-26 22:26 . 2004-07-16 00:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2010-11-26 22:26 . 2004-07-16 00:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2010-11-26 22:26 . 2004-07-16 00:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2010-11-26 22:26 . 2004-07-16 00:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2010-11-26 21:57 . 2001-10-24 12:25 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2010-11-26 21:56 . 2001-10-25 12:00 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2010-11-26 21:53 . 2001-10-25 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-11-26 21:53 . 2001-10-25 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2010-11-26 21:53 . 2004-08-17 14:49 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2010-11-26 21:53 . 2004-08-17 14:49 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2010-11-26 21:52 . 2010-11-26 21:52 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-26 21:51 . 2010-11-26 21:51 -------- d-----w- C:\Inetpub
2010-11-26 21:50 . 2010-11-26 21:50 -------- d-----w- C:\iissamples
2010-11-26 21:50 . 2001-10-25 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-11-26 21:50 . 2007-06-26 08:29 365568 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
2010-11-26 21:50 . 2004-08-17 14:49 46592 -c--a-w- c:\windows\system32\dllcache\sspifilt.dll
2010-11-26 21:50 . 2004-08-17 14:49 8192 -c--a-w- c:\windows\system32\dllcache\httpmb51.dll
2010-11-26 21:50 . 2004-08-17 14:49 61440 -c--a-w- c:\windows\system32\dllcache\httpod51.dll
2010-11-26 21:50 . 2010-11-26 21:50 -------- d-----w- C:\AdminScripts
2010-11-26 21:50 . 2004-08-17 14:49 15872 -c--a-w- c:\windows\system32\dllcache\inetin51.exe
2010-11-26 21:50 . 2008-01-10 05:24 257024 -c--a-w- c:\windows\system32\dllcache\infocomm.dll
2010-11-26 21:49 . 2010-11-26 21:51 -------- d-----w- C:\gvci
2010-11-26 21:30 . 2001-10-25 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-11-26 21:30 . 2001-10-25 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-11-26 21:30 . 2001-10-25 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-11-26 21:30 . 2001-10-25 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-11-26 21:30 . 2004-08-17 15:46 14043 ----a-r- c:\windows\SET78.tmp
2010-11-26 21:29 . 2004-08-17 15:46 1086058 ----a-r- c:\windows\SET6C.tmp
2010-11-26 21:29 . 2004-08-17 15:50 1014483 ----a-r- c:\windows\SET69.tmp
2010-11-21 07:55 . 2010-11-21 08:02 -------- d-----w- c:\program files\Hard Drive Inspector
2010-11-20 23:40 . 2010-11-20 23:41 -------- d-----w- c:\program files\FreeRapid
2010-11-20 12:29 . 2010-11-20 12:29 -------- d-----w- c:\documents and settings\Kaja\Data aplikací\QipGuard
2010-11-20 12:29 . 2010-10-05 18:00 48080 ----a-w- c:\documents and settings\Kaja\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
2010-11-20 12:29 . 2010-10-05 18:00 140752 ----a-w- c:\documents and settings\Kaja\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
2010-11-19 23:39 . 2010-11-19 23:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2010-11-19 23:39 . 2010-11-19 23:39 -------- d-----w- c:\program files\IObit
2010-11-16 17:13 . 2010-11-16 17:13 -------- d-----w- c:\documents and settings\Kaja\Local Settings\Data aplikací\Opera
2010-11-16 17:13 . 2010-11-16 17:13 -------- d-----w- c:\program files\Opera
2010-11-06 20:21 . 2010-11-27 10:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo
2010-11-06 19:14 . 2010-11-06 19:15 -------- d-----w- c:\documents and settings\Kaja\Data aplikací\VSO
2010-11-06 19:14 . 2010-11-06 19:14 -------- d-----w- c:\program files\VSO

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-25 19:02 . 2010-01-24 18:33 102400 ----a-w- c:\windows\DUMP3aa7.tmp
2010-09-15 04:50 . 2010-04-28 10:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 02:29 . 2010-06-13 15:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 22:32 . 2010-09-10 22:32 214720 ----a-w- c:\windows\system32\PnkBstrB.xtr
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2010-09-26 328056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"RTHDCPL"="RTHDCPL.EXE" [2010-01-19 18790432]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kaja^Nabídka Start^Programy^Po spuštění^Stardock ObjectDock.lnk]
path=c:\documents and settings\Kaja\Nabídka Start\Programy\Po spuštění\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2010-08-12 13:16 2215064 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDInspector.exe]
2010-11-17 21:08 3190520 ----a-w- c:\program files\Hard Drive Inspector\HDInspector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2009-11-03 15:35 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2009-11-03 15:45 1372160 ----a-w- c:\program files\Intel\WiFi\bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
2004-09-19 18:27 65536 ----a-w- c:\program files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
2010-10-05 18:00 190928 ----a-w- c:\documents and settings\Kaja\Data aplikací\QipGuard\QipGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-25 15:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-26 08:03 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"OSSelectorReinstall"=c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"ITSecMng"=%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe"
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\AhnlabAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16.11.2009 9:06 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.8.2010 13:16 810144]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2.2.2010 19:30 99248]
R2 MicroGuard;MicroGuard Copy Protection;c:\windows\system32\drivers\mgnt.sys [16.5.2010 18:37 40480]
S0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [22.5.2010 15:05 40560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 gupdate;Služba Google Update (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe" --> c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.1.2010 20:53 1691480]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 9:58 11336]
S3 cy2410B;HiVciUSB.sys, USB Driver for Hi-Diagnosis VCI;c:\windows\system32\drivers\HiVciUSB.sys [15.5.2010 11:59 16768]
S3 HIVMIUSB;HiVmiUSB.sys, USB Driver for Hi-Diagnosis VMI;c:\windows\system32\drivers\HiVmiUSB.sys [15.5.2010 11:59 16032]
S3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit;c:\windows\system32\DRIVERS\NETwLx32.sys --> c:\windows\system32\DRIVERS\NETwLx32.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 NONDEVICEDRV;NONDEVICEDRV;c:\windows\system32\drivers\nondevicedrv.sys [15.5.2010 11:59 23488]
S3 sffp_mmc;Ovladač protokolu úložiště SFF pro karty MMC;c:\windows\system32\drivers\sffp_mmc.sys [24.1.2010 22:32 10240]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-28 c:\windows\Tasks\AdobeAAMUpdater-1.0-KODLL-Kaja.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-23 19:07]

2010-11-29 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {09910C34-59D2-4ED7-BFC3-59295B51918D} - hxxp://rsup.net/cab/rsupcomn.cab
FF - ProfilePath - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: ÄŚeskĂ© slovnĂ­ky pro kontrolu pravopisu: cs@dictionaries.addons.mozilla.org - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\cs@dictionaries.addons.mozilla.org
FF - Extension: Personas: personas@christopher.beard - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\personas@christopher.beard
FF - Extension: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Extension: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
FF - Extension: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Extension: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Extension: QuickDrag: quickdrag@mozilla.ktechcomputing.com - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\quickdrag@mozilla.ktechcomputing.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe
AddRemove-QIP Infium - c:\program files\Qip\unins003.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-29 17:46
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1168)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(1452)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
Celkový čas: 2010-11-29 17:50:17
ComboFix-quarantined-files.txt 2010-11-29 17:50

Před spuštěním: Volných bajtů: 56 851 636 224
Po spuštění: Volných bajtů: 58 435 780 608

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /tutag=icxrdm /kernel=tukernel.exe

- - End Of File - - 383DA039BBCDE95B6B352BD82262B042

[motji]

Tuto složku znáte?
C:\gvci


Tyto porty znáte, máte povolené umyslně?
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

[Kodlz]

tak to uz nevim k cemu ta slozka slouzila, kazdopadne asi neni dulezita tak jsem ji smazal.
a ty porty.... no tak to nevim.
ted si instaluji jiny firewall- COMODO...tak doufam ze mi pri nejhorsim pomuze.

[motji]

Ještě otestujte na www.virustotal.com
c:\windows\system32\drivers\nondevicedrv.sys

[Kodlz]

ten ovladac je cisty, nic to nenaslo.
jestli to je vsechno tak STRAAAASNE MOOOC dekuji za pomoc!

[motji]

Ještě domázneme ty porty

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"=-
"5000:TCP"=-
"5001:TCP"=-
"5002:TCP"=-
"5003:TCP"=-
"5004:TCP"=-
"5005:TCP"=-
"5006:TCP"=-
"5007:TCP"=-
"5008:TCP"=-
"5009:TCP"=-
"5010:TCP"=-
"5011:TCP"=-
"5012:TCP"=-
"5013:TCP"=-
"5014:TCP"=-
"5015:TCP"=-
"5016:TCP"=-
"5017:TCP"=-
"5018:TCP"=-
"5019:TCP"=-
"5020:TCP"=-
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\AhnlabAntiVirus]
"DisableMonitoring"=dword:00000000

DDS::
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie

Firefox::
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie

File::
c:\windows\SET78.tmp
c:\windows\SET6C.tmp
c:\windows\SET69.tmp

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[Kodlz]

ComboFix 10-11-28.01 - Kaja 29.11.2010 21:41:55.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1286 [GMT 0:00]
Spuštěný z: c:\documents and settings\Kaja\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kaja\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\windows\SET69.tmp"
"c:\windows\SET6C.tmp"
"c:\windows\SET78.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SET69.tmp
c:\windows\SET6C.tmp
c:\windows\SET78.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-28 do 2010-11-29 )))))))))))))))))))))))))))))))
.

2010-11-28 02:58 . 2010-11-28 02:58 -------- d-----w- c:\documents and settings\Kaja\Data aplikací\Malwarebytes
2010-11-28 02:57 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-28 02:57 . 2010-11-28 02:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-28 02:57 . 2010-11-28 02:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-28 02:57 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-27 11:51 . 2010-11-27 11:51 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-11-27 11:47 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-27 11:46 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-27 11:45 . 2010-02-16 19:34 2060544 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-27 11:44 . 2010-02-16 19:34 2018816 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-27 11:44 . 2010-02-16 19:34 2183552 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-27 11:44 . 2010-02-16 19:34 2139136 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-27 11:43 . 2010-11-27 11:43 -------- d-----w- C:\rsit
2010-11-27 11:43 . 2010-11-27 11:43 -------- d-----w- c:\program files\trend micro
2010-11-27 11:05 . 2009-10-26 05:47 4221952 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-11-27 11:05 . 2008-06-20 09:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2010-11-27 11:05 . 2008-06-20 09:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2010-11-27 11:04 . 2010-11-27 11:04 -------- d-----w- c:\program files\Common Files\Intel
2010-11-27 10:59 . 2010-11-27 10:59 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2010-11-27 10:59 . 2010-11-27 10:59 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2010-11-27 10:59 . 2003-11-10 18:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2010-11-27 10:59 . 2003-11-10 18:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2010-11-27 10:59 . 2003-11-10 18:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2010-11-27 10:59 . 2003-11-10 18:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2010-11-27 10:59 . 2003-11-10 18:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2010-11-27 10:59 . 2009-02-25 15:15 593920 ----a-w- c:\windows\system32\ati2sgag.exe
2010-11-27 10:58 . 2010-11-27 10:59 -------- d-----w- c:\program files\ATI Technologies
2010-11-26 22:26 . 2005-10-17 17:09 987136 ----a-w- c:\windows\system32\wcourier.exe
2010-11-26 22:26 . 2010-11-26 22:26 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2010-11-26 22:26 . 2010-11-26 22:26 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2010-11-26 22:26 . 2004-07-16 00:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2010-11-26 22:26 . 2004-07-16 00:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2010-11-26 22:26 . 2004-07-16 00:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2010-11-26 22:26 . 2004-07-16 00:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2010-11-26 22:26 . 2004-07-16 00:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2010-11-26 21:57 . 2001-10-24 12:25 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2010-11-26 21:56 . 2001-10-25 12:00 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2010-11-26 21:53 . 2001-10-25 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-11-26 21:53 . 2001-10-25 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2010-11-26 21:53 . 2004-08-17 14:49 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2010-11-26 21:53 . 2004-08-17 14:49 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2010-11-26 21:52 . 2010-11-26 21:52 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-26 21:51 . 2010-11-26 21:51 -------- d-----w- C:\Inetpub
2010-11-26 21:50 . 2010-11-26 21:50 -------- d-----w- C:\iissamples
2010-11-26 21:50 . 2001-10-25 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-11-26 21:50 . 2007-06-26 08:29 365568 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
2010-11-26 21:50 . 2004-08-17 14:49 46592 -c--a-w- c:\windows\system32\dllcache\sspifilt.dll
2010-11-26 21:50 . 2004-08-17 14:49 8192 -c--a-w- c:\windows\system32\dllcache\httpmb51.dll
2010-11-26 21:50 . 2004-08-17 14:49 61440 -c--a-w- c:\windows\system32\dllcache\httpod51.dll
2010-11-26 21:50 . 2010-11-26 21:50 -------- d-----w- C:\AdminScripts
2010-11-26 21:50 . 2004-08-17 14:49 15872 -c--a-w- c:\windows\system32\dllcache\inetin51.exe
2010-11-26 21:50 . 2008-01-10 05:24 257024 -c--a-w- c:\windows\system32\dllcache\infocomm.dll
2010-11-26 21:30 . 2001-10-25 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-11-26 21:30 . 2001-10-25 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-11-26 21:30 . 2001-10-25 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-11-26 21:30 . 2001-10-25 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-11-21 07:55 . 2010-11-21 08:02 -------- d-----w- c:\program files\Hard Drive Inspector
2010-11-20 23:40 . 2010-11-20 23:41 -------- d-----w- c:\program files\FreeRapid
2010-11-20 12:29 . 2010-11-20 12:29 -------- d-----w- c:\documents and settings\Kaja\Data aplikací\QipGuard
2010-11-20 12:29 . 2010-10-05 18:00 48080 ----a-w- c:\documents and settings\Kaja\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
2010-11-20 12:29 . 2010-10-05 18:00 140752 ----a-w- c:\documents and settings\Kaja\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
2010-11-19 23:39 . 2010-11-19 23:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2010-11-19 23:39 . 2010-11-19 23:39 -------- d-----w- c:\program files\IObit
2010-11-16 17:13 . 2010-11-16 17:13 -------- d-----w- c:\documents and settings\Kaja\Local Settings\Data aplikací\Opera
2010-11-16 17:13 . 2010-11-16 17:13 -------- d-----w- c:\program files\Opera
2010-11-06 20:21 . 2010-11-27 10:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo
2010-11-06 19:14 . 2010-11-06 19:15 -------- d-----w- c:\documents and settings\Kaja\Data aplikací\VSO
2010-11-06 19:14 . 2010-11-06 19:14 -------- d-----w- c:\program files\VSO

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-25 19:02 . 2010-01-24 18:33 102400 ----a-w- c:\windows\DUMP3aa7.tmp
2010-09-15 04:50 . 2010-04-28 10:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 02:29 . 2010-06-13 15:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 22:32 . 2010-09-10 22:32 214720 ----a-w- c:\windows\system32\PnkBstrB.xtr
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2010-09-26 328056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"RTHDCPL"="RTHDCPL.EXE" [2010-01-19 18790432]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kaja^Nabídka Start^Programy^Po spuštění^Stardock ObjectDock.lnk]
path=c:\documents and settings\Kaja\Nabídka Start\Programy\Po spuštění\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2010-08-12 13:16 2215064 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDInspector.exe]
2010-11-17 21:08 3190520 ----a-w- c:\program files\Hard Drive Inspector\HDInspector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2009-11-03 15:35 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2009-11-03 15:45 1372160 ----a-w- c:\program files\Intel\WiFi\bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
2004-09-19 18:27 65536 ----a-w- c:\program files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
2010-10-05 18:00 190928 ----a-w- c:\documents and settings\Kaja\Data aplikací\QipGuard\QipGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-25 15:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-26 08:03 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"OSSelectorReinstall"=c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"ITSecMng"=%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe"
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\AhnlabAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"DisableMonitoring"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16.11.2009 9:06 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.8.2010 13:16 810144]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2.2.2010 19:30 99248]
R2 MicroGuard;MicroGuard Copy Protection;c:\windows\system32\drivers\mgnt.sys [16.5.2010 18:37 40480]
S0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [22.5.2010 15:05 40560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 gupdate;Služba Google Update (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe" --> c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.1.2010 20:53 1691480]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 9:58 11336]
S3 cy2410B;HiVciUSB.sys, USB Driver for Hi-Diagnosis VCI;c:\windows\system32\drivers\HiVciUSB.sys [15.5.2010 11:59 16768]
S3 HIVMIUSB;HiVmiUSB.sys, USB Driver for Hi-Diagnosis VMI;c:\windows\system32\drivers\HiVmiUSB.sys [15.5.2010 11:59 16032]
S3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit;c:\windows\system32\DRIVERS\NETwLx32.sys --> c:\windows\system32\DRIVERS\NETwLx32.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 NONDEVICEDRV;NONDEVICEDRV;c:\windows\system32\drivers\nondevicedrv.sys [15.5.2010 11:59 23488]
S3 sffp_mmc;Ovladač protokolu úložiště SFF pro karty MMC;c:\windows\system32\drivers\sffp_mmc.sys [24.1.2010 22:32 10240]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-28 c:\windows\Tasks\AdobeAAMUpdater-1.0-KODLL-Kaja.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-23 19:07]

2010-11-29 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {09910C34-59D2-4ED7-BFC3-59295B51918D} - hxxp://rsup.net/cab/rsupcomn.cab
FF - ProfilePath - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: ÄŚeskĂ© slovnĂ­ky pro kontrolu pravopisu: cs@dictionaries.addons.mozilla.org - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\cs@dictionaries.addons.mozilla.org
FF - Extension: Personas: personas@christopher.beard - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\personas@christopher.beard
FF - Extension: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Extension: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
FF - Extension: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Extension: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Extension: QuickDrag: quickdrag@mozilla.ktechcomputing.com - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\zxstkek9.default\extensions\quickdrag@mozilla.ktechcomputing.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-29 21:48
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: TUKERNEL.EXE catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
c:\docume~1\Kaja\LOCALS~1\Temp\catchme.sys
1 TUKERNEL!IofCallDriver[0x804E13A7] -> \Device\Harddisk0\DR0[0x8A8D9AB8]
3 CLASSPNP[0xF766805B] -> TUKERNEL!IofCallDriver[0x804E13A7] -> \Device\00000094[0x8A970F18]
5 ACPI[0xF750E620] -> TUKERNEL!IofCallDriver[0x804E13A7] -> \Device\Ide\IdeDeviceP0T0L0-4[0x8A96F940]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1168)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\netprovcredman.dll
.
Celkový čas: 2010-11-29 21:51:43
ComboFix-quarantined-files.txt 2010-11-29 21:51
ComboFix2.txt 2010-11-29 17:50

Před spuštěním: Volných bajtů: 58 462 064 640
Po spuštění: Volných bajtů: 58 433 654 784

- - End Of File - - C7FEEF7A9265EB07C425EECB6DBFC969

[motji]

Mohla bych ještě něco prověřit? Combofixu se ted něco nelíbí.

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC


Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe
- spustte,
- potvrdte disabled
-log vložte zde



Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde [/quote]

[Kodlz]

omlouvam se ze jsem se chvilku neozval, ale pocitac muj problem, pokud tam jeste nejaky byl, vyresil po svem.... HDD se mi oporucal na pul cesty do vecnych lovist, takze sem byl nucen nainstalovat WINy na jiny HDD.
kazdopadne dekuji strasne moc za pomoc a uznavam obdiv za Vasi pomoc( myslim tim vsech, kteri pomahaji tady na foru), kterou poskytujete obycejnym neznalim lidem!!!!

[motji]

Není zač