Prosim o kontrolu logu po odstraneni haveti

[sacnok]

Logfile of random's system information tool 1.08 (written by random/random)
Run by PC-doma at 2011-01-16 19:04:16
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (24%) free of 31 GB
Total RAM: 2047 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:04:18, on 16.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\explorer.exe
F:\Install\Spyware\RSIT.exe
F:\Install\Spyware\PC-doma.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5288 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-01 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]

C:\Documents and Settings\PC-doma\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoLogOff"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"Windows Live Guards"="C:\Program Files\winlogon.exe"
"Zvpebfbsg Jvaqbjf Ubfgvat Freivpr"="C:\WINDOWS\csrssr.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2011-01-16 19:04:16 ----D---- C:\rsit
2011-01-16 14:10:10 ----D---- C:\WINDOWS\temp
2011-01-16 14:10:06 ----A---- C:\ComboFix.txt
2011-01-14 17:43:59 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-01-14 17:43:59 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-01-14 17:43:58 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-01-14 17:43:58 ----A---- C:\WINDOWS\system32\drivers\aswFW.sys
2011-01-14 17:43:42 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-01-14 17:43:42 ----A---- C:\WINDOWS\system32\drivers\aswNdis2.sys
2011-01-14 17:43:41 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-01-14 17:43:41 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-01-14 17:43:41 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-01-14 17:43:41 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-01-14 17:43:26 ----A---- C:\WINDOWS\system32\drivers\aswNdis.sys
2011-01-14 17:43:25 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-01-13 23:58:23 ----D---- C:\Documents and Settings\PC-doma\Data aplikací\Malwarebytes
2011-01-13 23:57:50 ----ASH---- C:\hiberfil.sys
2011-01-13 22:02:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2011-01-13 21:50:30 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-01-13 21:50:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-01-13 21:50:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-13 21:50:25 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-01-13 12:52:31 ----D---- C:\WINDOWS\ie8updates
2011-01-13 12:49:14 ----HDC---- C:\WINDOWS\ie8
2011-01-13 12:40:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2011-01-13 12:40:14 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2011-01-13 12:40:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2011-01-13 12:39:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2011-01-13 12:39:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2011-01-13 12:39:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2011-01-13 12:39:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2011-01-13 12:39:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2011-01-13 12:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2011-01-13 12:39:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2011-01-13 12:38:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2011-01-13 12:38:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2011-01-13 12:38:33 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2011-01-13 12:38:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2011-01-13 12:38:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2011-01-13 12:38:01 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2011-01-13 12:37:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2011-01-13 12:37:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2011-01-13 12:37:14 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2011-01-13 12:37:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2011-01-13 12:32:22 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2011-01-13 12:32:14 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2011-01-13 12:32:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2011-01-13 12:31:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-01-13 12:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2011-01-13 12:31:32 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2011-01-13 12:31:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2011-01-13 12:30:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2011-01-13 12:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2011-01-13 12:30:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2011-01-13 12:30:27 ----A---- C:\WINDOWS\imsins.BAK
2011-01-13 12:30:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2011-01-13 11:33:52 ----A---- C:\Boot.bak
2011-01-13 11:33:49 ----RASHD---- C:\cmdcons
2011-01-13 11:28:48 ----A---- C:\WINDOWS\zip.exe
2011-01-13 11:28:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-01-13 11:28:48 ----A---- C:\WINDOWS\SWSC.exe
2011-01-13 11:28:48 ----A---- C:\WINDOWS\SWREG.exe
2011-01-13 11:28:48 ----A---- C:\WINDOWS\sed.exe
2011-01-13 11:28:48 ----A---- C:\WINDOWS\PEV.exe
2011-01-13 11:28:48 ----A---- C:\WINDOWS\NIRCMD.exe
2011-01-13 11:28:48 ----A---- C:\WINDOWS\MBR.exe
2011-01-13 11:28:48 ----A---- C:\WINDOWS\grep.exe
2011-01-13 11:28:42 ----D---- C:\WINDOWS\ERDNT
2011-01-13 11:26:48 ----D---- C:\Qoobox
2011-01-13 11:16:27 ----A---- C:\WINDOWS\ntbtlog.txt
2011-01-13 11:00:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-13 08:06:00 ----D---- C:\Program Files\UPM
2011-01-12 20:58:18 ----A---- C:\WINDOWS\system32\tmp.txt
2011-01-12 20:58:11 ----A---- C:\rapport.txt
2011-01-12 20:51:29 ----HD---- C:\WINDOWS\system32\GroupPolicy
2011-01-12 16:33:42 ----D---- C:\WINDOWS\Prefetch
2011-01-12 11:24:07 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2011-01-12 11:23:11 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2011-01-12 11:22:16 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2011-01-12 11:21:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2011-01-12 11:20:31 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2011-01-12 11:19:33 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2011-01-12 11:18:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2011-01-12 11:17:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2011-01-12 11:16:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2011-01-12 11:16:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2011-01-12 11:15:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2011-01-12 11:14:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2011-01-12 11:13:20 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2011-01-12 11:12:24 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2011-01-12 11:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2011-01-12 11:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2011-01-12 11:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2011-01-12 11:08:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2011-01-12 11:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2011-01-12 11:06:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2011-01-12 11:06:08 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2011-01-12 11:05:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2011-01-12 11:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2011-01-12 11:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2011-01-12 11:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2011-01-12 11:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2011-01-12 11:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2011-01-12 11:00:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2011-01-12 10:59:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2011-01-12 10:58:01 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2011-01-12 10:57:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2011-01-12 10:56:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2011-01-12 10:55:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2011-01-12 10:54:16 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2011-01-12 10:53:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2011-01-12 10:52:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2011-01-12 10:51:27 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2011-01-12 10:50:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2011-01-12 10:49:37 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2011-01-12 10:48:44 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2011-01-12 10:47:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2011-01-12 10:46:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2011-01-12 10:45:29 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2011-01-12 10:44:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2011-01-12 10:43:39 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2011-01-12 10:42:44 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2011-01-12 10:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2011-01-12 10:40:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2011-01-12 10:39:57 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2011-01-12 10:39:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2011-01-12 10:38:11 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2011-01-12 10:37:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2011-01-12 10:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2011-01-12 10:35:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2011-01-12 10:34:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2011-01-12 10:33:48 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2011-01-12 10:32:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2011-01-12 10:31:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2011-01-12 10:30:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2011-01-12 10:29:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2011-01-12 10:27:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2011-01-12 10:26:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2011-01-12 10:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2011-01-12 10:23:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2011-01-12 10:22:48 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_1$
2011-01-12 10:21:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2011-01-12 10:21:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2011-01-12 10:20:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2011-01-12 10:19:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2011-01-12 10:18:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2011-01-12 10:17:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2011-01-12 10:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2011-01-12 10:15:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2011-01-12 10:14:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2011-01-12 10:13:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2011-01-12 10:13:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2011-01-12 10:12:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2011-01-12 10:11:19 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2011-01-12 10:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2011-01-12 10:09:37 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2011-01-12 10:08:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2011-01-12 10:04:37 ----N---- C:\WINDOWS\system32\smtpapi.dll
2011-01-12 10:04:37 ----N---- C:\WINDOWS\system32\rwnh.dll
2011-01-12 10:04:37 ----N---- C:\WINDOWS\system32\drivers\irbus.sys
2011-01-12 10:04:37 ----N---- C:\WINDOWS\system32\comsdupd.exe
2011-01-12 10:04:34 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2011-01-12 10:04:34 ----N---- C:\WINDOWS\system32\dot3api.dll
2011-01-12 10:04:34 ----N---- C:\WINDOWS\system32\dimsroam.dll
2011-01-12 10:04:34 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2011-01-12 10:04:34 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2011-01-12 10:04:34 ----N---- C:\WINDOWS\system32\credssp.dll
2011-01-12 10:04:34 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2011-01-12 10:04:34 ----N---- C:\WINDOWS\system32\azroles.dll
2011-01-12 10:04:34 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2011-01-12 10:04:34 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2011-01-12 10:04:34 ----N---- C:\WINDOWS\system32\ati3duag.dll
2011-01-12 10:04:34 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2011-01-12 10:04:34 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2011-01-12 10:04:34 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2011-01-12 10:04:34 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2011-01-12 10:04:34 ----N---- C:\WINDOWS\system32\aaclient.dll
2011-01-12 10:04:33 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2011-01-12 10:04:33 ----N---- C:\WINDOWS\system32\eapsvc.dll
2011-01-12 10:04:33 ----N---- C:\WINDOWS\system32\eapqec.dll
2011-01-12 10:04:33 ----N---- C:\WINDOWS\system32\eappprxy.dll
2011-01-12 10:04:33 ----N---- C:\WINDOWS\system32\eapphost.dll
2011-01-12 10:04:33 ----N---- C:\WINDOWS\system32\eappgnui.dll
2011-01-12 10:04:33 ----N---- C:\WINDOWS\system32\eappcfg.dll
2011-01-12 10:04:33 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2011-01-12 10:04:33 ----N---- C:\WINDOWS\system32\eapolqec.dll
2011-01-12 10:04:33 ----N---- C:\WINDOWS\system32\dot3ui.dll
2011-01-12 10:04:33 ----N---- C:\WINDOWS\system32\dot3svc.dll
2011-01-12 10:04:33 ----N---- C:\WINDOWS\system32\dot3msm.dll
2011-01-12 10:04:33 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2011-01-12 10:04:33 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2011-01-12 10:04:32 ----N---- C:\WINDOWS\system32\kbdpash.dll
2011-01-12 10:04:32 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2011-01-12 10:04:32 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2011-01-12 10:04:32 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2011-01-12 10:04:31 ----N---- C:\WINDOWS\system32\mmcperf.exe
2011-01-12 10:04:31 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2011-01-12 10:04:31 ----N---- C:\WINDOWS\system32\mmcex.dll
2011-01-12 10:04:31 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2011-01-12 10:04:31 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2011-01-12 10:04:31 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2011-01-12 10:04:31 ----N---- C:\WINDOWS\system32\kmsvc.dll
2011-01-12 10:04:30 ----N---- C:\WINDOWS\system32\onex.dll
2011-01-12 10:04:30 ----N---- C:\WINDOWS\system32\napstat.exe
2011-01-12 10:04:30 ----N---- C:\WINDOWS\system32\napmontr.dll
2011-01-12 10:04:30 ----N---- C:\WINDOWS\system32\napipsec.dll
2011-01-12 10:04:30 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2011-01-12 10:04:30 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2011-01-12 10:04:30 ----N---- C:\WINDOWS\system32\mssha.dll
2011-01-12 10:04:29 ----N---- C:\WINDOWS\system32\slserv.exe
2011-01-12 10:04:29 ----N---- C:\WINDOWS\system32\slrundll.exe
2011-01-12 10:04:29 ----N---- C:\WINDOWS\system32\slgen.dll
2011-01-12 10:04:29 ----N---- C:\WINDOWS\system32\slextspk.dll
2011-01-12 10:04:29 ----N---- C:\WINDOWS\system32\slcoinst.dll
2011-01-12 10:04:29 ----N---- C:\WINDOWS\system32\setupn.exe
2011-01-12 10:04:29 ----N---- C:\WINDOWS\system32\s3gnb.dll
2011-01-12 10:04:29 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2011-01-12 10:04:29 ----N---- C:\WINDOWS\system32\rasqec.dll
2011-01-12 10:04:29 ----N---- C:\WINDOWS\system32\qutil.dll
2011-01-12 10:04:29 ----N---- C:\WINDOWS\system32\qcliprov.dll
2011-01-12 10:04:29 ----N---- C:\WINDOWS\system32\qagentrt.dll
2011-01-12 10:04:29 ----N---- C:\WINDOWS\system32\qagent.dll
2011-01-12 10:04:28 ----N---- C:\WINDOWS\system32\tspkg.dll
2011-01-12 10:04:28 ----N---- C:\WINDOWS\system32\tsgqec.dll
2011-01-12 10:04:27 ----N---- C:\WINDOWS\system32\wlanapi.dll
2011-01-12 10:04:26 ----N---- C:\WINDOWS\slrundll.exe
2011-01-12 10:04:25 ----D---- C:\WINDOWS\system32\cs
2011-01-12 10:04:25 ----D---- C:\WINDOWS\system32\bits
2011-01-12 10:04:25 ----D---- C:\WINDOWS\l2schemas
2011-01-12 10:00:20 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys
2011-01-12 10:00:20 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys
2011-01-12 10:00:20 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys
2011-01-12 10:00:20 ----N---- C:\WINDOWS\system32\drivers\agp440.sys
2011-01-12 10:00:20 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2011-01-12 10:00:20 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2011-01-12 10:00:20 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2011-01-12 10:00:20 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2011-01-12 10:00:20 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2011-01-12 10:00:20 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2011-01-12 10:00:20 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2011-01-12 10:00:19 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2011-01-12 10:00:18 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2011-01-12 10:00:18 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2011-01-12 10:00:18 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2011-01-12 10:00:18 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2011-01-12 10:00:18 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2011-01-12 10:00:18 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2011-01-12 10:00:18 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2011-01-12 10:00:18 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2011-01-12 10:00:18 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys
2011-01-12 10:00:18 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2011-01-12 10:00:17 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2011-01-12 10:00:17 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2011-01-12 10:00:17 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2011-01-12 10:00:17 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2011-01-12 10:00:17 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2011-01-12 10:00:17 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys
2011-01-12 10:00:17 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2011-01-12 10:00:17 ----N---- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2011-01-12 10:00:17 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2011-01-12 10:00:17 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2011-01-12 10:00:17 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2011-01-12 10:00:17 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2011-01-12 10:00:17 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2011-01-12 10:00:17 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2011-01-12 10:00:17 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2011-01-12 10:00:17 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2011-01-12 10:00:17 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2011-01-12 10:00:16 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2011-01-12 10:00:16 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2011-01-12 10:00:16 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2011-01-12 10:00:16 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2011-01-12 10:00:16 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2011-01-12 10:00:16 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2011-01-12 10:00:16 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2011-01-12 10:00:16 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys
2011-01-12 10:00:16 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2011-01-12 10:00:16 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys
2011-01-12 10:00:16 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2011-01-12 10:00:16 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys
2011-01-12 09:58:29 ----A---- C:\WINDOWS\002999_.tmp
2011-01-12 09:55:54 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2011-01-12 09:09:32 ----SHD---- C:\WINDOWS\CSC
2011-01-12 08:06:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2011-01-04 12:31:37 ----A---- C:\Documents and Settings\PC-doma\Data aplikací\google__z5[s4_4]rk-h.tmp
2010-12-25 05:47:35 ----A---- C:\Documents and Settings\PC-doma\Data aplikací\google__s5[z4_4]rk-h.tmp
2010-12-24 10:57:26 ----A---- C:\Documents and Settings\PC-doma\Data aplikací\google_z5[s4_4]rk-h.tmp
2010-12-24 10:57:11 ----AH---- C:\Documents and Settings\PC-doma\Data aplikací\bd6hcDLD0G.txt
2010-12-19 05:35:18 ----D---- C:\Program Files\KAZAA
2010-12-19 05:35:18 ----D---- C:\My Downloads
2010-12-19 05:35:18 ----A---- C:\Documents and Settings\PC-doma\Data aplikací\google_s5[z4_4]rk-h.tmp
2010-12-18 13:16:34 ----D---- C:\directory
2010-12-18 13:06:27 ----A---- C:\Documents and Settings\All Users\Data aplikací\Sys32c.exe
2010-12-17 23:17:07 ----D---- C:\WINDOWS\Minidump
2010-12-17 16:41:29 ----A---- C:\Documents and Settings\PC-doma\Data aplikací\PC-doma3SQLite3.dll

======List of files/folders modified in the last 1 months======

2011-01-16 19:03:54 ----A---- C:\WINDOWS\wincmd.ini
2011-01-16 14:10:10 ----D---- C:\WINDOWS
2011-01-16 14:07:16 ----A---- C:\WINDOWS\system.ini
2011-01-16 14:04:18 ----D---- C:\WINDOWS\system32\drivers
2011-01-16 14:04:18 ----D---- C:\WINDOWS\system32
2011-01-16 14:04:18 ----D---- C:\WINDOWS\AppPatch
2011-01-16 14:04:15 ----D---- C:\Program Files\Common Files
2011-01-16 13:59:15 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-14 17:44:58 ----D---- C:\WINDOWS\system32\CatRoot
2011-01-14 17:43:52 ----HD---- C:\WINDOWS\inf
2011-01-14 17:43:36 ----SHD---- C:\WINDOWS\Installer
2011-01-14 17:43:34 ----D---- C:\WINDOWS\WinSxS
2011-01-14 17:43:33 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-01-14 16:17:16 ----D---- C:\Program Files\Outlook Express
2011-01-14 16:07:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$
2011-01-14 00:08:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-01-14 00:06:20 ----D---- C:\WINDOWS\system32\appmgmt
2011-01-13 23:44:54 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2011-01-13 21:50:25 ----RD---- C:\Program Files
2011-01-13 20:30:09 ----D---- C:\WINDOWS\system32\drivers\etc
2011-01-13 13:43:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-13 13:43:16 ----HD---- C:\WINDOWS\$hf_mig$
2011-01-13 13:12:38 ----D---- C:\WINDOWS\Microsoft.NET
2011-01-13 13:12:35 ----RSD---- C:\WINDOWS\assembly
2011-01-13 12:56:07 ----D---- C:\WINDOWS\system32\cs-cz
2011-01-13 12:56:06 ----D---- C:\WINDOWS\Media
2011-01-13 12:56:06 ----D---- C:\WINDOWS\Help
2011-01-13 12:56:06 ----D---- C:\Program Files\Internet Explorer
2011-01-13 12:47:43 ----D---- C:\WINDOWS\Debug
2011-01-13 12:36:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-01-13 12:31:34 ----D---- C:\Program Files\Movie Maker
2011-01-13 12:31:02 ----D---- C:\WINDOWS\ie7updates
2011-01-13 11:56:03 ----SD---- C:\WINDOWS\Tasks
2011-01-13 11:54:26 ----D---- C:\Program Files\ICQ6.5
2011-01-13 11:54:25 ----SD---- C:\Documents and Settings\PC-doma\Data aplikací\Microsoft
2011-01-13 11:33:52 ----RASH---- C:\boot.ini
2011-01-13 11:28:47 ----SHD---- C:\System Volume Information
2011-01-13 11:28:47 ----D---- C:\WINDOWS\system32\Restore
2011-01-13 03:00:21 ----A---- C:\WINDOWS\system32\MRT.exe
2011-01-12 16:32:41 ----D---- C:\WINDOWS\system32\wbem
2011-01-12 16:32:41 ----D---- C:\WINDOWS\system32\Setup
2011-01-12 16:32:40 ----RSD---- C:\WINDOWS\Fonts
2011-01-12 10:13:44 ----D---- C:\WINDOWS\security
2011-01-12 10:11:32 ----D---- C:\Program Files\Messenger
2011-01-12 10:04:38 ----D---- C:\WINDOWS\ehome
2011-01-12 10:04:37 ----D---- C:\WINDOWS\system32\inetsrv
2011-01-12 10:04:36 ----D---- C:\WINDOWS\network diagnostic
2011-01-12 10:04:36 ----D---- C:\WINDOWS\ime
2011-01-12 10:04:26 ----D---- C:\WINDOWS\system32\usmt
2011-01-12 10:04:25 ----D---- C:\WINDOWS\PeerNet
2011-01-12 10:02:13 ----D---- C:\WINDOWS\ServicePackFiles
2011-01-12 10:02:03 ----D---- C:\WINDOWS\system32\npp
2011-01-12 10:02:02 ----D---- C:\WINDOWS\msagent
2011-01-12 10:02:01 ----D---- C:\WINDOWS\srchasst
2011-01-12 10:02:00 ----D---- C:\Program Files\NetMeeting
2011-01-12 10:01:59 ----D---- C:\WINDOWS\system32\Com
2011-01-12 10:01:57 ----D---- C:\Program Files\Windows NT
2011-01-12 10:01:57 ----D---- C:\Program Files\Windows Media Player
2011-01-12 10:01:53 ----D---- C:\Program Files\Common Files\System
2011-01-12 10:01:39 ----D---- C:\WINDOWS\system32\oobe
2011-01-12 10:01:38 ----D---- C:\WINDOWS\system
2011-01-12 09:58:26 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-01-12 09:32:01 ----D---- C:\Program Files\Reganam
2011-01-12 09:27:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-01-12 08:06:09 ----D---- C:\Program Files\Alwil Software
2010-12-27 21:28:35 ----D---- C:\Documents and Settings\PC-doma\Data aplikací\ICQ
2010-12-25 06:02:04 ----D---- C:\Program Files\rajce
2010-12-22 09:00:32 ----D---- C:\Documents and Settings\PC-doma\Data aplikací\U3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdis;avast! Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\aswNdis.sys [2011-01-13 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service; C:\WINDOWS\system32\drivers\aswNdis2.sys [2011-01-13 189904]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 aswFW;avast! TDI Firewall driver; C:\WINDOWS\system32\drivers\aswFW.sys [2011-01-13 99792]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-01-13 357968]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R3 catchme;catchme; \??\C:\DOCUME~1\VCLAVP~1\LOCALS~1\Temp\catchme.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-01-30 4725760]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-04-14 94592]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-14 20352]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-03-06 1669664]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-03-06 2261792]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-03-06 41376]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-03-06 14240]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-03-06 1273504]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SER120;OTI Serial port driver; C:\WINDOWS\system32\DRIVERS\SER120.sys [2005-03-22 32910]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
S2 avast! Firewall;avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [2011-01-13 119200]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-03-06 105248]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]

-----------------EOF-----------------

[vyosek]

Zdravim a pekny vecer preji

Ten ComboFix jste provadel sam, log jste si dolustil a vycistil pomoci skriptu s prikazy

[sacnok]

Ano, nekolikrat jsem to projel Combofixem, co nasel to jsem nechal odstanit - sam jsem nevytvarel zadny skript, pak jsem to nechal nekolikrat projet Malwarebytes a Avastem po restartu systemu, akorat si nejsem jisty jestli je vse v poradku. Moc se v tom nevyznam

[vyosek]

Nekolikanasobne pouziti CFka je zbytecne - nesmaze nic navic nez poprve, jelikoz je jeho log treba dolustit

Navic CFko neni hracka - vizte nize

Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Zabalte mi celou slozku c:\qoobox a uploadnete mi ji na http://vyosek.ic.cz/havet/uploader.php

MBAM neco nasel - poprosim abyste mi vytahljeho logy - zalozka protokoly a taktez uploadl na muj uploader - zabalene v jednom raru

Pak budem pokracovat

[sacnok]

Dobry den, mate to tam nahrano

[vyosek]

Pro prehlednost si sem log z CF vlozim

ComboFix 11-01-12.04 - Václav Podstavek 13.01.2011 20:23:55.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1662 [GMT 1:00]
Spuštěný z: f:\install\Spyware\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\install
c:\windows\system32\install\windefender.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-13 do 2011-01-13 )))))))))))))))))))))))))))))))
.

2011-01-13 11:58 . 2011-01-13 11:58 -------- d-sh--w- c:\documents and settings\Václav Podstavek\IECompatCache
2011-01-13 11:58 . 2011-01-13 11:58 -------- d-sh--w- c:\documents and settings\Václav Podstavek\PrivacIE
2011-01-13 11:56 . 2011-01-13 11:56 -------- d-sh--w- c:\documents and settings\Václav Podstavek\IETldCache
2011-01-13 11:49 . 2011-01-13 11:51 -------- dc-h--w- c:\windows\ie8
2011-01-13 11:46 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-01-13 11:46 . 2010-11-06 00:23 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-01-13 11:46 . 2010-11-06 00:23 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-13 11:46 . 2010-11-06 00:23 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-13 07:06 . 2011-01-13 10:09 -------- d-----w- c:\program files\UPM
2011-01-13 03:37 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-13 03:37 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-13 03:37 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-13 03:36 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-13 03:34 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-12 19:51 . 2011-01-12 19:51 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-01-12 09:00 . 2008-04-14 07:51 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2011-01-12 08:58 . 2006-12-28 23:31 19569 ----a-w- c:\windows\002999_.tmp
2011-01-05 09:35 . 2011-01-05 09:35 201216 ----a-w- c:\documents and settings\Václav Podstavek\Data aplikací\.exe
2011-01-04 11:31 . 2011-01-04 11:31 9 ----a-w- c:\documents and settings\Václav Podstavek\Data aplikací\google__z5[s4_4]rk-h.tmp
2010-12-25 04:47 . 2010-12-25 04:47 9 ----a-w- c:\documents and settings\Václav Podstavek\Data aplikací\google__s5[z4_4]rk-h.tmp
2010-12-24 09:57 . 2010-12-24 09:57 9 ----a-w- c:\documents and settings\Václav Podstavek\Data aplikací\google_z5[s4_4]rk-h.tmp
2010-12-21 04:40 . 2010-12-21 04:40 109248 ----a-w- c:\documents and settings\Václav Podstavek\Data aplikací\MSWINSCK.OCX
2010-12-19 05:02 . 2011-01-04 06:26 61440 ----a-w- c:\documents and settings\Václav Podstavek\Data aplikací\phqghumeaylnlfdxfirc.exe
2010-12-19 04:35 . 2010-12-19 04:35 9 ----a-w- c:\documents and settings\Václav Podstavek\Data aplikací\google_s5[z4_4]rk-h.tmp
2010-12-19 04:35 . 2010-12-19 04:35 -------- d-----w- c:\program files\KAZAA
2010-12-19 04:35 . 2010-12-19 04:35 -------- d-----w- C:\My Downloads
2010-12-18 12:16 . 2011-01-13 10:54 -------- d-----w- C:\directory
2010-12-18 12:06 . 2010-12-18 12:06 462848 ----a-w- c:\documents and settings\All Users\Data aplikací\Sys32c.exe
2010-12-18 12:06 . 2010-12-18 12:06 462848 ----a-w- c:\program files\Outlook Express\Ganja136.exe
2010-12-18 11:59 . 2010-12-18 11:59 647168 ---h--w- c:\program files\Outlook Express\Ganja155.exe
2010-12-17 15:41 . 2010-12-17 15:41 57257 ----a-w- c:\documents and settings\Václav Podstavek\Data aplikací\Václav Podstavek3SQLite3.dll
2010-12-17 09:13 . 2010-12-17 09:13 677888 --sh--w- C:\SecurityUSB.exe
2010-12-17 09:13 . 2010-12-17 09:13 677888 ---h--w- c:\program files\Outlook Express\Ganja77.exe
2010-12-17 07:20 . 2010-12-17 07:20 91648 ----a-w- c:\program files\Outlook Express\Ganja123.exe
2010-12-17 05:23 . 2010-12-17 05:23 106496 ----a-w- C:\slide.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-19 15:38 . 2010-11-19 15:38 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-18 18:15 . 2008-05-25 08:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2008-05-25 10:31 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:23 . 2008-05-25 10:31 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2008-05-25 10:31 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2008-05-25 10:31 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2008-05-25 10:31 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-05-25 10:31 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2008-05-25 10:31 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2008-05-25 10:31 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot_2011-01-13_12.29.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-12 07:06 . 2011-01-13 08:40 47440 c:\windows\system32\drivers\aswTdi.sys
+ 2011-01-12 07:06 . 2011-01-13 08:37 23632 c:\windows\system32\drivers\aswRdr.sys
- 2011-01-12 07:06 . 2010-09-07 15:47 94544 c:\windows\system32\drivers\aswmon.sys
+ 2011-01-12 07:06 . 2011-01-13 08:39 94544 c:\windows\system32\drivers\aswmon.sys
+ 2011-01-12 07:06 . 2011-01-13 08:42 99792 c:\windows\system32\drivers\aswFW.sys
- 2011-01-12 07:06 . 2010-09-07 15:54 99792 c:\windows\system32\drivers\aswFW.sys
+ 2011-01-12 07:06 . 2011-01-13 08:37 17744 c:\windows\system32\drivers\aswFsBlk.sys
- 2011-01-12 07:06 . 2010-09-07 15:47 17744 c:\windows\system32\drivers\aswFsBlk.sys
+ 2011-01-12 07:06 . 2011-01-13 08:37 29392 c:\windows\system32\drivers\aavmker4.sys
+ 2011-01-12 07:06 . 2011-01-13 08:47 38848 c:\windows\avastSS.scr
- 2011-01-12 07:06 . 2010-09-07 16:12 38848 c:\windows\avastSS.scr
- 2008-05-25 10:31 . 2009-03-08 03:33 420352 c:\windows\system32\vbscript.dll
+ 2008-05-25 10:31 . 2010-03-10 06:17 420352 c:\windows\system32\vbscript.dll
+ 2008-05-25 10:31 . 2009-12-09 05:55 726528 c:\windows\system32\jscript.dll
- 2008-05-25 10:31 . 2009-03-08 03:33 726528 c:\windows\system32\jscript.dll
+ 2011-01-12 07:06 . 2011-01-13 08:41 294608 c:\windows\system32\drivers\aswSP.sys
+ 2011-01-12 07:06 . 2011-01-13 08:41 357968 c:\windows\system32\drivers\aswSnx.sys
+ 2011-01-12 07:06 . 2011-01-13 08:41 189904 c:\windows\system32\drivers\aswNdis2.sys
- 2011-01-12 07:06 . 2010-09-07 15:47 100176 c:\windows\system32\drivers\aswmon2.sys
+ 2011-01-12 07:06 . 2011-01-13 08:40 100176 c:\windows\system32\drivers\aswmon2.sys
+ 2008-05-25 10:31 . 2010-03-10 06:17 420352 c:\windows\system32\dllcache\vbscript.dll
- 2008-05-25 10:31 . 2009-03-08 03:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2008-05-25 10:31 . 2009-12-09 05:55 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-05-25 10:31 . 2009-03-08 03:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2011-01-12 07:06 . 2011-01-13 08:47 188216 c:\windows\system32\aswBoot.exe
+ 2011-01-13 12:43 . 2009-03-08 03:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2011-01-13 12:43 . 2009-05-26 11:40 391032 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2011-01-13 12:43 . 2009-05-26 11:40 233848 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2011-01-13 12:43 . 2008-07-08 12:59 391032 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2011-01-13 12:43 . 2008-07-08 12:59 233848 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2011-01-13 12:43 . 2009-06-22 06:48 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2011-01-13 12:43 . 2008-07-08 12:59 391032 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2011-01-13 12:43 . 2008-07-08 12:59 233848 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2011-01-13 12:43 . 2009-03-08 03:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-01-13 08:47 120712 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"41LD658U-V516-Q42C-Q27Q-J022TT44ILP2"="c:\windows\system32\install\windefender.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"7SO3S6G5-8HF6-WLUY-54VQ-PAD330G5K1JP"="c:\windows\system32\install\windefender.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\V clav Podstavek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
windefender.exe [2005-10-19 301056]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"Windows Update System"= c:\documents and settings\Václav Podstavek\Data aplikací\reader.exe
"Windows Live Guards"= c:\program files\winlogon.exe
"Zvpebfbsg Jvaqbjf Ubfgvat Freivpr"= c:\windows\csrssr.exe
"Microsoft Windows Hosting Service Login"= c:\docume~1\VCLAVP~1\LOCALS~1\Temp\explorer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [12.1.2011 8:06 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [12.1.2011 8:06 189904]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [12.1.2011 8:06 99792]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12.1.2011 8:06 357968]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.1.2011 8:06 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.1.2011 8:06 17744]
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [12.1.2011 8:06 119200]
S3 SER120;OTI Serial port driver;c:\windows\system32\drivers\ser120.sys [9.1.2009 18:56 32910]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 20:30
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2011-01-13 20:32:56
ComboFix-quarantined-files.txt 2011-01-13 19:32
ComboFix2.txt 2011-01-13 19:14
ComboFix3.txt 2011-01-13 12:31
ComboFix4.txt 2011-01-13 10:56

Před spuštěním: 8 090 247 168
Po spuštění: 8 073 781 248

- - End Of File - - D4B907E0B0EDBDC9F1A14FD605B679FA

[vyosek]

Log zaliskany haveti jak jetel To jsou ty svevolne pouziti CFka bez zkusenosti s logem

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Collect::
  c:\documents and settings\Václav Podstavek\Data aplikací\.exe
  c:\documents and settings\Václav Podstavek\Data aplikací\phqghumeaylnlfdxfirc.exe
  c:\documents and settings\All Users\Data aplikací\Sys32c.exe
  c:\program files\Outlook Express\Ganja136.exe
  c:\program files\Outlook Express\Ganja155.exe
  c:\program files\Outlook Express\Ganja77.exe
  c:\program files\Outlook Express\Ganja123.exe
  c:\windows\system32\install\windefender.exe
  c:\documents and settings\Václav Podstavek\Data aplikací\reader.exe
  c:\program files\winlogon.exe
  c:\windows\csrssr.exe
  c:\docume~1\VCLAVP~1\LOCALS~1\Temp\explorer.exe
  
  
  File::
  c:\windows\002999_.tmp
  c:\documents and settings\Václav Podstavek\Data aplikací\google__z5[s4_4]rk-h.tmp
  c:\documents and settings\Václav Podstavek\Data aplikací\google__s5[z4_4]rk-h.tmp
  c:\documents and settings\Václav Podstavek\Data aplikací\google_z5[s4_4]rk-h.tmp
  
  Folder::
  c:\program files\SweetIM
  
  Registry::
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "41LD658U-V516-Q42C-Q27Q-J022TT44ILP2"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "7SO3S6G5-8HF6-WLUY-54VQ-PAD330G5K1JP"=-
  [-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
  [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
  [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusOverride"=dword:00000000
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "Windows Update System"=-
  "Zvpebfbsg Jvaqbjf Ubfgvat Freivpr"=-
  "Windows Live Guards"=-
  "Microsoft Windows Hosting Service Login"=-

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[sacnok]

Viz nize nove vytvoreny log

ComboFix 11-01-16.04 - Václav Podstavek 17.01.2011 17:47:55.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1661 [GMT 1:00]
Spuštěný z: f:\install\Spyware\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Václav Podstavek\Plocha\CFScript.txt.txt
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\Václav Podstavek\Data aplikací\google__s5[z4_4]rk-h.tmp"
"c:\documents and settings\Václav Podstavek\Data aplikací\google__z5[s4_4]rk-h.tmp"
"c:\documents and settings\Václav Podstavek\Data aplikací\google_z5[s4_4]rk-h.tmp"
"c:\windows\002999_.tmp"

file zipped: c:\documents and settings\All Users\Data aplikací\Sys32c.exe
file zipped: c:\program files\Outlook Express\Ganja136.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Outlook Express\Ganja136.exe
c:\program files\SweetIM
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\mgAIMAuto.dll
c:\program files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgArchive.dll
c:\program files\SweetIM\Messenger\mgcommon.dll
c:\program files\SweetIM\Messenger\mgcommunication.dll
c:\program files\SweetIM\Messenger\mgconfig.dll
c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\mghooking.dll
c:\program files\SweetIM\Messenger\mgICQAuto.dll
c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgIEPlayer.dll
c:\program files\SweetIM\Messenger\mglogger.dll
c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgsimcommon.dll
c:\program files\SweetIM\Messenger\mgSweetIM.dll
c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\msvcr71.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Bookmarks_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Email_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Games_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Greetingcards_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Logo.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Mobile_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Music_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\News_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Shoping_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetimicons.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
c:\windows\002999_.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-17 do 2011-01-17 )))))))))))))))))))))))))))))))
.

2011-01-13 22:58 . 2011-01-13 22:58 -------- d-----w- c:\documents and settings\Václav Podstavek\Data aplikací\Malwarebytes
2011-01-13 20:50 . 2011-01-13 20:50 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-01-13 20:50 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-13 20:50 . 2011-01-13 20:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-01-13 20:50 . 2011-01-13 20:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-13 20:50 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-13 20:31 . 2011-01-13 20:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\GHISLER
2011-01-13 20:31 . 2011-01-13 20:31 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-01-13 11:58 . 2011-01-13 11:58 -------- d-sh--w- c:\documents and settings\Václav Podstavek\IECompatCache
2011-01-13 11:58 . 2011-01-13 11:58 -------- d-sh--w- c:\documents and settings\Václav Podstavek\PrivacIE
2011-01-13 11:56 . 2011-01-13 11:56 -------- d-sh--w- c:\documents and settings\Václav Podstavek\IETldCache
2011-01-13 11:49 . 2011-01-13 11:51 -------- dc-h--w- c:\windows\ie8
2011-01-13 11:46 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-01-13 11:46 . 2010-11-06 00:23 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-01-13 11:46 . 2010-11-06 00:23 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-13 11:46 . 2010-11-06 00:23 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-13 07:06 . 2011-01-13 10:09 -------- d-----w- c:\program files\UPM
2011-01-13 03:37 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-13 03:37 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-13 03:37 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-13 03:36 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-13 03:34 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-12 19:51 . 2011-01-12 19:51 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-01-12 09:00 . 2008-04-14 07:51 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2011-01-12 07:06 . 2011-01-14 16:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-01-04 11:31 . 2011-01-04 11:31 9 ----a-w- c:\documents and settings\Václav Podstavek\Data aplikací\google__z5[s4_4]rk-h.tmp
2010-12-25 04:47 . 2010-12-25 04:47 9 ----a-w- c:\documents and settings\Václav Podstavek\Data aplikací\google__s5[z4_4]rk-h.tmp
2010-12-24 09:57 . 2010-12-24 09:57 9 ----a-w- c:\documents and settings\Václav Podstavek\Data aplikací\google_z5[s4_4]rk-h.tmp
2010-12-21 04:40 . 2010-12-21 04:40 109248 ----a-w- c:\documents and settings\Václav Podstavek\Data aplikací\MSWINSCK.OCX
2010-12-19 04:35 . 2010-12-19 04:35 9 ----a-w- c:\documents and settings\Václav Podstavek\Data aplikací\google_s5[z4_4]rk-h.tmp
2010-12-19 04:35 . 2010-12-19 04:35 -------- d-----w- c:\program files\KAZAA
2010-12-19 04:35 . 2010-12-19 04:35 -------- d-----w- C:\My Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-18 12:06 . 2010-12-18 12:06 462848 ----a-w- c:\documents and settings\All Users\Data aplikací\Sys32c.exe
2010-12-17 15:41 . 2010-12-17 15:41 57257 ----a-w- c:\documents and settings\Václav Podstavek\Data aplikací\Václav Podstavek3SQLite3.dll
2010-11-19 15:38 . 2010-11-19 15:38 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-18 18:15 . 2008-05-25 08:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2008-05-25 10:31 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:23 . 2008-05-25 10:31 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2008-05-25 10:31 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2008-05-25 10:31 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2008-05-25 10:31 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-05-25 10:31 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2008-05-25 10:31 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2008-05-25 10:31 1853312 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-01-13 08:47 120712 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\V clav Podstavek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [14.1.2011 17:43 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [14.1.2011 17:43 189904]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [14.1.2011 17:43 99792]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.1.2011 17:43 357968]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.1.2011 17:43 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.1.2011 17:43 17744]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [14.1.2011 17:43 119200]
S3 SER120;OTI Serial port driver;c:\windows\system32\drivers\ser120.sys [9.1.2009 18:56 32910]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-17 17:54
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2011-01-17 17:57:22
ComboFix-quarantined-files.txt 2011-01-17 16:57
ComboFix2.txt 2011-01-16 13:10
ComboFix3.txt 2011-01-13 20:09

Před spuštěním: 8 721 768 448
Po spuštění: 8 699 420 672

- - End Of File - - ABBD9F9BE6CE0043C400313BC342B4FA

[vyosek]

Stahnete Avenger (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
• Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
• Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize

• Kód: Vybrat vše

  Files to delete:
  c:\documents and settings\All Users\Data aplikací\Sys32c.exe

• Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
• Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
• Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
• Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt

[sacnok]

Log viz nize

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\documents and settings\All Users\Data aplikací\Sys32c.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[vyosek]

Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu

• Do okna vlozte skript nize

• Kód: Vybrat vše

  :filefind
  submit*.zip

• Kliknete na Look
• Tlacitko Look se zmeni na Scanning a zsedne
• Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
• Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

[sacnok]

viz nize

SystemLook 04.09.10 by jpshortstuff
Log created at 18:55 on 17/01/2011 by Václav Podstavek
Administrator - Elevation successful

========== filefind ==========

Searching for "submit*.zip"
No files found.

-= EOF =-

[vyosek]

Mohl byste mi zabalit prosim slozky c:\qoobox a c:\avenger a uploadnout je ke me na web http://vyosek.ic.cz/havet/uploader.php jsou v nich vzorky haveti ktere by slouzili k dalsim studijnim ucelum a vyvoji utilit

Odinstalujte Combofix

• Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
• Napiste ComboFix /Uninstall
• Stisknete Enter
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Dejte novy log z RSIT a napiste jak se chova PC

[sacnok]

Nejak se mi nedari Vam poslat ty data co jste chtel, tak jsou ke stazeni tady: http://old.kmk.cz/sacnok_pack.zip

Jak to budete mit stazeno, dejte vedet smazu to

[vyosek]

Mam stazeno, dekuji

Pokracujte dale v pokynech co jsem psal vyse...