Proxy server odmítl spojení

[nasill]

Dobrý večer,
při zapnutí firefoxu naběhne hláška "Proxy server odmítl spojení" ... Firefox potom lze zapnout pouze po změně nastavení. Prosím o kontrolu logu.

Předem moc děkuji Jakub

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:03, on 27.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Kuba\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:53455
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.31.0.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5185 bytes

[Rudy]

Dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 . Je podrobnější, než HijackThis.

[nasill]

Tady je

Logfile of random's system information tool 1.08 (written by random/random)
Run by Kuba at 2011-02-27 22:06:39
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (65%) free of 36 GB
Total RAM: 510 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:06:47, on 27.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Kuba\Plocha\RSIT.exe
C:\Program Files\trend micro\Kuba.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:53455
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.31.0.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5617 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EPM-DM"=c:\acer\epm\epm-dm.exe [2005-03-28 188416]
"ePowerManagement"=C:\Acer\ePM\ePM.exe [2005-03-24 2880512]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-04-13 2176512]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-15 385024]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2004-10-15 356352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acerWireless]
C:\Program Files\acer\Wireless\Utility\WlanUtil.exe [2004-06-09 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
C:\Program Files\Atheros\ACU.exe [2005-01-31 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-04-28 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2004-10-15 356352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.1\ICQ.exe [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-15 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\Program Files\Launch Manager\QtZgAcer.EXE [2005-09-05 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-14 171008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-09-02 672632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe [2009-03-24 606208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-04-13 3037696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
C:\PROGRA~1\COMMON~1\AVERME~1\AVERQU~1\AVERQU~2.EXE [2007-04-17 614400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^1ciy1kp.exe]
C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\1ciy1kp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^60hc0je.exe]
C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\60hc0je.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^70pfl66.exe]
C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\70pfl66.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^cyytkkfwwr.exe]
C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\cyytkkfwwr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^e1awwriidu.exe]
C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\e1awwriidu.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^ee6qq6cc6.exe]
C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\ee6qq6cc6.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^g1cyytkk.exe]
C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^lbcxd870.exe]
C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\lbcxd870.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^siojzavl.exe]
C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\siojzavl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^vb5rniy1.exe]
C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\vb5rniy1.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^vvrhhdttpff.exe]
C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\vvrhhdttpff.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^vwrhidtu.exe]
C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\vwrhidtu.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^w1soojaavm.exe]
C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\w1soojaavm.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServiceLayer"=3
"S24EventMonitor"=2
"PnkBstrB"=2
"PnkBstrA"=2
"OwnershipProtocol"=2
"gupdate"=2
"EvtEng"=2
"avast! Mail Scanner"=3
"Ati HotKey Poller"=2
"ACS"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-04-28 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-10-15 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Disabled:Crawler Spyware Terminator"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-02-27 21:41:25 ----AD---- C:\Kaspersky Rescue Disk 10.0
2011-02-27 21:34:44 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-02-27 21:34:37 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-02-27 21:17:28 ----ASH---- C:\pagefile.sys
2011-02-20 22:01:32 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-02-20 22:01:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2011-02-27 22:06:44 ----D---- C:\WINDOWS\Prefetch
2011-02-27 22:06:44 ----D---- C:\Program Files\trend micro
2011-02-27 21:54:50 ----D---- C:\Program Files\Crawler
2011-02-27 21:49:01 ----D---- C:\temp
2011-02-27 21:37:16 ----D---- C:\WINDOWS
2011-02-27 21:37:10 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-27 21:34:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-27 21:34:44 ----D---- C:\WINDOWS\system32\drivers
2011-02-27 21:33:45 ----AD---- C:\WINDOWS\Temp
2011-02-27 20:32:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-27 20:24:58 ----D---- C:\Documents and Settings\Kuba\Data aplikací\Spyware Terminator
2011-02-27 20:17:54 ----SD---- C:\Documents and Settings\Kuba\Data aplikací\Microsoft
2011-02-27 20:17:37 ----D---- C:\Program Files\Spyware Terminator
2011-02-24 11:14:46 ----HD---- C:\WINDOWS\inf
2011-02-22 19:11:53 ----RASH---- C:\boot.ini
2011-02-22 19:11:53 ----N---- C:\WINDOWS\win.ini
2011-02-22 19:11:53 ----N---- C:\WINDOWS\system.ini
2011-02-20 22:01:32 ----RD---- C:\Program Files
2011-02-20 21:50:04 ----D---- C:\WINDOWS\pss
2011-02-20 21:38:59 ----D---- C:\WINDOWS\Debug
2011-02-10 19:05:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2011-02-10 18:46:32 ----D---- C:\WINDOWS\system32
2011-02-10 18:44:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-02-10 18:41:09 ----A---- C:\WINDOWS\system32\MRT.exe
2011-02-10 18:40:44 ----D---- C:\Program Files\Internet Explorer
2011-02-10 18:40:24 ----D---- C:\WINDOWS\ie8updates
2011-02-10 18:39:33 ----HD---- C:\WINDOWS\$hf_mig$
2011-01-31 19:06:18 ----SHD---- C:\WINDOWS\Installer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-04-13 17801]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-28 1132544]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-06-25 34048]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-06-25 276480]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2005-09-05 16896]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-01-25 1038208]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-01-25 207616]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-01-25 703616]
S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2006-11-22 327168]
S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2006-11-22 100096]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM); C:\WINDOWS\system32\drivers\averhbtv.sys [2007-04-30 302848]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-10-15 139264]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-04-13 488960]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S4 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2004-12-27 36864]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-28 364544]
S4 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-10-15 86016]
S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-13 136176]
S4 OwnershipProtocol;OwnershipProtocol; C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe [2004-10-15 98304]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-04-13 75064]
S4 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-11-08 215016]
S4 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-10-15 360521]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]

-----------------EOF-----------------

[Rudy]

Dejte ještě log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[nasill]

ComboFix 11-02-27.01 - Kuba 27.02.2011 22:16:24.9.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.510.299 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kuba\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2011-01-27 do 2011-02-27 )))))))))))))))))))))))))))))))
.

2011-02-27 20:41 . 2011-02-27 20:48 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2011-02-27 20:34 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 20:34 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-20 21:01 . 2011-02-27 19:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-02-20 21:01 . 2011-02-20 21:07 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2001-10-25 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2001-10-25 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2001-10-25 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2001-10-25 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2001-10-25 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2010-04-13 18:54 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2001-10-25 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2001-10-25 12:00 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2001-10-24 11:46 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2001-10-25 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-14_07.37.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-09-28 17:56 . 2006-09-28 17:56 55808 c:\windows\system32\WudfSvc.dll
+ 2006-09-28 19:13 . 2006-09-28 19:13 95344 c:\windows\system32\WUDFCoinstaller.dll
+ 2006-11-02 10:51 . 2006-11-02 10:51 39936 c:\windows\system32\wpdshextres.dll
+ 2006-10-18 19:00 . 2006-10-18 19:00 17408 c:\windows\system32\wpdshextautoplay.exe
+ 2006-10-18 20:47 . 2006-10-18 20:47 63488 c:\windows\system32\wpdmtpus.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 35840 c:\windows\system32\wpdconns.dll
+ 2001-10-25 12:00 . 2006-10-18 20:47 37376 c:\windows\system32\wmdmps.dll
+ 2001-10-25 12:00 . 2006-10-18 20:47 33792 c:\windows\system32\wmdmlog.dll
+ 2010-05-02 11:18 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
- 2010-05-02 11:18 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2010-04-13 18:48 . 2008-11-07 17:55 26144 c:\windows\system32\spupdsvc.exe
- 2010-04-13 18:48 . 2009-01-07 16:20 26144 c:\windows\system32\spupdsvc.exe
+ 2010-06-06 17:53 . 2008-11-07 17:55 16928 c:\windows\system32\spmsgXP_2k3.dll
+ 2010-12-25 08:56 . 2010-02-22 14:20 18296 c:\windows\system32\spmsg.dll
+ 2005-10-14 10:56 . 2002-10-04 22:04 45056 c:\windows\system32\ogg.dll
+ 2010-06-06 17:45 . 2010-02-26 13:32 92672 c:\windows\system32\nmwcdcls.dll
+ 2010-04-13 18:54 . 2006-10-18 20:47 27136 c:\windows\system32\mspmsnsv.dll
+ 2001-10-25 12:00 . 2010-12-20 23:52 66560 c:\windows\system32\mshtmled.dll
- 2001-10-25 12:00 . 2010-09-10 05:52 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 02:31 . 2010-09-10 05:52 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 02:31 . 2010-12-20 23:52 55296 c:\windows\system32\msfeedsbs.dll
+ 2001-10-25 12:00 . 2006-10-18 20:47 11264 c:\windows\system32\LAPRXY.dll
+ 2001-10-25 12:00 . 2010-12-20 23:52 25600 c:\windows\system32\jsproxy.dll
- 2001-10-25 12:00 . 2010-09-10 05:52 25600 c:\windows\system32\jsproxy.dll
+ 2010-04-13 18:29 . 2010-11-18 18:15 81920 c:\windows\system32\isign32.dll
- 2010-04-13 18:29 . 2008-04-14 03:21 81920 c:\windows\system32\isign32.dll
- 2010-06-06 17:46 . 2008-08-26 07:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys
+ 2010-12-23 18:55 . 2008-08-26 09:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys
+ 2010-12-23 18:54 . 2010-02-26 13:32 22528 c:\windows\system32\DRVSTORE\ccdcmbo_58B426A32D058B9C0B1148770AD4070D84CE094D\ccdcmbo.sys
+ 2010-12-23 18:54 . 2010-02-26 13:32 92672 c:\windows\system32\DRVSTORE\ccdcmb_58B426A32D058B9C0B1148770AD4070D84CE094D\nmwcdcls.dll
+ 2010-12-23 18:54 . 2010-02-26 13:32 18176 c:\windows\system32\DRVSTORE\ccdcmb_58B426A32D058B9C0B1148770AD4070D84CE094D\ccdcmb.sys
+ 2006-09-28 18:00 . 2006-09-28 18:00 82944 c:\windows\system32\drivers\WudfRd.sys
+ 2006-09-28 17:55 . 2006-09-28 17:55 77568 c:\windows\system32\drivers\WudfPf.sys
+ 2006-10-18 19:00 . 2006-10-18 19:00 38528 c:\windows\system32\drivers\wpdusb.sys
+ 2008-03-27 14:27 . 2009-07-14 09:35 37608 c:\windows\system32\drivers\wdfldr.sys
+ 2010-12-23 18:55 . 2008-08-26 09:26 18816 c:\windows\system32\drivers\pccsmcfd.sys
- 2010-06-06 17:46 . 2008-08-26 07:26 18816 c:\windows\system32\drivers\pccsmcfd.sys
+ 2001-10-25 12:00 . 2010-11-02 15:17 40960 c:\windows\system32\drivers\ndproxy.sys
+ 2010-12-23 18:54 . 2010-02-26 13:32 22528 c:\windows\system32\drivers\ccdcmbo.sys
+ 2010-12-23 18:54 . 2010-02-26 13:32 18176 c:\windows\system32\drivers\ccdcmb.sys
+ 2010-07-31 19:16 . 2010-12-20 23:52 12800 c:\windows\system32\dllcache\xpshims.dll
- 2010-07-31 19:16 . 2010-09-10 05:52 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-06-06 18:15 . 2006-10-18 20:47 37376 c:\windows\system32\dllcache\wmdmps.dll
+ 2010-06-06 18:15 . 2006-10-18 20:47 33792 c:\windows\system32\dllcache\wmdmlog.dll
+ 2010-12-15 18:44 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe
+ 2010-12-15 18:46 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys
+ 2010-06-06 18:13 . 2006-10-18 20:47 27136 c:\windows\system32\dllcache\mspmsnsv.dll
- 2010-02-26 06:12 . 2010-09-10 05:52 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-02-26 06:12 . 2010-12-20 23:52 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-07-31 19:16 . 2010-12-20 23:52 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-07-31 19:16 . 2010-09-10 05:52 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 02:34 . 2010-09-10 05:52 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 02:34 . 2010-12-20 23:52 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2010-06-06 18:11 . 2006-10-18 20:47 11264 c:\windows\system32\dllcache\LAPRXY.dll
- 2010-02-26 06:12 . 2010-09-10 05:52 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-02-26 06:12 . 2010-12-20 23:52 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-11-18 18:15 . 2010-11-18 18:15 81920 c:\windows\system32\dllcache\isign32.dll
+ 2009-12-14 07:10 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2010-12-23 18:52 . 2010-12-23 18:52 78336 c:\windows\Installer\1e9fc1c3.msi
+ 2010-12-23 18:57 . 2010-12-23 18:57 10134 c:\windows\Installer\{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}\ARPPRODUCTICON.exe
+ 2010-12-23 18:55 . 2010-12-23 18:55 24255 c:\windows\Installer\{8112C6B3-91E1-4560-8AB9-876DADFA37C5}\ARPPRODUCTICON.exe
+ 2010-12-23 18:56 . 2010-12-23 18:56 10134 c:\windows\Installer\{749A1EDD-16C2-4C63-B013-D38F0F953973}\ARPPRODUCTICON.exe
+ 2010-12-23 18:55 . 2010-12-23 18:55 10134 c:\windows\Installer\{45DF6D99-666D-41FA-8D62-0E183B6240F3}\ARPPRODUCTICON.exe
+ 2011-02-10 17:40 . 2010-11-06 00:23 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-10 17:40 . 2010-11-06 00:23 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-10 17:40 . 2010-11-06 00:23 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-10 17:40 . 2010-11-06 00:23 43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-10 17:40 . 2010-11-06 00:23 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2010-12-16 17:40 . 2010-09-10 05:52 12800 c:\windows\ie8updates\KB2416400-IE8\xpshims.dll
+ 2010-12-16 17:40 . 2010-09-10 05:52 66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll
+ 2010-12-16 17:40 . 2010-09-10 05:52 55296 c:\windows\ie8updates\KB2416400-IE8\msfeedsbs.dll
+ 2010-12-16 17:40 . 2010-09-10 05:52 43520 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll
+ 2010-12-16 17:40 . 2010-09-10 05:52 25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll
+ 2010-12-16 17:38 . 2010-02-22 14:20 26488 c:\windows\$hf_mig$\KB2467659\update\spcustom.dll
+ 2010-12-16 17:38 . 2010-02-22 14:20 18296 c:\windows\$hf_mig$\KB2467659\spmsg.dll
+ 2010-12-16 17:42 . 2010-02-22 14:20 26488 c:\windows\$hf_mig$\KB2443105\update\spcustom.dll
+ 2010-12-16 17:42 . 2010-02-22 14:20 18296 c:\windows\$hf_mig$\KB2443105\spmsg.dll
+ 2010-11-18 18:15 . 2010-11-18 18:15 81920 c:\windows\$hf_mig$\KB2443105\SP3QFE\isign32.dll
+ 2010-12-16 17:39 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2440591\update\spcustom.dll
+ 2010-12-16 17:39 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB2440591\spmsg.dll
+ 2010-12-15 18:46 . 2010-11-03 05:55 40960 c:\windows\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys
+ 2010-12-16 17:39 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2436673\update\spcustom.dll
+ 2010-12-16 17:39 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB2436673\spmsg.dll
+ 2010-12-16 17:34 . 2010-02-22 14:20 26488 c:\windows\$hf_mig$\KB2423089\update\spcustom.dll
+ 2010-12-16 17:34 . 2010-02-22 14:20 18296 c:\windows\$hf_mig$\KB2423089\spmsg.dll
+ 2010-12-15 18:44 . 2010-10-11 14:55 45568 c:\windows\$hf_mig$\KB2423089\SP3QFE\wab.exe
+ 2011-01-12 16:29 . 2010-02-22 14:20 26488 c:\windows\$hf_mig$\KB2419632\update\spcustom.dll
+ 2011-01-12 16:29 . 2010-02-22 14:20 18296 c:\windows\$hf_mig$\KB2419632\spmsg.dll
+ 2010-12-16 17:40 . 2010-02-22 14:20 26488 c:\windows\$hf_mig$\KB2416400-IE8\update\spcustom.dll
+ 2010-12-16 17:40 . 2010-02-22 14:20 18296 c:\windows\$hf_mig$\KB2416400-IE8\spmsg.dll
+ 2010-12-15 18:49 . 2010-11-06 00:24 12800 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\xpshims.dll
+ 2010-12-15 18:49 . 2010-11-06 00:24 66560 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtmled.dll
+ 2010-12-15 18:49 . 2010-11-06 00:24 55296 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\msfeedsbs.dll
+ 2010-12-15 18:49 . 2010-11-06 00:24 43520 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\licmgr10.dll
+ 2010-12-15 18:49 . 2010-11-06 00:24 25600 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\jsproxy.dll
+ 2010-12-16 17:42 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2296199\update\spcustom.dll
+ 2010-12-16 17:42 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB2296199\spmsg.dll
+ 2010-04-13 18:54 . 2006-10-18 20:47 4096 c:\windows\system32\wmvdmoe2.dll
+ 2001-10-25 12:00 . 2006-10-18 20:47 4096 c:\windows\system32\wmvdmod.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 4096 c:\windows\system32\WMVADVE.DLL
+ 2006-10-18 20:47 . 2006-10-18 20:47 4096 c:\windows\system32\WMVADVD.dll
+ 2010-04-13 18:54 . 2006-10-18 20:47 4096 c:\windows\system32\wmsdmoe2.dll
+ 2001-10-25 12:00 . 2006-10-18 20:47 4096 c:\windows\system32\wmsdmod.dll
+ 2006-10-18 20:58 . 2006-10-18 20:58 8704 c:\windows\system32\wdfmgr.exe
+ 2006-10-18 20:47 . 2006-10-18 20:47 4096 c:\windows\system32\wdfapi.dll
+ 2006-10-18 20:58 . 2006-10-18 20:58 8704 c:\windows\system32\uwdf.exe
+ 2001-10-25 12:00 . 2006-10-18 20:47 4096 c:\windows\system32\MPG4DMOD.dll
+ 2010-04-13 18:54 . 2006-10-18 20:47 4096 c:\windows\system32\MP4SDMOD.dll
+ 2010-04-13 18:54 . 2006-10-18 20:47 4096 c:\windows\system32\MP43DMOD.dll
+ 2010-12-23 18:54 . 2010-02-26 13:21 8320 c:\windows\system32\DRVSTORE\nmwcdnsuc_58B426A32D058B9C0B1148770AD4070D84CE094D\nmwcdnsuc.sys
+ 2010-12-23 18:54 . 2010-02-26 13:32 8192 c:\windows\system32\DRVSTORE\ccdcmbm_58B426A32D058B9C0B1148770AD4070D84CE094D\usbser_lowerflt.sys
+ 2010-12-23 18:54 . 2010-02-26 13:32 8192 c:\windows\system32\DRVSTORE\ccdcmbcj_58B426A32D058B9C0B1148770AD4070D84CE094D\usbser_lowerfltj.sys
+ 2010-12-23 18:54 . 2010-02-26 13:32 8192 c:\windows\system32\drivers\usbser_lowerfltj.sys
+ 2010-12-23 18:54 . 2010-02-26 13:32 8192 c:\windows\system32\drivers\usbser_lowerflt.sys
+ 2010-06-06 18:15 . 2006-10-18 20:47 4096 c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2010-06-06 18:15 . 2006-10-18 20:47 4096 c:\windows\system32\dllcache\wmvdmod.dll
+ 2010-06-06 18:15 . 2006-10-18 20:47 4096 c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2010-06-06 18:15 . 2006-10-18 20:47 4096 c:\windows\system32\dllcache\wmsdmod.dll
+ 2010-06-06 18:11 . 2006-10-18 20:47 4096 c:\windows\system32\dllcache\MPG4DMOD.dll
+ 2010-06-06 18:11 . 2006-10-18 20:47 4096 c:\windows\system32\dllcache\MP4SDMOD.dll
+ 2010-06-06 18:11 . 2006-10-18 20:47 4096 c:\windows\system32\dllcache\MP43DMOD.dll
+ 2010-12-23 18:54 . 2010-12-23 18:54 3262 c:\windows\Installer\{F1FDAA01-988C-423F-AC12-0D8F333943FD}\ARPPRODUCTICON.exe
+ 2005-10-14 10:56 . 2005-12-30 19:10 761856 c:\windows\system32\xvidcore.dll
+ 2005-10-14 10:56 . 2004-02-10 10:15 344064 c:\windows\system32\xvid.dll
+ 2006-09-28 17:56 . 2006-09-28 17:56 316416 c:\windows\system32\WUDFx.dll
+ 2006-09-28 17:56 . 2006-09-28 17:56 165376 c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 17:56 . 2006-09-28 17:56 146432 c:\windows\system32\WudfHost.exe
+ 2006-10-18 20:47 . 2006-10-18 20:47 356352 c:\windows\system32\wpdsp.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 133632 c:\windows\system32\WPDShServiceObj.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 154624 c:\windows\system32\wpdmtp.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 629760 c:\windows\system32\wpd_ci.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 656896 c:\windows\system32\WMVXENCD.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 767488 c:\windows\system32\WMVSENCD.dll
+ 2010-04-13 18:54 . 2009-04-01 22:02 604160 c:\windows\system32\wmspdmod.dll
+ 2001-10-25 12:00 . 2008-06-18 04:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2010-04-13 18:54 . 2006-10-18 20:47 157184 c:\windows\system32\wmidx.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 535040 c:\windows\system32\wmdrmsdk.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 348672 c:\windows\system32\wmdrmnet.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 429056 c:\windows\system32\wmdrmdev.dll
+ 2001-10-25 12:00 . 2007-10-25 08:28 222720 c:\windows\system32\wmasf.dll
+ 2001-10-25 12:00 . 2006-10-18 20:47 757248 c:\windows\system32\WMADMOD.dll
+ 2005-10-14 10:56 . 2002-10-04 22:04 921600 c:\windows\system32\VorbisEnc.dll
+ 2005-10-14 10:56 . 2002-10-04 22:04 188416 c:\windows\system32\vorbis.dll
+ 2005-10-14 10:56 . 2003-04-29 09:13 155136 c:\windows\system32\unrar.dll
+ 2001-10-25 12:00 . 2006-10-18 20:47 211456 c:\windows\system32\qasf.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 199168 c:\windows\system32\PortableDeviceWMDRM.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 132096 c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 166912 c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 101888 c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 284160 c:\windows\system32\PortableDeviceApi.dll
+ 2005-10-14 10:56 . 2002-10-06 17:42 237568 c:\windows\system32\OggDS.dll
+ 2001-10-25 12:00 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll
- 2001-10-25 12:00 . 2008-04-14 03:21 249856 c:\windows\system32\odbc32.dll
- 2001-10-25 12:00 . 2010-09-10 05:52 206848 c:\windows\system32\occache.dll
+ 2001-10-25 12:00 . 2010-12-20 23:52 206848 c:\windows\system32\occache.dll
+ 2010-12-23 18:54 . 2010-02-26 13:32 662016 c:\windows\system32\nmwcdcocls.dll
+ 2001-10-25 12:00 . 2006-10-18 20:47 321536 c:\windows\system32\mswmdm.dll
- 2001-10-25 12:00 . 2010-09-10 05:52 611840 c:\windows\system32\mstime.dll
+ 2001-10-25 12:00 . 2010-12-20 23:52 611840 c:\windows\system32\mstime.dll
+ 2001-10-25 12:00 . 2006-12-04 15:21 414720 c:\windows\system32\msscp.dll
+ 2001-10-25 12:00 . 2006-10-18 20:47 175616 c:\windows\system32\mspmsp.dll
+ 2001-10-25 12:00 . 2006-10-18 20:47 179712 c:\windows\system32\msnetobj.dll
- 2009-03-08 02:32 . 2010-09-10 05:52 602112 c:\windows\system32\msfeeds.dll
+ 2009-03-08 02:32 . 2010-12-20 23:52 602112 c:\windows\system32\msfeeds.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 259072 c:\windows\system32\MPG4DECD.dll
+ 2006-10-18 20:47 . 2010-03-30 11:24 317440 c:\windows\system32\mp4sdecd.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 259072 c:\windows\system32\MP43DECD.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 212992 c:\windows\system32\MFPLAT.dll
+ 2011-02-27 20:53 . 2011-02-27 20:53 234656 c:\windows\system32\Macromed\Flash\FlashUtil10m_Plugin.exe
+ 2001-10-25 12:00 . 2008-06-18 00:09 100864 c:\windows\system32\logagent.exe
- 2001-10-25 12:00 . 2010-09-10 05:52 184320 c:\windows\system32\iepeers.dll
+ 2001-10-25 12:00 . 2010-12-20 23:52 184320 c:\windows\system32\iepeers.dll
- 2001-10-25 12:00 . 2010-09-10 05:52 387584 c:\windows\system32\iedkcs32.dll
+ 2001-10-25 12:00 . 2010-12-20 23:52 387584 c:\windows\system32\iedkcs32.dll
+ 2001-10-25 12:00 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe
+ 2010-04-13 20:19 . 2011-02-10 17:46 112584 c:\windows\system32\FNTCACHE.DAT
- 2010-04-13 20:19 . 2010-10-15 18:07 112584 c:\windows\system32\FNTCACHE.DAT
+ 2010-12-23 18:55 . 2010-04-14 10:40 590848 c:\windows\system32\DRVSTORE\pccswpddri_8FC79B5C76B12B345CB05ADB7D73AF7091A57405\PCCSWpdDriver.dll
+ 2010-12-23 18:54 . 2010-02-26 13:21 137344 c:\windows\system32\DRVSTORE\nmwcdnsu_58B426A32D058B9C0B1148770AD4070D84CE094D\nmwcdnsu.sys
+ 2010-12-23 18:54 . 2010-02-26 13:32 662016 c:\windows\system32\DRVSTORE\ccdcmb_58B426A32D058B9C0B1148770AD4070D84CE094D\nmwcdcocls.dll
+ 2001-10-25 12:00 . 2006-10-18 20:47 991744 c:\windows\system32\drmv2clt.dll
+ 2006-10-18 19:00 . 2006-10-18 19:00 249856 c:\windows\system32\drmupgds.exe
+ 2008-03-27 14:27 . 2009-07-14 09:35 444136 c:\windows\system32\drivers\wdf01000.sys
+ 2006-10-18 20:47 . 2006-10-18 20:47 671232 c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
+ 2010-05-13 13:54 . 2009-04-01 22:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2008-06-10 16:18 . 2008-06-18 04:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2010-06-06 18:15 . 2006-10-18 20:47 157184 c:\windows\system32\dllcache\wmidx.dll
+ 2010-06-06 18:15 . 2007-10-25 08:28 222720 c:\windows\system32\dllcache\wmasf.dll
+ 2010-06-06 18:15 . 2006-10-18 20:47 757248 c:\windows\system32\dllcache\WMADMOD.dll
- 2010-02-26 06:12 . 2010-09-10 05:52 916480 c:\windows\system32\dllcache\wininet.dll
+ 2010-02-26 06:12 . 2010-12-20 23:52 916480 c:\windows\system32\dllcache\wininet.dll
+ 2011-01-21 14:44 . 2011-01-21 14:44 440320 c:\windows\system32\dllcache\shimgvw.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
- 2009-03-08 02:34 . 2010-09-10 05:52 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 02:34 . 2010-12-20 23:52 206848 c:\windows\system32\dllcache\occache.dll
+ 2010-04-27 15:50 . 2010-12-09 15:15 713216 c:\windows\system32\dllcache\ntdll.dll
+ 2010-06-06 18:13 . 2006-10-18 20:47 321536 c:\windows\system32\dllcache\mswmdm.dll
+ 2010-02-26 06:12 . 2010-12-20 23:52 611840 c:\windows\system32\dllcache\mstime.dll
- 2010-02-26 06:12 . 2010-09-10 05:52 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-06-06 18:13 . 2006-12-04 15:21 414720 c:\windows\system32\dllcache\msscp.dll
+ 2010-06-06 18:13 . 2006-10-18 20:47 175616 c:\windows\system32\dllcache\mspmsp.dll
+ 2010-06-06 18:13 . 2006-10-18 20:47 179712 c:\windows\system32\dllcache\msnetobj.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
- 2010-07-31 19:16 . 2010-09-10 05:52 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-07-31 19:16 . 2010-12-20 23:52 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
+ 2010-03-30 11:24 . 2010-03-30 11:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
- 2010-04-27 15:50 . 2009-06-25 08:27 729088 c:\windows\system32\dllcache\lsasrv.dll
+ 2010-04-27 15:50 . 2010-12-20 17:25 729088 c:\windows\system32\dllcache\lsasrv.dll
+ 2008-06-09 23:31 . 2008-06-18 00:09 100864 c:\windows\system32\dllcache\logagent.exe
- 2009-06-25 08:27 . 2009-06-25 08:27 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-06-25 08:27 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
- 2010-07-31 19:16 . 2010-09-10 05:52 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-07-31 19:16 . 2010-12-20 23:52 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2010-02-26 06:12 . 2010-09-10 05:52 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-02-26 06:12 . 2010-12-20 23:52 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-07-31 19:16 . 2010-12-20 23:52 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-07-31 19:16 . 2010-09-10 05:52 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2009-03-08 12:09 . 2010-12-20 23:52 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 12:09 . 2010-09-10 05:52 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 02:32 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-06-06 18:10 . 2006-10-18 20:47 991744 c:\windows\system32\dllcache\drmv2clt.dll
+ 2010-06-06 18:10 . 2006-10-18 20:47 229376 c:\windows\system32\dllcache\cewmdm.dll
+ 2010-06-06 18:10 . 2006-10-18 20:47 542720 c:\windows\system32\dllcache\blackbox.dll
+ 2010-04-20 05:48 . 2011-01-07 14:09 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2005-10-14 10:56 . 2005-11-23 04:00 778240 c:\windows\system32\DivXsm.exe
+ 2005-12-19 06:23 . 2005-12-07 17:05 663552 c:\windows\system32\divx_xx11.dll
+ 2005-12-19 06:23 . 2005-12-07 17:05 679936 c:\windows\system32\divx_xx0c.dll
+ 2005-12-19 06:23 . 2005-12-07 17:05 679936 c:\windows\system32\divx_xx07.dll
+ 2001-10-25 12:00 . 2006-10-18 20:47 229376 c:\windows\system32\cewmdm.dll
+ 2001-10-25 12:00 . 2006-10-18 20:47 542720 c:\windows\system32\blackbox.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 276992 c:\windows\system32\audiodev.dll
+ 2010-11-20 12:10 . 2010-11-20 12:09 737280 c:\windows\iun6002.exe
+ 2010-12-23 19:01 . 2010-12-23 19:01 855040 c:\windows\Installer\1e9fc240.msi
+ 2010-12-23 18:57 . 2010-12-23 18:57 610304 c:\windows\Installer\1e9fc239.msi
+ 2010-12-23 18:55 . 2010-12-23 18:55 466944 c:\windows\Installer\1e9fc21b.msi
+ 2010-12-23 18:55 . 2010-12-23 18:55 495616 c:\windows\Installer\1e9fc215.msi
+ 2010-12-23 18:54 . 2010-12-23 18:54 331776 c:\windows\Installer\1e9fc1df.msi
+ 2010-12-23 19:01 . 2010-12-23 19:01 287934 c:\windows\Installer\{B8B4446F-87E1-4423-A47A-16832C24A199}\ARPPRODUCTICON.exe
+ 2011-02-10 17:40 . 2010-11-06 00:23 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-10 17:40 . 2010-07-05 13:13 391032 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-10 17:40 . 2010-07-05 13:13 233848 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-10 17:40 . 2010-11-06 00:23 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-10 17:40 . 2010-11-06 00:23 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-10 17:40 . 2010-11-06 00:23 602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-10 17:40 . 2010-11-06 00:23 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-10 17:40 . 2010-11-06 00:23 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-10 17:40 . 2010-11-06 00:23 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-10 17:40 . 2010-11-06 00:23 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-10 17:40 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2010-12-16 17:40 . 2010-09-10 05:52 916480 c:\windows\ie8updates\KB2416400-IE8\wininet.dll
+ 2010-12-16 17:40 . 2010-07-05 13:13 391032 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll
+ 2010-12-16 17:40 . 2010-02-22 14:20 233848 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe
+ 2010-12-16 17:40 . 2010-09-10 05:52 206848 c:\windows\ie8updates\KB2416400-IE8\occache.dll
+ 2010-12-16 17:40 . 2010-09-10 05:52 611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll
+ 2010-12-16 17:40 . 2010-09-10 05:52 602112 c:\windows\ie8updates\KB2416400-IE8\msfeeds.dll
+ 2010-12-16 17:40 . 2010-09-10 05:52 247808 c:\windows\ie8updates\KB2416400-IE8\ieproxy.dll
+ 2010-12-16 17:40 . 2010-09-10 05:52 184320 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll
+ 2010-12-16 17:40 . 2010-09-10 05:52 743424 c:\windows\ie8updates\KB2416400-IE8\iedvtool.dll
+ 2010-12-16 17:40 . 2010-09-10 05:52 387584 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll
+ 2010-12-16 17:40 . 2010-08-26 12:22 173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe
+ 2010-12-16 17:38 . 2010-02-22 14:21 391032 c:\windows\$hf_mig$\KB2467659\update\updspapi.dll
+ 2010-12-16 17:38 . 2010-02-22 14:20 759160 c:\windows\$hf_mig$\KB2467659\update\update.exe
+ 2010-12-16 17:38 . 2010-02-22 14:20 233848 c:\windows\$hf_mig$\KB2467659\spuninst.exe
+ 2010-12-16 17:42 . 2010-02-22 14:21 391032 c:\windows\$hf_mig$\KB2443105\update\updspapi.dll
+ 2010-12-16 17:42 . 2010-02-22 14:21 759160 c:\windows\$hf_mig$\KB2443105\update\update.exe
+ 2010-12-16 17:42 . 2010-02-22 14:20 233848 c:\windows\$hf_mig$\KB2443105\spuninst.exe
+ 2010-12-16 17:39 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB2440591\update\updspapi.dll
+ 2010-12-16 17:39 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB2440591\update\update.exe
+ 2010-12-16 17:39 . 2009-05-26 11:40 233848 c:\windows\$hf_mig$\KB2440591\spuninst.exe
+ 2010-12-16 17:39 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB2436673\update\updspapi.dll
+ 2010-12-16 17:39 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB2436673\update\update.exe
+ 2010-12-16 17:39 . 2009-05-26 11:40 233848 c:\windows\$hf_mig$\KB2436673\spuninst.exe
+ 2010-12-16 17:34 . 2010-02-22 14:21 391032 c:\windows\$hf_mig$\KB2423089\update\updspapi.dll
+ 2010-12-16 17:34 . 2010-02-22 14:20 759160 c:\windows\$hf_mig$\KB2423089\update\update.exe
+ 2010-12-16 17:34 . 2010-02-22 14:20 233848 c:\windows\$hf_mig$\KB2423089\spuninst.exe
+ 2011-01-12 16:29 . 2010-02-22 14:21 391032 c:\windows\$hf_mig$\KB2419632\update\updspapi.dll
+ 2011-01-12 16:29 . 2010-02-22 14:21 759160 c:\windows\$hf_mig$\KB2419632\update\update.exe
+ 2011-01-12 16:29 . 2010-02-22 14:20 233848 c:\windows\$hf_mig$\KB2419632\spuninst.exe
+ 2010-11-09 14:51 . 2010-11-09 14:51 253952 c:\windows\$hf_mig$\KB2419632\SP3QFE\odbc32.dll
+ 2010-11-09 14:51 . 2010-11-09 14:51 102400 c:\windows\$hf_mig$\KB2419632\SP3QFE\msjro.dll
+ 2010-11-09 14:51 . 2010-11-09 14:51 200704 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadox.dll
+ 2010-11-09 14:51 . 2010-11-09 14:51 180224 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadomd.dll
+ 2010-11-09 14:51 . 2010-11-09 14:51 565248 c:\windows\$hf_mig$\KB2419632\SP3QFE\msado15.dll
+ 2010-11-09 14:51 . 2010-11-09 14:51 143360 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadco.dll
+ 2010-12-16 17:40 . 2010-07-05 13:13 391032 c:\windows\$hf_mig$\KB2416400-IE8\update\updspapi.dll
+ 2010-12-16 17:40 . 2010-07-05 13:13 759160 c:\windows\$hf_mig$\KB2416400-IE8\update\update.exe
+ 2010-12-16 17:40 . 2010-02-22 14:20 233848 c:\windows\$hf_mig$\KB2416400-IE8\spuninst.exe
+ 2010-12-15 18:49 . 2010-11-06 00:24 919552 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
+ 2010-12-15 18:49 . 2010-11-06 00:24 206848 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\occache.dll
+ 2010-12-15 18:49 . 2010-11-06 00:24 611840 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mstime.dll
+ 2010-12-15 18:49 . 2010-11-06 00:24 602112 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\msfeeds.dll
+ 2010-12-15 18:49 . 2010-11-06 00:24 247808 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ieproxy.dll
+ 2010-12-15 18:49 . 2010-11-06 00:24 184320 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iepeers.dll
+ 2010-12-15 18:49 . 2010-11-06 00:24 743424 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iedvtool.dll
+ 2010-12-15 18:49 . 2010-11-06 00:24 387584 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iedkcs32.dll
+ 2010-12-15 18:49 . 2010-11-03 12:01 173568 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ie4uinit.exe
+ 2010-12-16 17:42 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB2296199\update\updspapi.dll
+ 2010-12-16 17:42 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB2296199\update\update.exe
+ 2010-12-16 17:42 . 2009-05-26 11:40 233848 c:\windows\$hf_mig$\KB2296199\spuninst.exe
+ 2010-10-28 13:05 . 2010-10-28 13:05 290048 c:\windows\$hf_mig$\KB2296199\SP3QFE\atmfd.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 2603008 c:\windows\system32\WpdShext.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 1382912 c:\windows\system32\WMVSDECD.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 1574912 c:\windows\system32\WMVENCOD.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 1543680 c:\windows\system32\WMVDECOD.dll
+ 2001-10-25 12:00 . 2010-04-06 03:52 2462720 c:\windows\system32\WMVCore.dll
+ 2010-04-13 18:54 . 2006-10-18 20:47 1329152 c:\windows\system32\WMSPDMOE.dll
+ 2001-10-25 12:00 . 2006-10-18 20:47 1117696 c:\windows\system32\WMADMOE.dll
+ 2010-12-23 18:54 . 2010-02-26 13:19 1461992 c:\windows\system32\wdfcoinstaller01009.dll
+ 2001-10-25 12:00 . 2010-12-20 23:52 1210880 c:\windows\system32\urlmon.dll
- 2001-10-25 12:00 . 2010-09-10 05:52 1210880 c:\windows\system32\urlmon.dll
+ 2001-10-25 12:00 . 2011-01-21 14:44 8466432 c:\windows\system32\shell32.dll
- 2001-10-25 12:00 . 2010-07-27 06:30 8466432 c:\windows\system32\shell32.dll
+ 2005-10-14 10:56 . 2005-08-09 22:12 3596288 c:\windows\system32\qt-dx331.dll
+ 2001-10-25 12:00 . 2010-12-20 23:52 5961216 c:\windows\system32\mshtml.dll
+ 2010-01-27 01:07 . 2011-02-27 20:53 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-03-08 02:32 . 2010-12-20 23:52 1991680 c:\windows\system32\iertutil.dll
+ 2010-12-23 18:55 . 2010-04-14 09:26 1837296 c:\windows\system32\DRVSTORE\pccswpddri_8FC79B5C76B12B345CB05ADB7D73AF7091A57405\WUDFUpdate_01009.dll
+ 2010-12-23 18:54 . 2010-02-26 13:19 1461992 c:\windows\system32\DRVSTORE\ccdcmb_58B426A32D058B9C0B1148770AD4070D84CE094D\wdfcoinstaller01009.dll
+ 2008-11-07 16:32 . 2010-04-06 03:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2010-06-06 18:15 . 2006-10-18 20:47 1329152 c:\windows\system32\dllcache\WMSPDMOE.dll
+ 2010-06-06 18:15 . 2006-10-18 20:47 1117696 c:\windows\system32\dllcache\WMADMOE.dll
+ 2009-08-14 15:15 . 2010-12-31 14:04 1854976 c:\windows\system32\dllcache\win32k.sys
+ 2010-02-26 06:12 . 2010-12-20 23:52 1210880 c:\windows\system32\dllcache\urlmon.dll
- 2010-02-26 06:12 . 2010-09-10 05:52 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2011-01-21 14:44 8466432 c:\windows\system32\dllcache\shell32.dll
- 2008-06-17 19:02 . 2010-07-27 06:30 8466432 c:\windows\system32\dllcache\shell32.dll
+ 2010-04-27 15:50 . 2010-12-09 15:14 2194944 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-04-27 15:49 . 2010-12-09 15:14 2029056 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-10 17:09 . 2010-12-09 15:14 2071552 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2010-04-27 15:49 . 2010-12-09 15:14 2150912 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2010-02-26 06:12 . 2010-12-20 23:52 5961216 c:\windows\system32\dllcache\mshtml.dll
+ 2010-07-31 19:16 . 2010-12-20 23:52 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2010-12-23 18:56 . 2010-12-23 18:56 3786240 c:\windows\Installer\1e9fc233.msi
+ 2011-02-10 17:40 . 2010-11-06 00:23 1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-10 17:40 . 2010-11-06 00:23 5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-10 17:40 . 2010-11-06 00:23 1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2010-12-16 17:40 . 2010-09-10 05:52 1210880 c:\windows\ie8updates\KB2416400-IE8\urlmon.dll
+ 2010-12-16 17:40 . 2010-09-10 05:52 5957120 c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
+ 2010-12-16 17:40 . 2010-09-10 05:52 1986560 c:\windows\ie8updates\KB2416400-IE8\iertutil.dll
+ 2010-04-27 15:50 . 2010-12-09 15:14 2194944 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-04-27 15:49 . 2010-12-09 15:14 2029056 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-10 17:09 . 2010-12-09 15:14 2071552 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-04-27 15:49 . 2010-12-09 15:14 2150912 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-10-21 19:04 . 2010-10-21 19:04 2827728 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2010-10-26 14:04 . 2010-10-26 14:04 1862272 c:\windows\$hf_mig$\KB2436673\SP3QFE\win32k.sys
+ 2010-12-15 18:49 . 2010-11-06 00:24 1211904 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\urlmon.dll
+ 2010-12-15 18:49 . 2010-11-06 00:24 5960704 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
+ 2010-12-15 18:49 . 2010-11-06 00:24 1992192 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iertutil.dll
+ 2010-06-10 20:37 . 2011-02-10 17:41 37443528 c:\windows\system32\MRT.exe
+ 2009-03-08 02:39 . 2010-12-20 10:52 11080704 c:\windows\system32\ieframe.dll
+ 2010-07-31 19:16 . 2010-12-20 10:52 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2011-02-10 17:40 . 2010-11-06 00:23 11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
+ 2010-12-16 17:40 . 2010-09-10 05:52 11080192 c:\windows\ie8updates\KB2416400-IE8\ieframe.dll
+ 2010-11-06 04:54 . 2010-11-06 04:54 11082752 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ieframe.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-24 2880512]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-13 2176512]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 09:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^1ciy1kp.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\1ciy1kp.exe
backup=c:\windows\pss\1ciy1kp.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^60hc0je.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\60hc0je.exe
backup=c:\windows\pss\60hc0je.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^70pfl66.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\70pfl66.exe
backup=c:\windows\pss\70pfl66.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^cyytkkfwwr.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\cyytkkfwwr.exe
backup=c:\windows\pss\cyytkkfwwr.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^e1awwriidu.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\e1awwriidu.exe
backup=c:\windows\pss\e1awwriidu.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^ee6qq6cc6.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\ee6qq6cc6.exe
backup=c:\windows\pss\ee6qq6cc6.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^g1cyytkk.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe
backup=c:\windows\pss\g1cyytkk.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^lbcxd870.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\lbcxd870.exe
backup=c:\windows\pss\lbcxd870.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^siojzavl.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\siojzavl.exe
backup=c:\windows\pss\siojzavl.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^vb5rniy1.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vb5rniy1.exe
backup=c:\windows\pss\vb5rniy1.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^vvrhhdttpff.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vvrhhdttpff.exe
backup=c:\windows\pss\vvrhhdttpff.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^vwrhidtu.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vwrhidtu.exe
backup=c:\windows\pss\vwrhidtu.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^w1soojaavm.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\w1soojaavm.exe
backup=c:\windows\pss\w1soojaavm.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acerWireless]
2004-06-09 09:15 417792 ----a-w- c:\program files\acer\Wireless\Utility\wlanutil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2005-01-31 06:05 253952 ----a-w- c:\program files\Atheros\ACU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-04-28 19:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
2004-10-15 09:31 356352 ----a-w- c:\program files\Intel\Wireless\Bin\EOUWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2004-10-15 09:27 385024 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-09-05 09:43 319488 ----a-w- c:\program files\Launch Manager\QtZgAcer.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-20 17:08 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 03:22 171008 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-09-02 09:26 672632 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 08:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
2009-03-24 10:45 606208 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-04-13 20:02 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServiceLayer"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"OwnershipProtocol"=2 (0x2)
"gupdate"=2 (0x2)
"EvtEng"=2 (0x2)
"avast! Mail Scanner"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"ACS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.4.2010 20:43 165456]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13.4.2010 21:02 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.4.2010 20:43 17744]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [14.4.2010 21:05 302848]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.4.2010 21:12 136176]
.
Obsah adresáře 'Naplánované úlohy'

2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]

2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60446
uInternet Settings,ProxyServer = http=127.0.0.1:53455
IE: Crawler Search - tbr:iemenu
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\6un76x5m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60446&qkw=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\Crawler\firefox
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 22:21
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-602162358-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAF5C051-4D4A-C0AC-1299-F96ABDD814D7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(2112)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-02-27 22:24:16
ComboFix-quarantined-files.txt 2011-02-27 21:24
ComboFix2.txt 2010-12-12 22:19
ComboFix3.txt 2010-11-14 16:56
ComboFix4.txt 2010-11-14 12:21
ComboFix5.txt 2011-02-27 21:15

Před spuštěním: Volných bajtů: 24 850 182 144
Po spuštění: Volných bajtů: 24 831 049 728

- - End Of File - - A1EE223CDE1B41BCDC9BC175A6040BEA

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\1ciy1kp.exe
c:\windows\pss\1ciy1kp.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\60hc0je.exe
c:\windows\pss\60hc0je.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\70pfl66.exe
c:\windows\pss\70pfl66.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\e1awwriidu.exe
c:\windows\pss\e1awwriidu.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\cyytkkfwwr.exe
c:\windows\pss\cyytkkfwwr.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\ee6qq6cc6.exe
c:\windows\pss\ee6qq6cc6.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe
c:\windows\pss\g1cyytkk.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\lbcxd870.exe
c:\windows\pss\lbcxd870.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\siojzavl.exe
c:\windows\pss\siojzavl.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vb5rniy1.exe
c:\windows\pss\vb5rniy1.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vvrhhdttpff.exe
c:\windows\pss\vvrhhdttpff.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vwrhidtu.exe
c:\windows\pss\vwrhidtu.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\w1soojaavm.exe
c:\windows\pss\w1soojaavm.exeStartup

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[nasill]

Hotovo, posílám log:

ComboFix 11-02-27.01 - Kuba 28.02.2011 7:40.10.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.510.253 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kuba\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kuba\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: c:\windows\pss\1ciy1kp.exeStartup
file zipped: c:\windows\pss\60hc0je.exeStartup
file zipped: c:\windows\pss\70pfl66.exeStartup
file zipped: c:\windows\pss\cyytkkfwwr.exeStartup
file zipped: c:\windows\pss\e1awwriidu.exeStartup
file zipped: c:\windows\pss\ee6qq6cc6.exeStartup
file zipped: c:\windows\pss\g1cyytkk.exeStartup
file zipped: c:\windows\pss\lbcxd870.exeStartup
file zipped: c:\windows\pss\siojzavl.exeStartup
file zipped: c:\windows\pss\vb5rniy1.exeStartup
file zipped: c:\windows\pss\vvrhhdttpff.exeStartup
file zipped: c:\windows\pss\vwrhidtu.exeStartup
file zipped: c:\windows\pss\w1soojaavm.exeStartup
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\pss\1ciy1kp.exeStartup
c:\windows\pss\60hc0je.exeStartup
c:\windows\pss\70pfl66.exeStartup
c:\windows\pss\cyytkkfwwr.exeStartup
c:\windows\pss\e1awwriidu.exeStartup
c:\windows\pss\ee6qq6cc6.exeStartup
c:\windows\pss\g1cyytkk.exeStartup
c:\windows\pss\lbcxd870.exeStartup
c:\windows\pss\siojzavl.exeStartup
c:\windows\pss\vb5rniy1.exeStartup
c:\windows\pss\vvrhhdttpff.exeStartup
c:\windows\pss\vwrhidtu.exeStartup
c:\windows\pss\w1soojaavm.exeStartup

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-28 do 2011-02-28 )))))))))))))))))))))))))))))))
.

2011-02-27 20:41 . 2011-02-27 20:48 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2011-02-27 20:34 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 20:34 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-20 21:01 . 2011-02-27 19:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-02-20 21:01 . 2011-02-20 21:07 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2001-10-25 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2001-10-25 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2001-10-25 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2001-10-25 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2001-10-25 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2010-04-13 18:54 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2001-10-25 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2001-10-25 12:00 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2001-10-24 11:46 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2001-10-25 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-24 2880512]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-13 2176512]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 09:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^1ciy1kp.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\1ciy1kp.exe
backup=c:\windows\pss\1ciy1kp.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^60hc0je.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\60hc0je.exe
backup=c:\windows\pss\60hc0je.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^70pfl66.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\70pfl66.exe
backup=c:\windows\pss\70pfl66.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^cyytkkfwwr.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\cyytkkfwwr.exe
backup=c:\windows\pss\cyytkkfwwr.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^e1awwriidu.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\e1awwriidu.exe
backup=c:\windows\pss\e1awwriidu.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^ee6qq6cc6.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\ee6qq6cc6.exe
backup=c:\windows\pss\ee6qq6cc6.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^g1cyytkk.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe
backup=c:\windows\pss\g1cyytkk.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^lbcxd870.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\lbcxd870.exe
backup=c:\windows\pss\lbcxd870.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^siojzavl.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\siojzavl.exe
backup=c:\windows\pss\siojzavl.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^vb5rniy1.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vb5rniy1.exe
backup=c:\windows\pss\vb5rniy1.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^vvrhhdttpff.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vvrhhdttpff.exe
backup=c:\windows\pss\vvrhhdttpff.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^vwrhidtu.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vwrhidtu.exe
backup=c:\windows\pss\vwrhidtu.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kuba^Nabídka Start^Programy^Po spuštění^w1soojaavm.exe]
path=c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\w1soojaavm.exe
backup=c:\windows\pss\w1soojaavm.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acerWireless]
2004-06-09 09:15 417792 ----a-w- c:\program files\acer\Wireless\Utility\wlanutil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2005-01-31 06:05 253952 ----a-w- c:\program files\Atheros\ACU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-04-28 19:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
2004-10-15 09:31 356352 ----a-w- c:\program files\Intel\Wireless\Bin\EOUWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2004-10-15 09:27 385024 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-09-05 09:43 319488 ----a-w- c:\program files\Launch Manager\QtZgAcer.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-20 17:08 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 03:22 171008 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-09-02 09:26 672632 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 08:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
2009-03-24 10:45 606208 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-04-13 20:02 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServiceLayer"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"OwnershipProtocol"=2 (0x2)
"gupdate"=2 (0x2)
"EvtEng"=2 (0x2)
"avast! Mail Scanner"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"ACS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.4.2010 20:43 165456]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13.4.2010 21:02 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.4.2010 20:43 17744]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [14.4.2010 21:05 302848]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.4.2010 21:12 136176]
.
Obsah adresáře 'Naplánované úlohy'

2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]

2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60446
uInternet Settings,ProxyServer = http=127.0.0.1:53455
IE: Crawler Search - tbr:iemenu
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\6un76x5m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60446&qkw=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\Crawler\firefox
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-28 07:45
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-602162358-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAF5C051-4D4A-C0AC-1299-F96ABDD814D7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Celkový čas: 2011-02-28 07:47:50
ComboFix-quarantined-files.txt 2011-02-28 06:47
ComboFix2.txt 2011-02-27 21:24
ComboFix3.txt 2010-12-12 22:19
ComboFix4.txt 2010-11-14 16:56
ComboFix5.txt 2011-02-28 06:38

Před spuštěním: Volných bajtů: 24 823 697 408
Po spuštění: Volných bajtů: 24 816 717 824

- - End Of File - - 1548D84D8C7C7340F2B6A1A86C27EA09

[Rudy]

Soubory se obnovily. Udělejte kompletní sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

[nasill]

Našlo to nějaké trojany:

Automatická kontrola: dokončeno před 2 min. (události: 16, objekty: 177374, čas: 01:30:33)
28.2.2011 19:28:57 Úloha byla spuštěna
28.2.2011 20:09:25 Zjištěno: Trojan.Win32.Patched.lk C:\System Volume Information\_restore{33D0BD0B-1DF8-48A7-9795-00818C6E6788}\RP1\A0000044.exe
28.2.2011 20:09:26 Zjištěno: Trojan.Win32.Patched.lk C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir
28.2.2011 20:09:26 Zjištěno: Trojan.Win32.Patched.lp C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir
28.2.2011 20:09:29 Dezinfikováno: Trojan.Win32.Patched.lk C:\System Volume Information\_restore{33D0BD0B-1DF8-48A7-9795-00818C6E6788}\RP1\A0000044.exe
28.2.2011 20:09:29 Dezinfikováno: Trojan.Win32.Patched.lk C:\System Volume Information\_restore{33D0BD0B-1DF8-48A7-9795-00818C6E6788}\RP1\A0000044.exe
28.2.2011 20:09:31 Dezinfikováno: Trojan.Win32.Patched.lk C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir
28.2.2011 20:09:31 Zjištěno: Trojan.Win32.Patched.lp C:\System Volume Information\_restore{33D0BD0B-1DF8-48A7-9795-00818C6E6788}\RP1\A0000046.exe
28.2.2011 20:09:31 Dezinfikováno: Trojan.Win32.Patched.lk C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir
28.2.2011 20:09:35 Dezinfikováno: Trojan.Win32.Patched.lp C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir
28.2.2011 20:09:35 Dezinfikováno: Trojan.Win32.Patched.lp C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir
28.2.2011 20:09:35 Dezinfikováno: Trojan.Win32.Patched.lp C:\System Volume Information\_restore{33D0BD0B-1DF8-48A7-9795-00818C6E6788}\RP1\A0000046.exe
28.2.2011 20:09:35 Dezinfikováno: Trojan.Win32.Patched.lp C:\System Volume Information\_restore{33D0BD0B-1DF8-48A7-9795-00818C6E6788}\RP1\A0000046.exe
28.2.2011 20:18:31 Zjištěno: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{33D0BD0B-1DF8-48A7-9795-00818C6E6788}\RP40\A0006716.exe
28.2.2011 20:18:32 Zjištěno: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{33D0BD0B-1DF8-48A7-9795-00818C6E6788}\RP40\A0006717.exe
28.2.2011 21:00:08 Úloha byla dokončena

[Rudy]

Zkuste nyní ručně smazat tyto soubory:

c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\1ciy1kp.exe
c:\windows\pss\1ciy1kp.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\60hc0je.exe
c:\windows\pss\60hc0je.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\70pfl66.exe
c:\windows\pss\70pfl66.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\e1awwriidu.exe
c:\windows\pss\e1awwriidu.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\cyytkkfwwr.exe
c:\windows\pss\cyytkkfwwr.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\ee6qq6cc6.exe
c:\windows\pss\ee6qq6cc6.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe
c:\windows\pss\g1cyytkk.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\lbcxd870.exe
c:\windows\pss\lbcxd870.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\siojzavl.exe
c:\windows\pss\siojzavl.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vb5rniy1.exe
c:\windows\pss\vb5rniy1.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vvrhhdttpff.exe
c:\windows\pss\vvrhhdttpff.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vwrhidtu.exe
c:\windows\pss\vwrhidtu.exeStartup
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\w1soojaavm.exe
c:\windows\pss\w1soojaavm.exeStartup

[nasill]

Tak ty soubory jsem nenašel přímo v těch cílových složkách, jak jste mi psal, tam nejsou, ale vymazal jsem je v CCleaneru v nástrojích "Start" a potom byly v jakési karanténě ve složce Qoobox. Myslíte že to takhle stačí?

[Rudy]

Mělo by to stačit. Nastala nějaká změna?

[nasill]

Ten internet už běhá normálně a ani nic jiného se nechová divně, takže to bude snad v pořádku . Kdyby něco, tak se tu zase ozvu... Každopádně jsem Vám velmi zavázán.

Přeji hezký večer a ještě jednou díky

[Rudy]

Hezký večer i vám a nemáte zač!