počítač hlásí nechutně moc virů

[pafculka]

a vyhrozuje padem systemu :-/

Logfile of random's system information tool 1.08 (written by random/random)
Run by umlauf at 2011-03-01 18:50:11
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (14%) free of 50 GB
Total RAM: 2046 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:50:25, on 1.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ARIS7.1\BPServer\tomcat\bin\tomcat5.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
D:\D\Irena\RSIT.exe
C:\Program Files\trend micro\umlauf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Burn4Free DB Toolbar\tbcore3.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Burn4Free DB Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Burn4Free DB Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe"
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\D\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\D\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://czp-nav.ids.cee/officescan/conso ... nNTChk.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - https://teamplace.basf.com/qp2.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://czp-nav.ids.cee/officescan/conso ... /setup.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - http://czp-nav.ids.cee/officescan/conso ... AtxEnc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1650139078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1650383234
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://idsscheercr1.webex.com/client/T ... eatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ids.cee
O17 - HKLM\Software\..\Telephony: DomainName = ids.cee
O17 - HKLM\System\CCS\Services\Tcpip\..\{6918EC05-7CF8-4CC9-92CE-8D5264361B8C}: NameServer = 192.168.242.245 192.168.243.245
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ids.cee
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ids.cee
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ARIS Business Publisher Server 7.1 (ARISBusinessPublisher71) - Apache Software Foundation - C:\Program Files\ARIS7.1\BPServer\tomcat\bin\tomcat5.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 15444 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-30 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-19 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-28 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2011-01-04 251416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files\Burn4Free DB Toolbar\tbcore3.dll [2010-02-16 2495488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-19 297648]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2011-01-04 251416]
{338B4DFE-2E2C-4338-9E41-E176D497299E} - Burn4Free DB Toolbar - C:\Program Files\Burn4Free DB Toolbar\tbcore3.dll [2010-02-16 2495488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-09-19 159744]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-31 8429568]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=nvHotkey.dll,Start []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-12-05 405504]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2008-02-22 1245184]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-10-09 2183168]
"WavXMgr"=C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [2007-09-10 92160]
"SecureUpgrade"=C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2007-09-14 218424]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-02-26 128296]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2010-08-25 124224]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\udaterui.exe [2010-02-18 136512]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"T-Mobile Communication Centre"=C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2007-10-25 956296]
"eyeBeam SIP Client"=C:\Program Files\CounterPath\X-Lite\x-lite.exe [2010-01-04 23941120]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-06-10 39408]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2010-12-10 247144]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gemsafe]
C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [2006-11-16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Canon\DIAS\CnxDIAS.exe"="C:\Program Files\Canon\DIAS\CnxDIAS.exe:*:Enabled:Canon Driver Information Assist Service"
"C:\Program Files\ARIS7.0\ReportServer.exe"="C:\Program Files\ARIS7.0\ReportServer.exe:*:Disabled:ARIS WebReport Server"
"C:\Program Files\ARIS7.0\LocalServer\ASA9\win32\dbsrv9.exe"="C:\Program Files\ARIS7.0\LocalServer\ASA9\win32\dbsrv9.exe:*:Enabled:Adaptive Server Anywhere Network Server"
"C:\Program Files\ARIS7.0\LocalServer\jsl\simusrv.exe"="C:\Program Files\ARIS7.0\LocalServer\jsl\simusrv.exe:*:Enabled:simusrv"
"D:\D\Program Files\ICQ6.5\ICQ.exe"="D:\D\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\ARIS7.1\ReportServer.exe"="C:\Program Files\ARIS7.1\ReportServer.exe:*:Enabled:ARIS WebReport Server"
"C:\Program Files\CounterPath\X-Lite\x-lite.exe"="C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ARIS7.1\LocalServer\jsl\y-simusrv.exe"="C:\Program Files\ARIS7.1\LocalServer\jsl\y-simusrv.exe:*:Enabled:y-simusrv"
"C:\Program Files\CounterPath\X-Lite\x-lite.exe"="C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Documents and Settings\umlauf\temp\TeamViewer\Version4\TeamViewer.exe"="C:\Documents and Settings\umlauf\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\ARIS7.0\JavaClient\jre\bin\Java.exe"="C:\Program Files\ARIS7.0\JavaClient\jre\bin\Java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\ARIS7.0\LocalServer\jre\bin\Java.exe"="C:\Program Files\ARIS7.0\LocalServer\jre\bin\Java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\ARIS7.0\LocalServer\asa9\win32\dbsrv9.exe"="C:\Program Files\ARIS7.0\LocalServer\asa9\win32\dbsrv9.exe:*:Enabled:Adaptive Server Anywhere Network Server"
"C:\Program Files\ARIS7.0\ScriptCv.exe"="C:\Program Files\ARIS7.0\ScriptCv.exe:*:Enabled:Script Converter ARIS 4.x to ARIS 5"
"C:\Program Files\ARIS7.0\REGSVR32.EXE"="C:\Program Files\ARIS7.0\REGSVR32.EXE:*:Enabled:Microsoft(C) Register Server"
"C:\Program Files\ARIS7.0\regall.exe"="C:\Program Files\ARIS7.0\regall.exe:*:Enabled:regall"
"C:\Program Files\ARIS7.0\JavaClient\ARIS Symbol Editor 7.0.exe"="C:\Program Files\ARIS7.0\JavaClient\ARIS Symbol Editor 7.0.exe:*:Enabled:ARIS"
"C:\Program Files\ARIS7.0\simple\eMPlantAris.exe"="C:\Program Files\ARIS7.0\simple\eMPlantAris.exe:*:Enabled:This application loads the eM-Plant Aris simulation engine."
"C:\Program Files\ARIS7.0\JavaClient\ArisAdm70.exe"="C:\Program Files\ARIS7.0\JavaClient\ArisAdm70.exe:*:Enabled:ARIS SiteAdmin Tool"
"C:\Program Files\ARIS7.0\JavaClient\ARIS Converter 7.0.exe"="C:\Program Files\ARIS7.0\JavaClient\ARIS Converter 7.0.exe:*:Enabled:ARIS"
"C:\Program Files\ARIS7.0\LocalServer\jsl\simusrv.exe"="C:\Program Files\ARIS7.0\LocalServer\jsl\simusrv.exe:*:Enabled:simusrv"
"C:\Program Files\ARIS7.0\arisserverw70.exe"="C:\Program Files\ARIS7.0\arisserverw70.exe:*:Enabled:arisserverw70"
"C:\Program Files\ARIS7.0\ReportServer.exe"="C:\Program Files\ARIS7.0\ReportServer.exe:*:Enabled:ARIS WebReport Server"
"C:\Program Files\ARIS7.0\ReportServerLauncher.exe"="C:\Program Files\ARIS7.0\ReportServerLauncher.exe:*:Enabled:MFC-Anwendung ReportServerLauncher"
"C:\Program Files\ARIS7.0\ARIS Toolset 7.0.exe"="C:\Program Files\ARIS7.0\ARIS Toolset 7.0.exe:*:Enabled:ARIS"
"C:\Program Files\ARIS7.0\JavaClient\ARIS Business Architect 7.0.exe"="C:\Program Files\ARIS7.0\JavaClient\ARIS Business Architect 7.0.exe:*:Enabled:ARIS"
"C:\Program Files\ARIS7.0\JavaClient\ARIS IT Architect 7.0.exe"="C:\Program Files\ARIS7.0\JavaClient\ARIS IT Architect 7.0.exe:*:Enabled:ARIS"
"C:\Program Files\ARIS7.1\JavaClient\jre\bin\Java.exe"="C:\Program Files\ARIS7.1\JavaClient\jre\bin\Java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\ARIS7.1\LocalServer\jre\bin\Java.exe"="C:\Program Files\ARIS7.1\LocalServer\jre\bin\Java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\ARIS7.1\JavaClient\lib\donglewrapper.exe"="C:\Program Files\ARIS7.1\JavaClient\lib\donglewrapper.exe:*:Enabled:donglewrapper"
"C:\Program Files\ARIS7.1\ScriptCv.exe"="C:\Program Files\ARIS7.1\ScriptCv.exe:*:Enabled:Script Converter ARIS 4.x to ARIS 5"
"C:\Program Files\ARIS7.1\REGSVR32.EXE"="C:\Program Files\ARIS7.1\REGSVR32.EXE:*:Enabled:Microsoft(C) Register Server"
"C:\Program Files\ARIS7.1\regall.exe"="C:\Program Files\ARIS7.1\regall.exe:*:Enabled:regall"
"C:\Program Files\ARIS7.1\JavaClient\ARIS Symbol Editor 7.1.exe"="C:\Program Files\ARIS7.1\JavaClient\ARIS Symbol Editor 7.1.exe:*:Enabled:ARIS"
"C:\Program Files\ARIS7.1\simple\eMPlantAris.exe"="C:\Program Files\ARIS7.1\simple\eMPlantAris.exe:*:Enabled:This application loads the eM-Plant Aris simulation engine."
"C:\Program Files\ARIS7.1\JavaClient\ARIS Converter 7.1.exe"="C:\Program Files\ARIS7.1\JavaClient\ARIS Converter 7.1.exe:*:Enabled:ARIS"
"C:\Program Files\ARIS7.1\JavaClient\ARIS Site Administrator 7.1.exe"="C:\Program Files\ARIS7.1\JavaClient\ARIS Site Administrator 7.1.exe:*:Enabled:ARIS"
"C:\Program Files\ARIS7.1\JavaClient\ArisAdm71.exe"="C:\Program Files\ARIS7.1\JavaClient\ArisAdm71.exe:*:Enabled:ArisAdm71"
"C:\Program Files\ARIS7.1\y-serverw.exe"="C:\Program Files\ARIS7.1\y-serverw.exe:*:Enabled:y-serverw"
"C:\Program Files\ARIS7.1\ARIS Toolset 7.1.exe"="C:\Program Files\ARIS7.1\ARIS Toolset 7.1.exe:*:Enabled:ARIS"
"C:\Program Files\ARIS7.1\JavaClient\ARIS Business Architect 7.1.exe"="C:\Program Files\ARIS7.1\JavaClient\ARIS Business Architect 7.1.exe:*:Enabled:ARIS"
"C:\Program Files\ARIS7.1\JavaClient\ARIS Business Architect for SAP 7.1.exe"="C:\Program Files\ARIS7.1\JavaClient\ARIS Business Architect for SAP 7.1.exe:*:Enabled:ARIS"
"C:\Program Files\ARIS7.1\JavaClient\ARIS Business Optimizer 7.1.exe"="C:\Program Files\ARIS7.1\JavaClient\ARIS Business Optimizer 7.1.exe:*:Enabled:ARIS"
"C:\Program Files\ARIS7.1\JavaClient\ARIS IT Architect 7.1.exe"="C:\Program Files\ARIS7.1\JavaClient\ARIS IT Architect 7.1.exe:*:Enabled:ARIS"
"C:\Program Files\ARIS7.1\LocalServer\lib\donglewrapper.exe"="C:\Program Files\ARIS7.1\LocalServer\lib\donglewrapper.exe:*:Enabled:donglewrapper"
"C:\Program Files\ARIS7.1\LocalServer\y-simusrv.exe"="C:\Program Files\ARIS7.1\LocalServer\y-simusrv.exe:*:Enabled:y-simusrv"
"C:\Program Files\ARIS7.1\ReportServer.exe"="C:\Program Files\ARIS7.1\ReportServer.exe:*:Enabled:ARIS WebReport Server"
"C:\Program Files\ARIS7.1\ReportServerLauncher.exe"="C:\Program Files\ARIS7.1\ReportServerLauncher.exe:*:Enabled:MFC-Anwendung ReportServerLauncher"

======List of files/folders created in the last 1 months======

2011-03-01 18:50:12 ----D---- C:\Program Files\trend micro
2011-03-01 18:50:11 ----D---- C:\rsit
2011-02-26 21:08:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2011-02-17 15:38:51 ----D---- C:\Documents and Settings\umlauf\Application Data\TeamViewer
2011-02-10 14:54:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-02-10 14:54:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-02-10 14:54:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-02-09 15:51:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-02-09 15:51:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-02-09 15:51:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-02-09 10:08:51 ----A---- C:\WINDOWS\system32\SET63.tmp
2011-02-08 14:25:30 ----D---- C:\Program Files\Microsoft ActiveSync
2011-02-08 14:24:44 ----D---- C:\Program Files\Common Files\DESIGNER
2011-02-08 14:24:16 ----D---- C:\Program Files\Microsoft Visual Studio
2011-02-08 13:20:55 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-02-08 12:48:52 ----HDC---- C:\WINDOWS\ie8
2011-02-08 10:08:02 ----ASH---- C:\pagefile.sys
2011-02-07 10:42:01 ----D---- C:\WINDOWS\tmp

======List of files/folders modified in the last 1 months======

2011-03-01 18:50:25 ----D---- C:\WINDOWS\Prefetch
2011-03-01 18:50:12 ----RD---- C:\Program Files
2011-03-01 18:48:44 ----D---- C:\WINDOWS\Temp
2011-03-01 13:27:38 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-01 11:30:39 ----D---- C:\WINDOWS
2011-03-01 11:30:38 ----D---- C:\WINDOWS\Registration
2011-03-01 11:30:18 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2011-03-01 11:30:16 ----D---- C:\WINDOWS\system32\drivers
2011-02-28 21:05:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-28 13:49:19 ----D---- C:\Program Files\ARIS7.1
2011-02-28 13:48:53 ----D---- C:\WINDOWS\system32\drivers\etc
2011-02-28 13:44:23 ----SHD---- C:\WINDOWS\Installer
2011-02-28 10:16:22 ----D---- C:\WINDOWS\security
2011-02-28 10:08:32 ----D---- C:\WINDOWS\system32
2011-02-26 21:08:56 ----HD---- C:\WINDOWS\inf
2011-02-26 21:08:47 ----RSHD---- C:\WINDOWS\system32\dllcache
2011-02-26 21:07:21 ----HD---- C:\WINDOWS\$hf_mig$
2011-02-25 21:56:25 ----SHD---- C:\WINDOWS\CSC
2011-02-23 18:12:14 ----D---- C:\Program Files\Mozilla Firefox
2011-02-21 11:01:09 ----D---- C:\Program Files\ARIS7.0
2011-02-18 09:47:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-02-17 07:19:46 ----D---- C:\Program Files\Microsoft Silverlight
2011-02-14 09:55:15 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-02-14 09:53:53 ----SD---- C:\Documents and Settings\umlauf\Application Data\Microsoft
2011-02-14 09:53:53 ----D---- C:\Documents and Settings\umlauf\Application Data\Adobe
2011-02-10 19:26:24 ----D---- C:\Program Files\Java
2011-02-10 14:54:53 ----A---- C:\WINDOWS\imsins.BAK
2011-02-09 15:52:56 ----A---- C:\WINDOWS\system32\MRT.exe
2011-02-09 15:52:40 ----D---- C:\Program Files\Internet Explorer
2011-02-09 15:52:17 ----D---- C:\WINDOWS\ie8updates
2011-02-09 10:05:50 ----D---- C:\WINDOWS\system32\CatRoot
2011-02-08 14:35:38 ----D---- C:\WINDOWS\system32\wbem
2011-02-08 14:35:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-02-08 14:30:23 ----RSD---- C:\WINDOWS\Fonts
2011-02-08 14:28:26 ----A---- C:\WINDOWS\ODBC.INI
2011-02-08 14:27:32 ----A---- C:\WINDOWS\win.ini
2011-02-08 14:27:01 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-02-08 14:26:33 ----D---- C:\Program Files\Microsoft Works
2011-02-08 14:25:54 ----D---- C:\Program Files\Common Files\L&H
2011-02-08 14:25:38 ----D---- C:\WINDOWS\SHELLNEW
2011-02-08 14:24:44 ----D---- C:\Program Files\Common Files
2011-02-08 14:23:51 ----D---- C:\WINDOWS\Help
2011-02-08 13:24:48 ----D---- C:\Program Files\Common Files\Adobe
2011-02-08 13:24:35 ----D---- C:\Program Files\Adobe
2011-02-08 13:06:46 ----D---- C:\WINDOWS\network diagnostic
2011-02-08 12:56:18 ----D---- C:\WINDOWS\system32\en-us
2011-02-08 12:56:17 ----D---- C:\WINDOWS\Media
2011-02-08 11:07:17 ----D---- C:\WINDOWS\system32\config

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-07-23 14576]
R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2007-07-23 99808]
R0 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2010-08-25 344712]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PBADRV;PBADRV; C:\WINDOWS\system32\DRIVERS\PBADRV.sys [2007-09-07 26608]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-06-16 44944]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-07-23 30064]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2010-08-25 64208]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2008-04-01 64128]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 BCMWLNPF;Broadcom Netgroup Packet Filter; C:\WINDOWS\system32\drivers\bcmwlnpf.sys [2007-10-09 33664]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [2007-07-23 37360]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [2007-07-23 32848]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [2007-07-23 9104]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [2007-07-23 108752]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [2007-07-23 27216]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [2007-07-23 16304]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [2007-07-23 98448]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [2007-07-23 93552]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-07-23 52000]
R2 Ethpdrv;Ethernet Packet Driver; C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2005-09-08 9728]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2008-06-15 12672]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 WavxDMgr;WavxDMgr; C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys [2007-09-10 161280]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-09-19 155136]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-03-12 160256]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
R3 DXEC01;DXEC01; C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 97536]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-11-28 62208]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2008-06-15 985472]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2008-06-15 210688]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2010-08-25 76024]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2010-08-25 91896]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2010-08-25 43192]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-31 6727136]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-12-05 1222840]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2007-12-02 46992]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2008-04-01 41600]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2008-04-01 41856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WaveFDE;Wave System Power Monitor Device Driver; C:\WINDOWS\system32\DRIVERS\WaveFDE.sys [2007-09-06 18176]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2008-06-15 731264]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 IpwP;IPWireless 3G PCMCIA Network Adapter; C:\WINDOWS\system32\DRIVERS\ipwpnet.sys [2005-07-30 43184]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2010-08-25 66536]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2008-04-01 131712]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2008-04-01 36608]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2008-04-01 74240]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2008-04-01 18612]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ARISBusinessPublisher71;ARIS Business Publisher Server 7.1; C:\Program Files\ARIS7.1\BPServer\tomcat\bin\tomcat5.exe [2008-08-27 53248]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 Canon Driver Information Assist Service;Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [2007-11-08 2139496]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [2010-11-24 88176]
R2 McAfeeEngineService;McAfee Engine Service; C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [2010-08-25 22816]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2010-02-18 120128]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2010-08-25 147984]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2010-08-25 66880]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\WINDOWS\system32\mfevtps.exe [2010-08-25 69192]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2008-02-22 475136]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-31 163908]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\StacSV.exe [2007-12-05 94208]
R2 tcsd_win32.exe;NTRU TSS v1.2.1.25 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2007-11-08 1552384]
R2 TdmService;TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2007-09-07 737280]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 128360]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
R2 Wave UCSPlus;Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [2008-04-14 5120]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-10-09 24064]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-09 136176]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-25 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-10 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-08-31 486400]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632]
S3 WaveEnrollmentService;WaveEnrollmentService; C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe [2007-09-13 192512]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


dekuju za pomoc!!!

[Rudy]

Dejte log z ComboFix. Pokud by nešel normálně spustit, restartujte do nouz. režimu a zkuste ho spustit v něm.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[pafculka]

nejde mi nějak vypnout McAfee, nevím moc jak na to :-/

[pafculka]

jo ale už to jede....

[pafculka]

ComboFix 11-02-28.07 - umlauf 01.03.2011 19:59:57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.2046.1204 [GMT 1:00]
Spuštěný z: d:\d\Irena\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Burn4Free DB Toolbar\tbHElper.dll
c:\windows\system32\twunk_32.exe
D:\Autorun.inf

Nakažená kopie c:\windows\winhlp32.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\winhlp32.exe

Nakažená kopie c:\windows\system32\ntbackup.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\ntbackup.exe

Nakažená kopie c:\windows\system32\d3d9.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\d3d9.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-01 do 2011-03-01 )))))))))))))))))))))))))))))))
.

2011-03-01 17:50 . 2011-03-01 17:50 -------- d-----w- c:\program files\trend micro
2011-03-01 17:50 . 2011-03-01 17:50 -------- d-----w- C:\rsit
2011-02-25 20:50 . 2009-07-27 23:17 135168 ------w- c:\windows\system32\dllcache\shsvcs.dll
2011-02-18 08:55 . 2011-02-18 08:55 -------- d-----w- c:\documents and settings\umlauf\Local Settings\Application Data\Netviewer
2011-02-17 14:38 . 2011-02-17 14:41 -------- d-----w- c:\documents and settings\umlauf\Application Data\TeamViewer
2011-02-17 14:38 . 2011-02-17 14:38 -------- d-----w- c:\documents and settings\umlauf\temp
2011-02-09 09:08 . 2011-01-21 14:44 8462336 ----a-w- c:\windows\system32\SET63.tmp
2011-02-08 13:25 . 2011-02-08 13:25 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-02-08 12:20 . 2011-02-08 12:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-02-08 11:48 . 2011-02-08 11:51 -------- dc-h--w- c:\windows\ie8
2011-02-07 09:42 . 2011-02-07 09:42 -------- d-----w- c:\windows\tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-01 19:11 . 2008-10-15 08:22 0 ----a-w- c:\documents and settings\umlauf\Local Settings\Application Data\WavXMapDrive.bat
2011-01-07 14:09 . 2004-08-11 16:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-11 16:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-11 16:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-11 16:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-11 16:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-11 16:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-11 16:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-11 16:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-11 16:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-11 16:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2004-08-11 16:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 21:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2006-12-29 14:15 . 2008-09-18 06:48 3100672 ----a-w- c:\program files\Common Files\sapxlhelper.dll
2006-12-29 14:15 . 2008-09-18 06:48 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll
2006-12-29 14:15 . 2008-09-18 06:48 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll
2006-12-29 14:15 . 2008-09-18 06:48 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx
2010-08-25 19:07 . 2010-12-08 10:22 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2007-10-25 956296]
"eyeBeam SIP Client"="c:\program files\CounterPath\X-Lite\x-lite.exe" [2010-01-04 23941120]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-10 39408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-19 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"nwiz"="nwiz.exe" [2007-05-31 1626112]
"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
"NvMediaCenter"="NvMCTray.dll" [2007-05-31 81920]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-25 124224]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-02-18 136512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-9-4 50688]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 14:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-746137067-1957994488-1343024091-1133\Scripts\Logon\0\0]
"Script"=signatures.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-746137067-1957994488-1343024091-1133\Scripts\Logon\1\0]
"Script"=RegOfficeUsr.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-746137067-1957994488-1343024091-1133\Scripts\Logon\2\0]
"Script"=officelivefix.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-746137067-1957994488-1343024091-1133\Scripts\Logon\3\0]
"Script"=st2file.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-746137067-1957994488-1343024091-1133\Scripts\Logon\4\0]
"Script"=logons.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-746137067-1957994488-1343024091-1133\Scripts\Logon\5\0]
"Script"=map_users.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-746137067-1957994488-1343024091-1133\Scripts\Logon\6\0]
"Script"=map_nfs.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-746137067-1957994488-1343024091-1133\Scripts\Logon\7\0]
"Script"=map_cdlib.cmd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Canon\\DIAS\\CnxDIAS.exe"=
"c:\\Program Files\\ARIS7.0\\ReportServer.exe"=
"c:\\Program Files\\ARIS7.0\\LocalServer\\ASA9\\win32\\dbsrv9.exe"=
"c:\\Program Files\\ARIS7.0\\LocalServer\\jsl\\simusrv.exe"=
"d:\\D\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ARIS7.1\\ReportServer.exe"=
"c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 ARISBusinessPublisher71;ARIS Business Publisher Server 7.1;c:\program files\ARIS7.1\BPServer\tomcat\bin\tomcat5.exe [22.5.2009 13:57 53248]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [1.8.2007 21:30 9728]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.12.2008 15:46 222456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [23.12.2010 15:11 88176]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [25.8.2010 20:07 22816]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8.12.2010 11:22 69192]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [10.12.2010 13:29 92008]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [11.8.2004 17:00 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2.11.2006 12:32 97536]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.4.2010 8:01 136176]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 17:19 13592]
S3 IpwP;IPWireless 3G PCMCIA Network Adapter;c:\windows\system32\drivers\ipwpnet.sys [19.9.2008 7:41 43184]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8.12.2010 11:22 66536]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - uphcleanhlp
.
Obsah adresáře 'Naplánované úlohy'

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 07:01]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 07:01]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://intranet
TCP: {6918EC05-7CF8-4CC9-92CE-8D5264361B8C} = 192.168.242.245 192.168.243.245
FF - ProfilePath - c:\documents and settings\umlauf\Application Data\Mozilla\Firefox\Profiles\h1iui2u2.default\
FF - prefs.js: browser.search.selectedEngine - Bezpečné vyhledávání
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
AddRemove-GIS 3rdParty VScan Uninstaller - c:\program files\Common Files\Setup32\Setup.exe
AddRemove-McAfee Agent - c:\program files\Common Files\Setup32\Setup.exe
AddRemove-McAfee MA-VSE - c:\program files\Common Files\Setup32\Setup.exe
AddRemove-McAfee VirusScan Enterprise [setup] 8.7.0.570.3 - c:\program files\Common Files\Setup32\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-01 20:11
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\BCMLogon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\DIAS\CnxDIAS.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\StacSV.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\system32\RunDLL32.exe
c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\windows\system32\SearchFilterHost.exe
c:\windows\system32\SearchProtocolHost.exe
.
**************************************************************************
.
Celkový čas: 2011-03-01 20:20:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-01 19:20

Před spuštěním: 7 416 066 048 bytes free
Po spuštění: 19 771 408 384 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F52CD71DDE251E750835219C6AB46A08

[Rudy]

3 infikované položky byly smazány a další 3 nahrazeny ze zálohy. Zbytek logu vypadá čistý. nastala nějaká změna?