VIRY.CZ

Dobry den, pred par dny mi avira nasla tento trojan a stale se mi ho nedari zbavit. Nema nekdo radu jak na to? Za kazdy tip budu vdecny..Diky

Dejte log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 .

Log RSIT :
Logfile of random's system information tool 1.08 (written by random/random)
Run by Michal at 2010-07-13 22:16:57
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (4%) free of 57 GB
Total RAM: 1022 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:17, on 2010-07-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\dllhost.exe
C:\instalacky\RSIT.exe
C:\Program Files\trend micro\Michal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PNBHO - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4640 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD}]
DeLorme Send To GPS - C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll [2009-06-02 132392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-12 88204]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-02-27 16005120]
"KTPWare"=C:\Program Files\Elantech\ktp.exe [2006-03-28 512000]
"tsnp2std"=C:\WINDOWS\system32\tsnp2std.exe [2006-06-14 331776]
"snp2std"=C:\WINDOWS\vsnp2std.exe [2006-05-15 675840]
"CASS"=C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe [2006-06-20 184320]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-02-08 7405568]
"nwiz"=nwiz.exe /install []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\hry\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="C:\hry\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\hry\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="C:\hry\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-07-13 22:16:57 ----D---- C:\rsit
2010-07-13 22:16:57 ----D---- C:\Program Files\trend micro
2010-07-13 18:14:39 ----D---- C:\WINDOWS\temp
2010-07-13 18:14:37 ----A---- C:\ComboFix.txt
2010-07-13 18:07:10 ----A---- C:\WINDOWS\PEV.exe
2010-07-13 18:07:10 ----A---- C:\WINDOWS\MBR.exe
2010-07-13 18:05:16 ----D---- C:\ComboFix
2010-07-13 18:03:33 ----A---- C:\WINDOWS\system32\CF23601.exe
2010-07-13 17:50:03 ----A---- C:\Boot.bak
2010-07-13 17:49:57 ----RASHD---- C:\cmdcons
2010-07-13 17:48:25 ----A---- C:\WINDOWS\zip.exe
2010-07-13 17:48:25 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-13 17:48:25 ----A---- C:\WINDOWS\SWSC.exe
2010-07-13 17:48:25 ----A---- C:\WINDOWS\SWREG.exe
2010-07-13 17:48:25 ----A---- C:\WINDOWS\sed.exe
2010-07-13 17:48:25 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-13 17:48:25 ----A---- C:\WINDOWS\grep.exe
2010-07-13 17:48:05 ----D---- C:\WINDOWS\ERDNT
2010-07-13 17:48:02 ----A---- C:\WINDOWS\system32\CF20554.exe
2010-07-13 17:47:57 ----D---- C:\Qoobox
2010-07-13 13:51:58 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-07-13 12:49:53 ----A---- C:\WINDOWS\system32\drivers\Lbd.sys
2010-07-13 12:49:49 ----A---- C:\WINDOWS\system32\drivers\SBREDrv.sys
2010-07-13 12:37:21 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-07-13 12:36:33 ----D---- C:\Program Files\Lavasoft
2010-07-13 12:36:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-07-13 12:28:32 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-07-13 12:18:04 ----D---- C:\WINDOWS\system32\PreInstall
2010-07-13 12:18:01 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-07-13 12:18:01 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-28 16:01:49 ----A---- C:\LOGFILE.TXT
2010-06-28 16:00:53 ----A---- C:\WINDOWS\WTRDCTM.INI
2010-06-28 15:58:30 ----D---- C:\Program Files\pctranslator2010
2010-06-28 15:57:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\LangSoft
2010-06-28 15:57:27 ----D---- C:\Documents and Settings\Michal\Data aplikací\LangSoft
2010-06-28 00:33:01 ----D---- C:\Documents and Settings\Michal\Data aplikací\Avira
2010-06-28 00:31:42 ----D---- C:\Program Files\URLToolBHO
2010-06-28 00:28:19 ----D---- C:\WINDOWS\system32\QuickTime
2010-06-28 00:28:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Macromedia
2010-06-28 00:28:13 ----D---- C:\Program Files\Macromedia
2010-06-28 00:28:13 ----D---- C:\Program Files\Common Files\Macromedia
2010-06-21 19:43:28 ----RA---- C:\WINDOWS\system32\w39MLRes.dll
2010-06-21 19:43:27 ----RA---- C:\WINDOWS\system32\w39NCPA.dll
2010-06-21 19:43:26 ----RA---- C:\WINDOWS\system32\drivers\w39n51.sys

======List of files/folders modified in the last 1 months======

2010-07-13 22:17:25 ----D---- C:\Documents and Settings\Michal\Data aplikací\Skype
2010-07-13 22:17:10 ----D---- C:\WINDOWS\Prefetch
2010-07-13 22:16:57 ----RD---- C:\Program Files
2010-07-13 22:16:18 ----D---- C:\instalacky
2010-07-13 20:17:37 ----D---- C:\Documents and Settings\Michal\Data aplikací\skypePM
2010-07-13 20:11:13 ----D---- C:\WINDOWS\system32\NtmsData
2010-07-13 18:49:42 ----SD---- C:\WINDOWS\Tasks
2010-07-13 18:29:44 ----D---- C:\WINDOWS\Registration
2010-07-13 18:14:39 ----D---- C:\WINDOWS
2010-07-13 18:13:33 ----A---- C:\WINDOWS\system.ini
2010-07-13 18:13:25 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-13 18:11:47 ----D---- C:\WINDOWS\system32\drivers
2010-07-13 18:11:47 ----D---- C:\WINDOWS\system32
2010-07-13 18:11:47 ----D---- C:\WINDOWS\AppPatch
2010-07-13 18:11:42 ----D---- C:\Program Files\Common Files
2010-07-13 18:07:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-13 18:07:27 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-13 17:50:03 ----RASH---- C:\boot.ini
2010-07-13 15:26:49 ----D---- C:\Program Files\Mozilla Firefox
2010-07-13 12:57:35 ----HD---- C:\WINDOWS\inf
2010-07-13 12:55:05 ----D---- C:\WINDOWS\system32\Lang
2010-07-13 12:49:53 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-13 12:41:07 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-13 12:38:02 ----D---- C:\WINDOWS\Debug
2010-07-13 12:37:21 ----SHD---- C:\WINDOWS\Installer
2010-07-13 12:36:26 ----D---- C:\WINDOWS\WinSxS
2010-07-11 17:05:29 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-06 16:58:48 ----D---- C:\masha
2010-06-29 19:24:16 ----D---- C:\Program Files\Opera
2010-06-28 00:55:07 ----D---- C:\Program Files\Internet Explorer
2010-06-28 00:31:11 ----D---- C:\Documents and Settings\Michal\Data aplikací\Macromedia
2010-06-28 00:28:24 ----SD---- C:\Documents and Settings\Michal\Data aplikací\Microsoft
2010-06-28 00:27:19 ----D---- C:\WINDOWS\Downloaded Installations
2010-06-21 21:04:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-21 19:24:27 ----D---- C:\Documents and Settings\Michal\Data aplikací\MSN6
2010-06-21 19:18:45 ----A---- C:\WINDOWS\system32\results.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-07-13 64288]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 CPEb;CPEb; C:\WINDOWS\system32\drivers\CPEb.sys [2009-06-15 8192]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-06-13 278984]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-06-13 25416]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-12-12 1124097]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2005-03-29 116594]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-03-23 61056]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-03-23 37888]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-02-27 4241920]
R3 Ktp;Elantech Touchpad; C:\WINDOWS\system32\DRIVERS\Ktp.sys [2006-03-18 27904]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-02-08 3640608]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-04-24 83584]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-02-25 1428480]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-06-15 721904]
S1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Michal\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Michal\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-03 11136]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-03 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-05-23 10304384]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-02-08 143426]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-13 1352832]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-08 208896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

Pokud nejdřív uděláte sken ComboFix, RSIT logicky nic nenajde. Toto je největší hloupost, co jste mohl udělat, smazal jste veškeré stopy. V C:\combofix.txt by měl být log z CF. Vložte ho sem.

To se omlouvam, ale vubec jsem to netusil. S odvirovavanim nemam moc zkusenosti.
log z CF je:
ComboFix 10-07-12.06 - Michal 2010-07-13 18:09:24.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1022.730 [GMT 2:00]
Spuštěný z: c:\instalacky\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\URLToolBHO\lp.Dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-13 do 2010-07-13 )))))))))))))))))))))))))))))))
.

2010-07-13 16:03 . 2010-07-13 16:03 389632 ----a-w- c:\windows\system32\CF23601.exe
2010-07-13 15:48 . 2010-07-13 15:47 389632 ----a-w- c:\windows\system32\CF20554.exe
2010-07-13 11:51 . 2010-07-13 10:49 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-13 10:49 . 2010-07-13 10:48 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-13 10:49 . 2010-07-13 10:49 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-13 10:36 . 2010-07-13 10:36 -------- d-----w- c:\program files\Lavasoft
2010-07-13 10:28 . 2010-07-13 10:28 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-07-13 10:18 . 2010-07-13 10:26 -------- d--h--w- c:\windows\$hf_mig$
2010-06-28 13:58 . 2010-06-28 14:00 -------- d-----w- c:\program files\pctranslator2010
2010-06-27 22:31 . 2010-07-13 16:13 -------- d-----w- c:\program files\URLToolBHO
2010-06-27 22:28 . 2010-06-27 22:28 -------- d-----w- c:\windows\system32\QuickTime
2010-06-27 22:28 . 2010-06-27 22:29 -------- d-----w- c:\program files\Common Files\Macromedia
2010-06-27 22:28 . 2010-06-27 22:28 -------- d-----w- c:\program files\Macromedia
2010-06-21 17:43 . 2006-03-02 02:26 2600960 ----a-r- c:\windows\system32\w39MLRes.dll
2010-06-21 17:43 . 2006-03-02 02:26 487424 ----a-r- c:\windows\system32\w39NCPA.dll
2010-06-21 17:43 . 2006-02-25 19:43 1428480 ----a-r- c:\windows\system32\drivers\w39n51.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 17:24 . 2009-06-22 16:45 -------- d-----w- c:\program files\Opera
2010-06-21 19:04 . 2001-10-25 12:00 47238 ----a-w- c:\windows\system32\perfc005.dat
2010-06-21 19:04 . 2001-10-25 12:00 313132 ----a-w- c:\windows\system32\perfh005.dat
2010-06-13 07:00 . 2010-06-13 06:19 -------- d-----w- c:\program files\Zaklínač
2010-06-13 06:39 . 2009-06-15 13:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-13 06:32 . 2010-06-13 06:32 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-13 06:32 . 2010-06-13 06:32 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-08 13:35 . 2010-01-06 17:20 -------- d-----w- c:\program files\Google
2010-06-08 13:02 . 2010-06-08 13:02 -------- d-----w- c:\program files\Avira
2010-06-08 12:57 . 2009-06-22 16:47 -------- d-----w- c:\program files\QIP
2010-06-08 12:55 . 2010-06-08 12:55 -------- d-----w- c:\program files\CCleaner
2010-04-18 17:01 . 2010-04-18 17:01 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-18 07:10 . 2010-04-18 07:10 0 ----a-w- c:\windows\nsreg.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CASS"="c:\program files\Compal Electronics" [X]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88204]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 16005120]
"KTPWare"="c:\program files\Elantech\ktp.exe" [2006-03-28 512000]
"tsnp2std"="c:\windows\system32\tsnp2std.exe" [2006-06-14 331776]
"snp2std"="c:\windows\vsnp2std.exe" [2006-05-15 675840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-08 7405568]
"nwiz"="nwiz.exe" [2006-02-08 1519616]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"195.137.182.212,255.255.255.255,192.168.1.100,1"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\hry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\hry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9451:TCP"= 9451:TCP:xqlvubzf

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-07-13 64288]
R1 CPEb;CPEb;c:\windows\system32\drivers\CPEb.sys [2009-06-15 8192]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-06-08 135336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1352832]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2009-06-15 36352]
S2 jmkagmp;Installer Image;c:\windows\system32\svchost.exe -k netsvcs [2001-10-25 14336]
S2 nmaicjxnw;Monitor Shell;c:\windows\system32\svchost.exe -k netsvcs [2001-10-25 14336]
S2 yumuwnkrr;Config Windows;c:\windows\system32\svchost.exe -k netsvcs [2001-10-25 14336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-06-15 721904]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nmaicjxnw
yumuwnkrr
jmkagmp
.
Obsah adresáře 'Naplánované úlohy'

2010-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 10:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.idnes.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\o56fqrer.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\URLToolBHO\FF_A\components\FFModule.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-PC Translator - c:\docume~1\Michal\LOCALS~1\Temp\UN32.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-13 18:13
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jmkagmp]
"ServiceDll"="c:\program files\Movie Maker\zrzsmdtr.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nmaicjxnw]
"ServiceDll"="c:\windows\system32\zrzsmdtr.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yumuwnkrr]
"ServiceDll"="c:\program files\Internet Explorer\zrzsmdtr.dll"
.
Celkový čas: 2010-07-13 18:14:37
ComboFix-quarantined-files.txt 2010-07-13 16:14

Před spuštěním: 2,662,752,256
Po spuštění: 2,627,649,536

- - End Of File - - D478D6449C3BDE460B200D184820BF7D

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Driver::
nmaicjxnw
yumuwnkrr
jmkagmp

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Zdravim. Tak jsem provedl, jak jste mi napsal a vyhodilo mi to tento log :
ComboFix 10-07-14.01 - Michal 14.07.2010 23:29:10.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.704 [GMT 2:00]
Spuštěný z: c:\documents and settings\Michal\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Michal\Plocha\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JMKAGMP
-------\Legacy_NMAICJXNW
-------\Legacy_YUMUWNKRR
-------\Service_jmkagmp
-------\Service_nmaicjxnw
-------\Service_yumuwnkrr


((((((((((((((((((((((((( Soubory vytvořené od 2010-06-14 do 2010-07-14 )))))))))))))))))))))))))))))))
.

2010-07-13 22:05 . 2010-07-13 22:05 -------- d-----w- c:\program files\MSXML 4.0
2010-07-13 20:16 . 2010-07-13 20:18 -------- d-----w- C:\rsit
2010-07-13 20:16 . 2010-07-13 20:17 -------- d-----w- c:\program files\trend micro
2010-07-13 16:03 . 2010-07-13 16:03 389632 ----a-w- c:\windows\system32\CF23601.exe
2010-07-13 15:48 . 2010-07-13 15:47 389632 ----a-w- c:\windows\system32\CF20554.exe
2010-07-13 11:51 . 2010-07-13 10:49 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-13 10:49 . 2010-07-13 10:48 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-13 10:49 . 2010-07-13 10:49 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-13 10:36 . 2010-07-13 10:36 -------- d-----w- c:\program files\Lavasoft
2010-07-13 10:28 . 2010-07-13 10:28 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-07-13 10:26 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-07-13 10:25 . 2009-12-31 16:14 352640 -c----w- c:\windows\system32\dllcache\srv.sys
2010-07-13 10:25 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-07-13 10:25 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-07-13 10:25 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-07-13 10:24 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-13 10:24 . 2009-06-21 22:07 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-07-13 10:23 . 2009-11-21 16:46 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-07-13 10:22 . 2009-06-05 07:46 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-07-13 10:20 . 2009-10-13 10:53 267776 -c----w- c:\windows\system32\dllcache\oakley.dll
2010-07-13 10:20 . 2008-10-15 17:00 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-07-13 10:20 . 2008-04-21 21:28 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-07-13 10:17 . 2009-07-31 04:59 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-06-28 13:58 . 2010-06-28 14:00 -------- d-----w- c:\program files\pctranslator2010
2010-06-27 22:31 . 2010-07-13 16:13 -------- d-----w- c:\program files\URLToolBHO
2010-06-27 22:28 . 2010-06-27 22:28 -------- d-----w- c:\windows\system32\QuickTime
2010-06-27 22:28 . 2010-06-27 22:29 -------- d-----w- c:\program files\Common Files\Macromedia
2010-06-27 22:28 . 2010-06-27 22:28 -------- d-----w- c:\program files\Macromedia
2010-06-21 17:43 . 2006-03-02 02:26 2600960 ----a-r- c:\windows\system32\w39MLRes.dll
2010-06-21 17:43 . 2006-03-02 02:26 487424 ----a-r- c:\windows\system32\w39NCPA.dll
2010-06-21 17:43 . 2006-02-25 19:43 1428480 ----a-r- c:\windows\system32\drivers\w39n51.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 11:36 . 2001-10-25 12:00 47238 ----a-w- c:\windows\system32\perfc005.dat
2010-07-14 11:36 . 2001-10-25 12:00 313132 ----a-w- c:\windows\system32\perfh005.dat
2010-06-29 17:24 . 2009-06-22 16:45 -------- d-----w- c:\program files\Opera
2010-06-13 07:00 . 2010-06-13 06:19 -------- d-----w- c:\program files\Zaklínač
2010-06-13 06:39 . 2009-06-15 13:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-13 06:32 . 2010-06-13 06:32 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-13 06:32 . 2010-06-13 06:32 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-08 13:35 . 2010-01-06 17:20 -------- d-----w- c:\program files\Google
2010-06-08 13:02 . 2010-06-08 13:02 -------- d-----w- c:\program files\Avira
2010-06-08 12:57 . 2009-06-22 16:47 -------- d-----w- c:\program files\QIP
2010-06-08 12:55 . 2010-06-08 12:55 -------- d-----w- c:\program files\CCleaner
2010-05-02 08:27 . 2001-10-25 12:00 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:48 . 2001-10-25 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-18 17:01 . 2010-04-18 17:01 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-18 07:10 . 2010-04-18 07:10 0 ----a-w- c:\windows\nsreg.dat
2010-04-16 15:38 . 2001-10-25 12:00 663040 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 15:38 . 2009-06-09 07:14 81920 ------w- c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-13_16.13.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-28 21:42 . 2009-06-28 21:42 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2001-10-25 12:00 . 2009-06-25 08:48 59392 c:\windows\system32\wdigest.dll
+ 2010-07-13 10:21 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2001-10-25 12:00 . 2009-06-15 11:33 81408 c:\windows\system32\tlntsess.exe
+ 2001-10-25 12:00 . 2009-06-15 11:33 78336 c:\windows\system32\telnet.exe
+ 2009-06-09 07:10 . 2008-07-09 07:36 26488 c:\windows\system32\spupdsvc.exe
+ 2010-07-13 22:04 . 2009-05-26 11:40 18296 c:\windows\system32\spmsg.dll
+ 2001-10-25 12:00 . 2009-06-25 08:48 56320 c:\windows\system32\secur32.dll
+ 2001-10-25 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
+ 2001-10-25 12:00 . 2009-10-12 13:54 69632 c:\windows\system32\raschap.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 69632 c:\windows\system32\raschap.dll
+ 2001-10-25 12:00 . 2010-04-16 15:38 39424 c:\windows\system32\pngfilt.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 39424 c:\windows\system32\pngfilt.dll
+ 2001-10-25 12:00 . 2010-07-14 11:36 41170 c:\windows\system32\perfc009.dat
- 2001-10-25 12:00 . 2010-06-21 19:04 41170 c:\windows\system32\perfc009.dat
+ 2009-06-09 06:51 . 2008-06-12 14:19 91648 c:\windows\system32\mtxoci.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 66560 c:\windows\system32\mtxclu.dll
+ 2001-10-25 12:00 . 2008-06-12 14:19 66560 c:\windows\system32\mtxclu.dll
+ 2001-10-24 12:24 . 2009-11-27 17:35 17920 c:\windows\system32\msyuv.dll
+ 2001-10-25 12:00 . 2009-11-27 16:40 28672 c:\windows\system32\msvidc32.dll
+ 2001-10-25 12:00 . 2009-11-27 16:40 11264 c:\windows\system32\msrle32.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 11264 c:\windows\system32\msrle32.dll
+ 2009-06-09 06:51 . 2008-06-12 14:19 58880 c:\windows\system32\msdtclog.dll
- 2009-06-09 06:51 . 2004-08-17 13:49 58880 c:\windows\system32\msdtclog.dll
+ 2001-10-25 12:00 . 2008-06-24 16:24 74240 c:\windows\system32\mscms.dll
+ 2001-10-25 12:00 . 2009-09-04 20:47 58880 c:\windows\system32\msasn1.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 48640 c:\windows\system32\mqupgrd.dll
+ 2001-10-25 12:00 . 2009-06-25 18:37 48640 c:\windows\system32\mqupgrd.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 95744 c:\windows\system32\mqsec.dll
+ 2001-10-25 12:00 . 2009-06-25 18:37 95744 c:\windows\system32\mqsec.dll
+ 2001-10-25 12:00 . 2009-06-25 18:37 16896 c:\windows\system32\mqise.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 16896 c:\windows\system32\mqise.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 47104 c:\windows\system32\mqdscli.dll
+ 2001-10-25 12:00 . 2009-06-25 18:37 47104 c:\windows\system32\mqdscli.dll
+ 2001-10-25 12:00 . 2009-06-22 11:49 19968 c:\windows\system32\mqbkup.exe
- 2001-10-25 12:00 . 2004-08-17 13:49 19968 c:\windows\system32\mqbkup.exe
+ 2001-10-25 12:00 . 2010-04-16 15:38 16384 c:\windows\system32\jsproxy.dll
+ 2001-10-24 12:24 . 2009-11-27 16:40 48128 c:\windows\system32\iyuv_32.dll
+ 2001-10-25 12:00 . 2010-04-16 15:38 96768 c:\windows\system32\inseng.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 96768 c:\windows\system32\inseng.dll
+ 2001-10-25 12:00 . 2009-10-15 17:22 82432 c:\windows\system32\fontsub.dll
- 2009-06-09 07:14 . 2004-08-17 13:49 55808 c:\windows\system32\extmgr.dll
+ 2009-06-09 07:14 . 2010-04-16 15:38 55808 c:\windows\system32\extmgr.dll
+ 2001-10-25 12:00 . 2009-06-22 11:48 91776 c:\windows\system32\drivers\mqac.sys
+ 2001-10-25 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2010-07-13 10:18 . 2009-06-25 08:48 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-15 11:33 . 2009-06-15 11:33 81408 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-15 11:33 . 2009-06-15 11:33 78336 c:\windows\system32\dllcache\telnet.exe
+ 2010-07-13 10:18 . 2009-06-25 08:48 56320 c:\windows\system32\dllcache\secur32.dll
+ 2001-10-25 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2009-10-12 13:54 . 2009-10-12 13:54 69632 c:\windows\system32\dllcache\raschap.dll
+ 2010-04-16 15:38 . 2010-04-16 15:38 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:19 . 2008-06-12 14:19 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:19 . 2008-06-12 14:19 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-11-27 17:35 . 2009-11-27 17:35 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2001-10-25 12:00 . 2009-11-27 16:40 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:40 . 2009-11-27 16:40 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2008-06-12 14:19 . 2008-06-12 14:19 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2008-06-24 16:24 . 2008-06-24 16:24 74240 c:\windows\system32\dllcache\mscms.dll
+ 2009-09-04 20:47 . 2009-09-04 20:47 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2010-07-13 10:18 . 2009-06-25 18:37 48640 c:\windows\system32\dllcache\mqupgrd.dll
+ 2010-07-13 10:18 . 2009-06-25 18:37 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2010-07-13 10:18 . 2009-06-25 18:37 16896 c:\windows\system32\dllcache\mqise.dll
+ 2010-07-13 10:18 . 2009-06-25 18:37 47104 c:\windows\system32\dllcache\mqdscli.dll
+ 2010-07-13 10:18 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2010-07-13 10:18 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys
+ 2010-07-13 10:18 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys
+ 2010-04-16 15:38 . 2010-04-16 15:38 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:40 . 2009-11-27 16:40 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2010-04-16 15:38 . 2010-04-16 15:38 96768 c:\windows\system32\dllcache\inseng.dll
+ 2010-04-16 15:38 . 2010-04-16 15:38 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2010-04-16 13:36 . 2010-04-16 13:36 18432 c:\windows\system32\dllcache\iedw.exe
+ 2001-10-25 12:00 . 2009-10-15 17:22 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2010-04-16 15:38 . 2010-04-16 15:38 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2009-12-14 07:37 . 2009-12-14 07:37 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2010-07-13 10:21 . 2005-07-26 04:42 60416 c:\windows\system32\dllcache\colbact.dll
+ 2010-01-13 14:10 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll
+ 2009-11-27 16:40 . 2009-11-27 16:40 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 18:57 . 2009-07-17 18:57 58880 c:\windows\system32\dllcache\atl.dll
+ 2010-03-05 14:57 . 2010-03-05 14:57 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2001-10-25 12:00 . 2009-12-14 07:37 33280 c:\windows\system32\csrsrv.dll
+ 2009-06-09 06:57 . 2010-07-13 17:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-09 06:57 . 2009-06-09 07:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-09 06:57 . 2009-06-09 07:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-06-09 06:57 . 2010-07-13 17:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-06-09 06:57 . 2009-06-09 07:20 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-07-13 17:28 . 2010-07-13 17:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-06-09 06:51 . 2005-07-26 04:42 60416 c:\windows\system32\colbact.dll
+ 2001-10-25 12:00 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll
+ 2001-10-25 12:00 . 2009-11-27 16:40 84992 c:\windows\system32\avifil32.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 84992 c:\windows\system32\avifil32.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 58880 c:\windows\system32\atl.dll
+ 2001-10-25 12:00 . 2009-07-17 18:57 58880 c:\windows\system32\atl.dll
+ 2001-10-25 12:00 . 2010-03-05 14:57 65536 c:\windows\system32\asycfilt.dll
+ 2010-07-13 22:05 . 2010-07-13 22:05 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2010-07-13 22:05 . 2010-07-13 22:05 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2009-11-27 17:35 . 2009-11-27 17:35 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:40 . 2009-11-27 16:40 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2001-10-24 12:25 . 2009-11-27 16:40 8704 c:\windows\system32\tsbyuv.dll
+ 2001-10-25 12:00 . 2009-06-22 11:49 4608 c:\windows\system32\mqsvc.exe
- 2001-10-25 12:00 . 2004-08-17 13:49 4608 c:\windows\system32\mqsvc.exe
+ 2009-11-27 16:40 . 2009-11-27 16:40 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2010-07-13 10:18 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2009-11-27 16:40 . 2009-11-27 16:40 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2008-02-17 02:33 . 2010-04-16 13:47 360448 c:\windows\system32\xpsp3res.dll
+ 2009-06-09 07:14 . 2009-04-03 10:15 485376 c:\windows\system32\wmspdmod.dll
- 2009-06-09 07:14 . 2004-08-17 13:49 233472 c:\windows\system32\wmpdxm.dll
+ 2009-06-09 07:14 . 2009-07-13 00:18 233472 c:\windows\system32\wmpdxm.dll
+ 2001-10-25 12:00 . 2009-06-10 06:31 132096 c:\windows\system32\wkssvc.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 132096 c:\windows\system32\wkssvc.dll
+ 2001-10-25 12:00 . 2009-12-24 07:07 177664 c:\windows\system32\wintrust.dll
- 2009-06-09 07:14 . 2004-08-17 13:49 351232 c:\windows\system32\winhttp.dll
+ 2009-06-09 07:14 . 2008-12-16 12:50 351232 c:\windows\system32\winhttp.dll
+ 2009-06-09 06:51 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2009-06-09 06:51 . 2009-02-09 10:22 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2009-06-09 06:51 . 2009-02-09 10:22 473088 c:\windows\system32\wbem\fastprox.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 417792 c:\windows\system32\vbscript.dll
+ 2001-10-25 12:00 . 2010-03-10 08:07 417792 c:\windows\system32\vbscript.dll
+ 2001-10-25 12:00 . 2010-04-16 15:38 625152 c:\windows\system32\urlmon.dll
+ 2001-10-25 12:00 . 2009-10-15 20:52 119808 c:\windows\system32\t2embed.dll
+ 2001-10-25 12:00 . 2009-08-26 08:16 247326 c:\windows\system32\strmdll.dll
+ 2001-10-25 12:00 . 2009-06-25 08:48 168448 c:\windows\system32\schannel.dll
+ 2001-10-25 12:00 . 2010-04-16 15:38 474112 c:\windows\system32\shlwapi.dll
+ 2001-10-25 12:00 . 2009-06-25 18:37 169472 c:\windows\system32\Setup\msmqocm.dll
+ 2001-10-25 12:00 . 2009-02-09 10:11 111104 c:\windows\system32\services.exe
+ 2001-10-25 12:00 . 2009-02-09 10:22 399360 c:\windows\system32\rpcss.dll
+ 2001-10-25 12:00 . 2009-04-15 15:18 584192 c:\windows\system32\rpcrt4.dll
+ 2010-07-13 21:02 . 2005-01-07 15:07 138752 c:\windows\system32\ReinstallBackups\0016\DriverFiles\hdaudbus.sys
+ 2001-10-25 12:00 . 2009-10-12 13:54 112640 c:\windows\system32\rastls.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 112640 c:\windows\system32\rastls.dll
- 2001-10-25 12:00 . 2010-06-21 19:04 314842 c:\windows\system32\perfh009.dat
+ 2001-10-25 12:00 . 2010-07-14 11:36 314842 c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2004-08-17 13:49 283648 c:\windows\system32\pdh.dll
+ 2001-10-25 12:00 . 2009-03-06 14:47 283648 c:\windows\system32\pdh.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 267776 c:\windows\system32\oakley.dll
+ 2001-10-25 12:00 . 2009-10-13 10:53 267776 c:\windows\system32\oakley.dll
+ 2001-10-25 12:00 . 2009-02-09 10:22 709632 c:\windows\system32\ntdll.dll
+ 2001-10-25 12:00 . 2008-10-15 17:00 332800 c:\windows\system32\netapi32.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 247296 c:\windows\system32\mswsock.dll
+ 2001-10-25 12:00 . 2008-06-20 17:42 247296 c:\windows\system32\mswsock.dll
+ 2001-10-25 12:00 . 2009-08-05 09:07 205312 c:\windows\system32\mswebdvd.dll
+ 2001-10-25 12:00 . 2009-09-11 14:35 133632 c:\windows\system32\msv1_0.dll
+ 2009-06-09 06:51 . 2009-06-05 07:46 655872 c:\windows\system32\mstscax.dll
+ 2001-10-25 12:00 . 2010-04-16 15:38 532480 c:\windows\system32\mstime.dll
+ 2001-10-25 12:00 . 2010-04-16 15:38 146432 c:\windows\system32\msrating.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 146432 c:\windows\system32\msrating.dll
- 2009-06-09 06:52 . 2004-08-17 13:49 343552 c:\windows\system32\mspaint.exe
+ 2009-06-09 06:52 . 2009-12-17 08:00 343552 c:\windows\system32\mspaint.exe
+ 2001-10-25 12:00 . 2010-04-16 15:38 449024 c:\windows\system32\mshtmled.dll
+ 2009-06-09 06:51 . 2008-06-12 14:19 161792 c:\windows\system32\msdtcuiu.dll
+ 2009-06-09 06:51 . 2008-06-12 14:19 956928 c:\windows\system32\msdtctm.dll
+ 2009-06-09 06:51 . 2008-06-12 14:19 428032 c:\windows\system32\msdtcprx.dll
+ 2001-10-25 12:00 . 2009-06-25 18:37 489472 c:\windows\system32\mqutil.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 489472 c:\windows\system32\mqutil.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 186880 c:\windows\system32\mqtrig.dll
+ 2001-10-25 12:00 . 2009-06-25 18:37 186880 c:\windows\system32\mqtrig.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 117248 c:\windows\system32\mqtgsvc.exe
+ 2001-10-25 12:00 . 2009-06-22 11:49 117248 c:\windows\system32\mqtgsvc.exe
+ 2001-10-25 12:00 . 2009-06-25 18:37 517120 c:\windows\system32\mqsnap.dll
+ 2001-10-25 12:00 . 2009-06-25 18:37 123392 c:\windows\system32\mqrtdep.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 123392 c:\windows\system32\mqrtdep.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 177152 c:\windows\system32\mqrt.dll
+ 2001-10-25 12:00 . 2009-06-25 18:37 177152 c:\windows\system32\mqrt.dll
+ 2001-10-25 12:00 . 2009-06-25 18:37 661504 c:\windows\system32\mqqm.dll
+ 2001-10-25 12:00 . 2009-06-25 18:37 225280 c:\windows\system32\mqoa.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 225280 c:\windows\system32\mqoa.dll
+ 2001-10-25 12:00 . 2009-06-25 18:37 138240 c:\windows\system32\mqad.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 138240 c:\windows\system32\mqad.dll
+ 2001-10-25 12:00 . 2009-06-25 08:48 723456 c:\windows\system32\lsasrv.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 103936 c:\windows\system32\logagent.exe
+ 2001-10-25 12:00 . 2008-06-09 23:31 103936 c:\windows\system32\logagent.exe
+ 2001-10-25 12:00 . 2009-05-07 15:44 345088 c:\windows\system32\localspl.dll
+ 2001-10-25 12:00 . 2009-03-21 14:21 984576 c:\windows\system32\kernel32.dll
+ 2001-10-25 12:00 . 2009-06-25 08:48 298496 c:\windows\system32\kerberos.dll
+ 2001-10-25 12:00 . 2009-08-21 06:52 450560 c:\windows\system32\jscript.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 450560 c:\windows\system32\jscript.dll
+ 2009-06-09 06:53 . 2010-01-29 15:07 683520 c:\windows\system32\inetcomm.dll
+ 2001-10-25 12:00 . 2010-04-16 15:38 251392 c:\windows\system32\iepeers.dll
+ 2001-10-25 12:00 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
+ 2009-06-09 08:45 . 2010-07-14 11:32 135664 c:\windows\system32\FNTCACHE.DAT
- 2009-06-09 08:45 . 2009-11-30 08:05 135664 c:\windows\system32\FNTCACHE.DAT
+ 2001-10-25 12:00 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll
+ 2001-10-25 12:00 . 2010-04-16 15:38 205312 c:\windows\system32\dxtrans.dll
+ 2001-10-25 12:00 . 2010-04-16 15:38 357888 c:\windows\system32\dxtmsft.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 357888 c:\windows\system32\dxtmsft.dll
+ 2001-10-25 12:00 . 2010-02-11 12:01 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2001-10-25 12:00 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2001-10-25 12:00 . 2009-12-31 16:14 352640 c:\windows\system32\drivers\srv.sys
+ 2001-10-25 12:00 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
+ 2001-10-25 12:00 . 2010-02-24 12:31 454016 c:\windows\system32\drivers\mrxsmb.sys
+ 2009-06-09 07:14 . 2008-06-14 18:00 272128 c:\windows\system32\drivers\bthport.sys
+ 2001-10-25 12:00 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
+ 2001-10-25 12:00 . 2008-06-20 17:42 148992 c:\windows\system32\dnsapi.dll
+ 2009-04-03 10:15 . 2009-04-03 10:15 485376 c:\windows\system32\dllcache\wmspdmod.dll
+ 2009-07-13 00:18 . 2009-07-13 00:18 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2010-07-13 10:21 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2010-07-13 10:21 . 2009-02-09 10:22 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2009-06-10 06:31 . 2009-06-10 06:31 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2009-12-24 07:07 . 2009-12-24 07:07 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2010-04-16 15:38 . 2010-04-16 15:38 663040 c:\windows\system32\dllcache\wininet.dll
+ 2010-07-13 10:18 . 2008-12-16 12:50 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2010-07-13 10:18 . 2010-03-10 08:07 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2010-04-16 15:38 . 2010-04-16 15:38 625152 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-20 09:52 . 2010-02-11 12:01 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-06-20 10:45 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2009-10-15 20:52 . 2009-10-15 20:52 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-08-26 08:16 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2010-07-13 10:18 . 2009-06-25 08:48 168448 c:\windows\system32\dllcache\schannel.dll
+ 2010-04-16 15:38 . 2010-04-16 15:38 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2010-07-13 10:21 . 2009-02-09 10:11 111104 c:\windows\system32\dllcache\services.exe
+ 2010-07-13 10:21 . 2009-02-09 10:22 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2009-04-15 15:18 . 2009-04-15 15:18 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2001-10-25 12:00 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys
+ 2009-10-12 13:54 . 2009-10-12 13:54 112640 c:\windows\system32\dllcache\rastls.dll
+ 2010-07-13 10:21 . 2009-03-06 14:47 283648 c:\windows\system32\dllcache\pdh.dll
+ 2010-07-13 10:21 . 2009-02-09 10:22 709632 c:\windows\system32\dllcache\ntdll.dll
+ 2008-06-20 17:42 . 2008-06-20 17:42 247296 c:\windows\system32\dllcache\mswsock.dll
+ 2009-08-05 09:07 . 2009-08-05 09:07 205312 c:\windows\system32\dllcache\mswebdvd.dll
+ 2010-07-13 10:18 . 2009-09-11 14:35 133632 c:\windows\system32\dllcache\msv1_0.dll
+ 2010-04-16 15:38 . 2010-04-16 15:38 532480 c:\windows\system32\dllcache\mstime.dll
+ 2010-04-16 15:38 . 2010-04-16 15:38 146432 c:\windows\system32\dllcache\msrating.dll
+ 2009-12-17 08:00 . 2009-12-17 08:00 343552 c:\windows\system32\dllcache\mspaint.exe
+ 2010-07-13 10:18 . 2009-06-25 18:37 169472 c:\windows\system32\dllcache\msmqocm.dll
+ 2010-04-16 15:38 . 2010-04-16 15:38 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-06-12 14:19 . 2008-06-12 14:19 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:19 . 2008-06-12 14:19 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:19 . 2008-06-12 14:19 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2010-07-13 10:18 . 2009-06-25 18:37 489472 c:\windows\system32\dllcache\mqutil.dll
+ 2010-07-13 10:18 . 2009-06-25 18:37 186880 c:\windows\system32\dllcache\mqtrig.dll
+ 2010-07-13 10:18 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe
+ 2010-07-13 10:18 . 2009-06-25 18:37 517120 c:\windows\system32\dllcache\mqsnap.dll
+ 2010-07-13 10:18 . 2009-06-25 18:37 123392 c:\windows\system32\dllcache\mqrtdep.dll
+ 2010-07-13 10:18 . 2009-06-25 18:37 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2010-07-13 10:18 . 2009-06-25 18:37 661504 c:\windows\system32\dllcache\mqqm.dll
+ 2010-07-13 10:18 . 2009-06-25 18:37 225280 c:\windows\system32\dllcache\mqoa.dll
+ 2010-07-13 10:18 . 2009-06-25 18:37 138240 c:\windows\system32\dllcache\mqad.dll
+ 2010-07-13 10:18 . 2009-06-25 08:48 723456 c:\windows\system32\dllcache\lsasrv.dll
+ 2008-06-09 23:31 . 2008-06-09 23:31 103936 c:\windows\system32\dllcache\logagent.exe
+ 2009-05-07 15:44 . 2009-05-07 15:44 345088 c:\windows\system32\dllcache\localspl.dll
+ 2009-03-21 14:21 . 2009-03-21 14:21 984576 c:\windows\system32\dllcache\kernel32.dll
+ 2010-07-13 10:18 . 2009-06-25 08:48 298496 c:\windows\system32\dllcache\kerberos.dll
+ 2010-07-13 10:18 . 2009-08-21 06:52 450560 c:\windows\system32\dllcache\jscript.dll
+ 2010-01-29 15:07 . 2010-01-29 15:07 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-04-16 15:38 . 2010-04-16 15:38 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2008-10-23 13:01 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2010-07-13 10:21 . 2009-02-09 10:22 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2008-07-07 20:32 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll
+ 2010-04-16 15:38 . 2010-04-16 15:38 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2010-04-16 15:38 . 2010-04-16 15:38 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-06-20 17:42 . 2008-06-20 17:42 148992 c:\windows\system32\dllcache\dnsapi.dll
+ 2010-04-16 15:38 . 2010-04-16 15:38 151552 c:\windows\system32\dllcache\cdfview.dll
+ 2010-04-20 05:48 . 2010-04-20 05:48 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2008-06-20 10:44 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
+ 2010-07-13 10:21 . 2009-02-09 10:22 683520 c:\windows\system32\dllcache\advapi32.dll
+ 2006-08-16 11:59 . 2010-02-12 04:47 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2001-10-25 12:00 . 2010-04-16 15:38 151552 c:\windows\system32\cdfview.dll
+ 2001-10-25 12:00 . 2009-02-09 10:22 683520 c:\windows\system32\advapi32.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 683520 c:\windows\system32\advapi32.dll
+ 2001-10-25 12:00 . 2010-02-12 04:47 100864 c:\windows\system32\6to4svc.dll
+ 2010-07-13 22:05 . 2010-07-13 22:05 432640 c:\windows\Installer\1487060.msi
+ 2010-07-13 22:05 . 2010-07-13 22:05 429568 c:\windows\Installer\1487058.msi
+ 2010-07-13 10:24 . 2010-02-24 12:31 454016 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-07-13 10:26 . 2008-06-14 18:00 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2001-10-25 12:00 . 2009-11-21 16:46 470528 c:\windows\AppPatch\aclayers.dll
+ 2010-07-13 10:18 . 2009-08-13 13:56 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-20 22:03 . 2009-07-20 22:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2008-09-30 14:42 . 2008-09-30 14:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2001-10-25 12:00 . 2010-04-08 11:53 2113536 c:\windows\system32\WMVCore.dll
+ 2009-06-09 07:14 . 2010-02-16 05:27 4734976 c:\windows\system32\wmp.dll
+ 2001-10-25 12:00 . 2008-06-10 16:18 1053696 c:\windows\system32\WMNetmgr.dll
+ 2001-10-25 12:00 . 2008-07-03 13:15 8458752 c:\windows\system32\shell32.dll
+ 2001-10-25 12:00 . 2010-04-16 15:38 1506816 c:\windows\system32\shdocvw.dll
- 2001-10-25 12:00 . 2004-08-17 13:49 1437696 c:\windows\system32\query.dll
+ 2001-10-25 12:00 . 2009-07-17 16:27 1437696 c:\windows\system32\query.dll
+ 2001-10-25 12:00 . 2010-02-05 18:40 1293824 c:\windows\system32\quartz.dll
+ 2001-10-25 12:00 . 2010-02-16 19:34 2139136 c:\windows\system32\ntoskrnl.exe
+ 2001-10-24 11:46 . 2010-02-16 19:34 2018816 c:\windows\system32\ntkrnlpa.exe
+ 2009-07-20 22:05 . 2009-07-20 22:05 1348432 c:\windows\system32\msxml4.dll
+ 2001-10-25 12:00 . 2009-07-31 04:59 1172480 c:\windows\system32\msxml3.dll
+ 2001-10-25 12:00 . 2010-04-16 15:38 3086336 c:\windows\system32\mshtml.dll
+ 2010-04-08 11:53 . 2010-04-08 11:53 2113536 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-07-13 00:18 . 2009-07-13 00:18 4960256 c:\windows\system32\dllcache\wmp.dll
+ 2008-06-10 16:18 . 2008-06-10 16:18 1053696 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2010-05-02 08:27 . 2010-05-02 08:27 1850880 c:\windows\system32\dllcache\win32k.sys
+ 2010-07-13 10:18 . 2008-07-03 13:15 8458752 c:\windows\system32\dllcache\shell32.dll
+ 2010-04-16 15:38 . 2010-04-16 15:38 1506816 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-07-17 16:27 . 2009-07-17 16:27 1437696 c:\windows\system32\dllcache\query.dll
+ 2010-02-05 18:40 . 2010-02-05 18:40 1293824 c:\windows\system32\dllcache\quartz.dll
+ 2010-07-13 10:21 . 2010-02-16 19:34 2183552 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-07-13 10:21 . 2010-02-16 19:34 2018816 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2010-07-13 10:21 . 2010-02-16 19:34 2060544 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2010-07-13 10:21 . 2010-02-16 19:34 2139136 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2010-01-29 15:07 . 2010-01-29 15:07 1315840 c:\windows\system32\dllcache\msoe.dll
+ 2010-04-16 15:38 . 2010-04-16 15:38 3086336 c:\windows\system32\dllcache\mshtml.dll
+ 2010-04-16 15:38 . 2010-04-16 15:38 1055232 c:\windows\system32\dllcache\danim.dll
+ 2010-04-16 15:38 . 2010-04-16 15:38 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2001-10-25 12:00 . 2010-04-16 15:38 1055232 c:\windows\system32\danim.dll
+ 2001-10-25 12:00 . 2010-04-16 15:38 1023488 c:\windows\system32\browseui.dll
+ 2010-07-13 10:21 . 2010-02-16 19:34 2183552 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-07-13 10:21 . 2010-02-16 19:34 2018816 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2010-07-13 10:21 . 2010-02-16 19:34 2060544 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-07-13 10:21 . 2010-02-16 19:34 2139136 c:\windows\Driver Cache\i386\ntkrnlmp.exe
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CASS"="c:\program files\Compal Electronics" [X]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88204]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 16005120]
"KTPWare"="c:\program files\Elantech\ktp.exe" [2006-03-28 512000]
"tsnp2std"="c:\windows\system32\tsnp2std.exe" [2006-06-14 331776]
"snp2std"="c:\windows\vsnp2std.exe" [2006-05-15 675840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-08 7405568]
"nwiz"="nwiz.exe" [2006-02-08 1519616]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"195.137.182.212,255.255.255.255,192.168.1.100,1"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\hry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\hry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9451:TCP"= 9451:TCP:xqlvubzf

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13.7.2010 12:49 64288]
R1 CPEb;CPEb;c:\windows\system32\drivers\CPEb.sys [15.6.2009 15:51 8192]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8.6.2010 15:02 135336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1352832]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [15.6.2009 15:50 36352]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.6.2009 21:21 721904]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 10:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.idnes.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\o56fqrer.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\URLToolBHO\FF_A\components\FFModule.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 23:35
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2664)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\nvsvc32.exe
c:\windows\AGRSMMSG.exe
c:\windows\RTHDCPL.EXE
c:\program files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2010-07-14 23:39:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-14 21:38
ComboFix2.txt 2010-07-13 16:14

Před spuštěním: 1 954 115 584
Po spuštění: 1 885 036 544

- - End Of File - - 60631B7DBF40A8D02624DA43ECF7327C

Zkousel jsem pocitac znovu projet avirou a stale mi tam ten trojan naskakuje. Konkretne u objektu s nazvem ARK10B.tmp a jemu podobne dva dalsi:(

Pokuste se je ručně smazat, pokud to nepůjde, napište přesnou cestu k souborům.

Pokusil jsem se je smazat ale nepodarilo se, tak prikladam cestu k souborum
C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\AVSCAN-20100715-135117-6B456F42\ARKC8.tmp
C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\AVSCAN-20100715-135117-6B456F42\ARKC8.tmp
C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\AVSCAN-20100715-135117-6B456F42\ARKC9.tmp
C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\AVSCAN-20100715-135117-6B456F42\ARKCA.tmp

Jeste mam jeden dotaz, protoze mi to nedalo tak jsem projel i druhy pocitac a tam jsem objevil Behaveslike.win32, ktery se mi sice podarilo odstranit ale nasledne mi po spusteni pocistace nabehne tabulka Load DLL a v ni Hook load failed. Tak jsem se chtel zeptat jestli napr. v Ccleaneru funkce oprava registru by mohla tento prorblem vyresit.dekuji

Otevřte poznámkový blok a zkopírujte do něj:

Collect::
C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\AVSCAN-20100715-135117-6B456F42\ARKC8.tmp
C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\AVSCAN-20100715-135117-6B456F42\ARKC8.tmp
C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\AVSCAN-20100715-135117-6B456F42\ARKC9.tmp
C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\AVSCAN-20100715-135117-6B456F42\ARKCA.tmp

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.