Výpis z UPM - Ultimate Process Manager

[marek4n]

Zdravím, nedávno jsem se zbavil viru Security tool a dál pracuji na silně zavirovaném počítači. Přikládám výpis z UPM a prosím o tip na vyčištění počítače, díky.

Dialer regedit.exe Exploit.HTML.Ascii.ad This exploit uses a vulnerability in Internet Explorer (CVE-2006-3227) to run on the victim machine. It is an HTML page. It is 2641 bytes in size. It is not packed in any way.
Spyware dcap32.dll Trojan-PSW.Win32.Coced.215 This Trojan steals user passwords. It is designed to steal a range of confidential information. It is a Windows PE EXE file. It is 10,240 bytes in size. It is written in Visual C++. Installation Once launched, the Trojan copies its executable file to the Windows system directory:...
Rogue fxsperf.dll Virus.DOS.Euskara.811 It is not a dangerous nonmemory resident parasitic virus. It searches for COM files, then writes itself to the end of the file. The virus leaves in the HMA the memory resident program that hooks INT 9 (keyboard) and depending on the keys that are pressed either manifests itself with some video...
Spyware lmmib2.dll Trojan-PSW.Win32.Nilage.ha This Trojan belongs to a family of programs designed to steal system passwords. It steals confidential data about the victim machine, including passwords and information entered via the keyboard. The Trojan itself is a Windows PE EXE file approximately 68KB in size, packed using ASPack. The...
Trojan msadomd.dll Trojan.JS.Offiz Simple Trojan programs written in the JS (JSript) language that reside in HTM-files. These trojan scripts open many Internet Explorer windows that once open can''t be closed. If a user presses the Alt+F4, Ctrl or Del keys a message box is displayed with the text: "You are an idiot!".
Backdoor net1.exe Backdoor.Win32.AckCmd This Troajn program can be used for remote administration of the victim machine. It has both a client and a server component. The server component is written in Microsoft Visual C++. It is 28672 bytes in size, and is not packed in any way. The client component is also written in Microsoft Visual...
Spyware regsvc.dll Trojan-PSW.Win32.Gip.108 This Trojan program is used to configure Trojans which are designed to steal user passwords. The Trojan itself is a Windows PE EXE file. The file is 43,520 bytes in size. It is written in C++.
Malware snmp.exe Virus.DOS.Acapulco.1971 It''s a not dangerous memory resident parasitic virus. It hooks INT 21h and writes itself at the end of COM- and EXE-files are executed. Sometimes it hooks INT 08h (timer) and plays several tunes.
Rogue themeui.dll Virus.DOS.Euskara.811 It is not a dangerous nonmemory resident parasitic virus. It searches for COM files, then writes itself to the end of the file. The virus leaves in the HMA the memory resident program that hooks INT 9 (keyboard) and depending on the keys that are pressed either manifests itself with some video...
Worm dnsapi.dll Net-Worm.Win32.Zorin.a This worm infects computers running Windows, and spreads via open network resources. Once installed, the worm infects .exe files on the victim computer. The worm itself is a Windows PE EXE file, and is approximately 82KB in size. Installation Once launched, the worm copies itself to the Windows...
Trojan shell32.dll Trojan.JS.Offiz Simple Trojan programs written in the JS (JSript) language that reside in HTM-files. These trojan scripts open many Internet Explorer windows that once open can''t be closed. If a user presses the Alt+F4, Ctrl or Del keys a message box is displayed with the text: "You are an idiot!".
Trojan msls31.dll Trojan-SMS.SymbOS.Viver.a This Trojan program is designed to run on smartphones running Symbian. The Trojan is a SIS installation archive. The Trojan has no self replication routine. Trojan-SMS.SymbOS.Viver.a actually covers two variants of this malicious program. The first is an archive called RulesViver.sis. It is 42,...
Trojan cdosys.dll Trojan.Win32.KillFiles.lm This Trojan has a malicious payload. It is a Windows PE EXE file. The file is 368 128 bytes in size. áàéò. It is not packed in any way. It is written in Borland Delphi.
Malware d3dx10_36.dll Virus.DOS.Acapulco.1971 It''s a not dangerous memory resident parasitic virus. It hooks INT 21h and writes itself at the end of COM- and EXE-files are executed. Sometimes it hooks INT 08h (timer) and plays several tunes.
Rogue dmdskmgr.dll Virus.DOS.HS.903 This is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files (except AIDSTEST.EXE) that are executed. On December, 27th it erases the hard drive sectors. It also hooks INT 17h (printer) and sometimes prints rude messages in Russian. The...
Backdoor hypertrm.dll Backdoor.Win32.Delf.duc This malicious program is a Trojan. It is a Windows PE EXE file. It is 447488 bytes in size.
Trojan kbdkaz.dll Trojan.Win32.Killav.k This Trojan has a malicious payload. It is a Windows PE EXE file. It is 11,264 bytes in size. It is packed using UPX. The unpacked file is approximately 24KB in size. It is written in C++.
Rogue localspl.dll Virus.DOS.Euskara.811 It is not a dangerous nonmemory resident parasitic virus. It searches for COM files, then writes itself to the end of the file. The virus leaves in the HMA the memory resident program that hooks INT 9 (keyboard) and depending on the keys that are pressed either manifests itself with some video...
Dialer msrd3x40.dll Exploit.HTML.Ascii.p This exploit uses a vulnerability in Internet Explorer (CVE-2006-3227) to run on the victim machine. It is an HTML page. It is 1872 bytes in size. It is not packed in any way.
Backdoor netui1.dll Backdoor.Win32.Delf.duc This malicious program is a Trojan. It is a Windows PE EXE file. It is 447488 bytes in size.
Worm pathping.exe Worm.SunOS.Sadmind Text written by Costin Raiu, Kaspersky Labs, Romania This is an Internet-worm that replicates between Sun Sparc computers running the Solaris/SunOS operating system, and attacks Microsoft IIS v4 and 5 Web servers. Cracked Micrsoft IIS servers will have their start page replaced with one that...
Malware sfc.dll Virus.DOS.LoveBuzz.381 These are very dangerous memory resident parasitic viruses. They hook INT 21h and writes themselves to the end of the files. They contain the text strings: "LoveBuzz.381": Lyubasha "LoveBuzz.591": LoveBuzz "LoveBuzz.381" infects .COM-files only, and corrupts them while...
Dialer svchost.exe Exploit.HTML.Ascii.e This exploit uses a vulnerability in Internet Explorer (CVE-2006-3227) to run on the victim machine. It is an HTML page. It is 1315 bytes in size. It is not packed in any way.
Rogue winscard.dll Virus.DOS.TempVir.466 It is a harmless nonmemory resident parasitic virus. It searches for COM files only in C:\TEMP\ directory, then writes itself to the end of the file. The virus does not manifest itself in any way, it contains the text string: C:\TEMP\*.COM
Worm wshisn.dll Worm.Win32.Nuf This worm infects computers running under Windows. It spreads via poorly protected network resources. The worm itself is a PE EXE file. It is written in Microsof Visual C++. The file is approximately 37KB in size. It is not packed in any way. Installation Once launched, the worm copies itself...

[Rudy]

Dejte log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 .

[marek4n]

OK, tady to je..

..Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 20 GB (13%) free of 153 GB
Total RAM: 2047 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:27:40, on 3.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Temp\_ex-08.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\Mare\Data aplikací\S-2535-6853-2745\winrsvn.exe
C:\Documents and Settings\All Users.WINDOWS\winsvncd.exe
C:\Documents and Settings\Mare\csrns.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Mare\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mare\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mare\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mare\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mare\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Mare.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2405280
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sniffer] C:\WINDOWS\Temp\_ex-08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1769] command.com /c del "C:\WINDOWS\system32\sshnas21.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2197] cmd.exe /c del "C:\WINDOWS\system32\sshnas21.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mare\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Windows Boot Control] C:\Documents and Settings\Mare\Data aplikací\S-2535-6853-2745\winrsvn.exe
O4 - HKCU\..\Run: [XBV6RD5SZF] C:\DOCUME~1\Mare\LOCALS~1\Temp\Wj1.exe
O4 - HKCU\..\Run: [OTGV1DNWQQ] C:\WINDOWS\Wbinab.exe
O4 - HKCU\..\Run: [MSNUpdateService] \Documents and Settings\Mare\winsvncd.exe
O4 - HKCU\..\Run: [WindowsUpdateServices] csrns.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4677] command.com /c del "C:\WINDOWS\system32\sshnas21.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4783] cmd.exe /c del "C:\WINDOWS\system32\sshnas21.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8528 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-616249376-839522115-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-616249376-839522115-1004UA.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-07-21 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-21 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-21 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-07-17 2065760]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-03-11 13520896]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-03-11 86016]
"sniffer"=C:\WINDOWS\Temp\_ex-08.exe [2010-08-31 248320]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-09-01 421160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Spybot - Search & Destroy"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592]
"SpybotDeletingA1769"=command.com /c del C:\WINDOWS\system32\sshnas21.dll_old []
"SpybotDeletingC2197"=cmd.exe /c del C:\WINDOWS\system32\sshnas21.dll_old []
"SpybotSnD"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Google Update"=C:\Documents and Settings\Mare\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-01-23 135664]
"Steam"=C:\Program Files\Steam\Steam.exe [2010-08-25 1242448]
"Windows Boot Control"=C:\Documents and Settings\Mare\Data aplikací\S-2535-6853-2745\winrsvn.exe [2010-08-25 78000]
"XBV6RD5SZF"=C:\DOCUME~1\Mare\LOCALS~1\Temp\Wj1.exe [2010-09-02 196608]
"OTGV1DNWQQ"=C:\WINDOWS\Wbinab.exe []
"MSNUpdateService"=\Documents and Settings\Mare\winsvncd.exe [2010-08-30 97792]
"WindowsUpdateServices"=csrns.exe []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB4677"=command.com /c del C:\WINDOWS\system32\sshnas21.dll_old []
"SpybotDeletingD4783"=cmd.exe /c del C:\WINDOWS\system32\sshnas21.dll_old []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-07-17 12536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PFNet]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Documents and Settings\Mare\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Mare\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\Age of Empires II\empires2.exe"="C:\Program Files\Age of Empires II\empires2.exe:*:Disabled:Age of Empires II"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Documents and Settings\Mare\Data aplikací\S-2535-6853-2745\winrsvn.exe"="C:\Documents and Settings\Mare\Data aplikací\S-2535-6853-2745\winrsvn.exe:*:Enabled:Windows Boot Control"
"C:\Documents and Settings\Mare\Data aplikací\U-2535-6853-8747\winusbmgr.exe"="C:\Documents and Settings\Mare\Data aplikací\U-2535-6853-8747\winusbmgr.exe:*:Enabled:Windows USB Service"
"C:\DOCUME~1\Mare\LOCALS~1\Temp\7097892.exe"="C:\DOCUME~1\Mare\LOCALS~1\Temp\7097892.exe:*:Enabled:WindowsUpdateServices"
"C:\Program Files\Age of Empires II\age2_x1.exe"="C:\Program Files\Age of Empires II\age2_x1.exe:*:Disabled:Age of Empires II Expansion"
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Disabled:Assassin's Creed II"
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Disabled:Assassin's Creed II Update"
"C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Disabled:Assassin's Creed II Uplay"
"C:\Documents and Settings\Mare\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Mare\Data aplikací\Dropbox\bin\Dropbox.exe:*:Disabled:Dropbox"
"C:\Program Files\Steam\steamapps\common\mafia ii - public demo\launcher.exe"="C:\Program Files\Steam\steamapps\common\mafia ii - public demo\launcher.exe:*:Disabled:Mafia II - Demo"
"D:\PES 10\pes2010.exe"="D:\PES 10\pes2010.exe:*:Disabled:Pro Evolution Soccer 2010"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Disabled:Pro Evolution Soccer 2010"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Disabled:Quiet Internet Pager"
"C:\Documents and Settings\Mare\Local Settings\Temp\WZS4DA.tmp\rctrec1.exe"="C:\Documents and Settings\Mare\Local Settings\Temp\WZS4DA.tmp\rctrec1.exe:*:Disabled:rctrec1"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Disabled:SopCast Main Application"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Disabled:Ubisoft Game Launcher"
"C:\Documents and Settings\Mare\Plocha\pes2010.exe"="C:\Documents and Settings\Mare\Plocha\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-09-03 11:27:25 ----D---- C:\rsit
2010-09-03 11:27:25 ----D---- C:\Program Files\trend micro
2010-09-02 18:07:45 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2010-09-02 18:07:44 ----A---- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2010-09-02 18:06:47 ----D---- C:\Program Files\iPod
2010-09-02 16:54:25 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-09-02 16:41:32 ----A---- C:\WINDOWS\Wbinag.exe
2010-09-02 16:25:53 ----A---- C:\WINDOWS\ntbtlog.txt
2010-09-02 16:06:39 ----A---- C:\WINDOWS\UC.PIF
2010-09-02 16:06:39 ----A---- C:\WINDOWS\RAR.PIF
2010-09-02 16:06:39 ----A---- C:\WINDOWS\PKZIP.PIF
2010-09-02 16:06:39 ----A---- C:\WINDOWS\PKUNZIP.PIF
2010-09-02 16:06:39 ----A---- C:\WINDOWS\NOCLOSE.PIF
2010-09-02 16:06:39 ----A---- C:\WINDOWS\LHA.PIF
2010-09-02 16:06:39 ----A---- C:\WINDOWS\ARJ.PIF
2010-09-02 16:06:38 ----D---- C:\totalcmd
2010-09-02 16:06:38 ----D---- C:\Documents and Settings\Mare\Data aplikací\GHISLER
2010-09-02 15:32:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2010-09-02 15:32:05 ----D---- C:\Program Files\Google
2010-09-02 15:31:32 ----N---- C:\WINDOWS\system32\sshnas21.dll_old
2010-09-02 15:27:00 ----RA---- C:\Documents and Settings\Mare\Data aplikací\Bkdi1.txt
2010-09-02 13:29:00 ----D---- C:\Program Files\QuickTime
2010-09-02 13:28:17 ----D---- C:\Program Files\Apple Software Update
2010-09-02 13:27:21 ----D---- C:\Program Files\Bonjour
2010-09-02 11:36:57 ----A---- C:\WINDOWS\wininit.ini
2010-09-02 11:08:55 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-09-02 11:08:55 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2010-09-02 11:08:30 ----RA---- C:\Documents and Settings\Mare\Data aplikací\lLE6c.txt
2010-09-02 11:04:57 ----D---- C:\Program Files\Ultimate Process Manager
2010-09-02 10:43:52 ----RA---- C:\Documents and Settings\Mare\Data aplikací\IH8fM.txt
2010-09-02 10:15:53 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-09-02 10:15:49 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
2010-09-02 10:15:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-09-02 10:15:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-09-02 10:15:23 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-09-02 10:15:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-09-02 10:15:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-09-02 10:15:09 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-09-02 10:14:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-09-02 10:14:47 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-09-02 10:14:41 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-09-01 09:38:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-31 22:30:36 ----A---- C:\WINDOWS\system32\wpcap.dll
2010-08-31 22:30:36 ----A---- C:\WINDOWS\system32\Packet.dll
2010-08-31 22:30:36 ----A---- C:\WINDOWS\system32\drivers\npf.sys
2010-08-31 18:35:59 ----RA---- C:\Documents and Settings\Mare\Data aplikací\KJ6Hb.txt
2010-08-31 15:03:41 ----D---- C:\WINDOWS\Prefetch
2010-08-31 15:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-08-31 15:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-08-31 15:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-08-31 15:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-08-31 15:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-08-31 15:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-08-31 15:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-08-31 15:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-08-31 15:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-08-31 15:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-08-31 15:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-08-31 15:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-08-31 15:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-08-31 15:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-08-31 15:00:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-08-31 15:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-08-31 14:59:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-08-31 14:59:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-08-31 14:59:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-08-31 14:59:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-08-31 14:59:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-08-31 14:59:37 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-08-31 14:59:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-08-31 14:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-08-31 14:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-08-31 14:59:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-08-31 14:59:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-08-31 14:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-08-31 14:59:05 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-08-31 14:59:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-08-31 14:58:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-08-31 14:58:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-08-31 14:58:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-08-31 14:58:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-08-31 14:58:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-08-31 14:58:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-08-31 14:58:27 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-08-31 14:58:23 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-08-31 14:58:18 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-08-31 14:58:12 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-08-31 14:58:07 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-08-31 14:58:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-08-31 14:57:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-08-31 14:57:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-08-31 14:57:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-08-31 14:57:46 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-08-31 14:57:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-08-31 14:57:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-08-31 14:57:35 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-08-31 14:57:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-08-31 14:57:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-08-31 14:57:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-08-31 14:57:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-08-31 14:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-08-31 14:57:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-08-31 14:57:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-08-31 14:56:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-08-31 14:56:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-08-31 14:56:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-08-31 14:56:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-08-31 14:56:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-08-31 14:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-08-31 14:56:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-08-31 14:56:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-08-31 14:56:22 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-08-31 14:56:19 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-08-31 14:56:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-08-30 19:59:12 ----RA---- C:\Documents and Settings\Mare\Data aplikací\Ge6IC.txt
2010-08-30 19:24:23 ----RA---- C:\Documents and Settings\Mare\Data aplikací\BgMek.txt
2010-08-30 13:24:04 ----D---- C:\Program Files\TrojanHunter 4.2
2010-08-30 13:23:18 ----D---- C:\Program Files\SanityCheck
2010-08-30 13:23:18 ----A---- C:\WINDOWS\system32\drivers\rspSanity32.sys
2010-08-30 13:21:51 ----A---- C:\mylog.txt
2010-08-30 13:21:50 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\White Sky, Inc
2010-08-30 13:21:37 ----A---- C:\WINDOWS\ODBC.INI
2010-08-30 13:21:35 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Privacyware
2010-08-27 14:21:21 ----D---- C:\Documents and Settings\Mare\Data aplikací\Help
2010-08-25 22:08:46 ----RA---- C:\Documents and Settings\Mare\Data aplikací\kj6hC.txt
2010-08-25 19:46:27 ----RSHD---- C:\Documents and Settings\Mare\Data aplikací\U-2535-6853-8747
2010-08-25 15:59:02 ----RA---- C:\Documents and Settings\Mare\Data aplikací\j6c88.txt
2010-08-25 15:08:09 ----AH---- C:\WINDOWS\system32\winrtsnr.txt
2010-08-25 14:59:19 ----RSHD---- C:\Documents and Settings\Mare\Data aplikací\S-2535-6853-2745
2010-08-25 14:59:19 ----RA---- C:\Documents and Settings\Mare\Data aplikací\mL61H.txt
2010-08-25 14:43:38 ----RA---- C:\Documents and Settings\Mare\Data aplikací\BDH7m.txt
2010-08-25 14:43:34 ----RA---- C:\Documents and Settings\Mare\Data aplikací\ih8GM.txt
2010-08-25 13:15:49 ----D---- C:\Program Files\NVIDIA Corporation
2010-08-25 13:15:35 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2010-08-25 13:15:35 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2010-08-25 13:15:35 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2010-08-25 13:15:34 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2010-08-25 13:15:34 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2010-08-25 13:15:34 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2010-08-25 13:15:33 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2010-08-25 13:15:33 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2010-08-25 13:15:32 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2010-08-25 13:15:32 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-08-25 13:15:31 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2010-08-25 13:15:31 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-08-25 02:05:50 ----D---- C:\Program Files\Steam
2010-08-22 00:15:43 ----D---- C:\Documents and Settings\Mare\Data aplikací\Ubisoft
2010-08-22 00:15:43 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Ubisoft
2010-08-16 16:19:16 ----D---- C:\Documents and Settings\Mare\Data aplikací\Atari
2010-08-16 11:43:47 ----D---- C:\Program Files\Hasbro Interactive
2010-08-16 11:39:37 ----A---- C:\WINDOWS\UniFish3.exe
2010-08-15 20:13:29 ----A---- C:\WINDOWS\system32\dxva_sig.txt
2010-08-15 17:01:04 ----D---- C:\Program Files\Veetle
2010-08-15 14:55:05 ----D---- C:\Program Files\CCleaner
2010-08-15 14:49:30 ----D---- C:\Program Files\Conduit
2010-08-15 14:49:15 ----D---- C:\Program Files\BitLord
2010-08-15 14:46:21 ----D---- C:\Program Files\Bit Che
2010-08-15 14:46:21 ----D---- C:\Documents and Settings\Mare\Data aplikací\Convivea
2010-08-08 18:21:31 ----A---- C:\WINDOWS\system32\Iyvu9_32.dll
2010-08-08 18:21:31 ----A---- C:\WINDOWS\system32\Iacenc.dll
2010-08-08 17:35:51 ----D---- C:\Program Files\Cenega Czech

======List of files/folders modified in the last 1 months======

2010-09-03 11:27:25 ----RD---- C:\Program Files
2010-09-03 11:25:08 ----SD---- C:\WINDOWS\Tasks
2010-09-03 11:25:08 ----D---- C:\WINDOWS\Temp
2010-09-03 11:25:08 ----D---- C:\WINDOWS\system32
2010-09-03 11:24:29 ----D---- C:\WINDOWS
2010-09-02 22:37:00 ----HD---- C:\WINDOWS\inf
2010-09-02 22:37:00 ----D---- C:\WINDOWS\system32\CatRoot
2010-09-02 18:27:47 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-09-02 18:08:24 ----SHD---- C:\WINDOWS\Installer
2010-09-02 18:07:47 ----D---- C:\WINDOWS\system32\drivers
2010-09-02 18:07:44 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-09-02 18:07:43 ----D---- C:\Program Files\iTunes
2010-09-02 16:45:14 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-02 15:32:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-02 11:39:42 ----SHD---- C:\System Volume Information
2010-09-02 11:39:42 ----D---- C:\WINDOWS\system32\Restore
2010-09-02 10:16:14 ----D---- C:\WINDOWS\system32\cs-cz
2010-09-02 10:16:14 ----D---- C:\Program Files\Internet Explorer
2010-09-02 10:15:52 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-02 10:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-09-02 10:15:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-09-02 10:15:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-09-02 10:14:48 ----D---- C:\Program Files\Movie Maker
2010-09-01 10:03:48 ----D---- C:\Program Files\Czech Soccer Manager 2002 FE
2010-09-01 09:41:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-01 08:31:36 ----SHD---- C:\RECYCLER
2010-09-01 08:30:46 ----D---- C:\Documents and Settings
2010-08-31 19:30:20 ----D---- C:\WINDOWS\Debug
2010-08-31 15:03:21 ----D---- C:\WINDOWS\system32\Setup
2010-08-31 15:03:21 ----D---- C:\WINDOWS\AppPatch
2010-08-31 15:03:20 ----D---- C:\WINDOWS\system32\wbem
2010-08-31 15:03:19 ----RSD---- C:\WINDOWS\Fonts
2010-08-31 15:02:27 ----D---- C:\WINDOWS\security
2010-08-31 15:01:09 ----D---- C:\Program Files\Outlook Express
2010-08-31 14:56:24 ----D---- C:\Program Files\Messenger
2010-08-31 14:54:03 ----D---- C:\Program Files\Windows Media Player
2010-08-31 14:54:02 ----D---- C:\WINDOWS\Help
2010-08-31 14:53:54 ----D---- C:\WINDOWS\network diagnostic
2010-08-31 14:53:54 ----D---- C:\WINDOWS\ime
2010-08-31 14:53:44 ----D---- C:\WINDOWS\system32\usmt
2010-08-31 14:53:44 ----D---- C:\WINDOWS\system32\cs
2010-08-31 14:53:44 ----D---- C:\WINDOWS\system32\bits
2010-08-31 14:53:44 ----D---- C:\WINDOWS\PeerNet
2010-08-31 14:53:44 ----D---- C:\WINDOWS\l2schemas
2010-08-31 14:52:04 ----D---- C:\WINDOWS\system32\npp
2010-08-31 14:52:03 ----D---- C:\WINDOWS\msagent
2010-08-31 14:52:02 ----D---- C:\WINDOWS\srchasst
2010-08-31 14:52:02 ----D---- C:\Program Files\NetMeeting
2010-08-31 14:52:01 ----D---- C:\WINDOWS\system32\Com
2010-08-31 14:51:59 ----D---- C:\Program Files\Windows NT
2010-08-31 14:51:56 ----D---- C:\Program Files\Common Files\System
2010-08-31 14:51:39 ----D---- C:\WINDOWS\system32\oobe
2010-08-31 14:51:38 ----D---- C:\WINDOWS\system
2010-08-31 14:49:10 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-08-31 14:47:28 ----D---- C:\WINDOWS\EHome
2010-08-30 13:32:09 ----D---- C:\Documents and Settings\Mare\Data aplikací\DAEMON Tools Lite
2010-08-30 13:24:10 ----R---- C:\WINDOWS\streamhlp.dll
2010-08-30 12:27:11 ----D---- C:\WINDOWS\pchealth
2010-08-25 13:15:37 ----D---- C:\WINDOWS\system32\DirectX
2010-08-21 23:38:27 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-21 23:38:27 ----D---- C:\Program Files\Ubisoft
2010-08-15 14:57:41 ----D---- C:\WINDOWS\Minidump
2010-08-08 18:21:29 ----D---- C:\Program Files\Intel

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-01-23 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-07-17 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-03 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-07-17 243024]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys [2010-08-31 50704]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-03-11 6593376]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 rspSanity;rspSanity; C:\WINDOWS\system32\DRIVERS\rspSanity32.sys [2009-03-07 30136]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-21 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-03-11 155716]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-01 820008]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]

-----------------EOF-----------------

[Rudy]

Máte tam pár šmejdů. Udělejte sken ComboFix a dejte log.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware