VIRY.CZ

Potřeboval bych prosím zkontrlovat log z následujících důvodů: PC je velmi pomalý a navíc mi již dvakrát v krátké době spadnul do DOS s hlášením o pravděpodobném nedostatku paměti. Děkuji předem.


Logfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2010-10-22 09:02:49
Microsoft Windows XP Professional Service Pack 3
System drive C: has 34 GB (68%) free of 50 GB
Total RAM: 1023 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:02:53, on 22.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTAPR2] "C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Module Loader] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED77B15C-E7DA-4EB6-8F25-74E9F7FD5EBB}: NameServer = 195.250.128.34,195.250.128.38
O20 - AppInit_DLLs:
O20 - Winlogon Notify: RailNotification - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: CardBusService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 8985 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-115176313-1177238915-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-115176313-1177238915-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-15 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-15 16270848]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-17 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-09-29 2500552]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-04-08 2145000]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]
"CTAPR2"=C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Console Launcher\CTAPR2.exe [2008-08-07 61546]
"VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe [2008-11-24 237693]
"Module Loader"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [2007-07-23 57344]
"QuickTime Task"=C:\Program Files\QuickTime Alternative\qttask.exe [2010-09-08 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime Alternative\qttask.exe [2010-09-08 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\Program Files\Logitech\SetPoint\KEM.exe [2004-07-15 581632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RailNotification]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2010-02-11 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDesktopCleanupWizard"=1
"ForceClassicControlPanel"=1
"NoSharedDocuments"=1
"MaxRecentDocs"=18
"NoSMConfigurePrograms"=1
"NoRecentDocsNetHood"=1
"MemCheckBoxInRunDlg"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-10-22 08:55:43 ----D---- C:\Program Files\trend micro
2010-10-22 08:54:20 ----D---- C:\rsit
2010-10-19 07:45:56 ----D---- C:\Program Files\radioPlayer
2010-10-18 10:40:02 ----D---- C:\Documents and Settings\All Users\Application Data\Creative
2010-10-18 10:31:28 ----N---- C:\WINDOWS\Ctregrun.exe
2010-10-18 10:26:44 ----N---- C:\WINDOWS\system32\CTSVCCTL.EXE
2010-10-18 10:26:43 ----N---- C:\WINDOWS\system32\CTSVCCDA.EXE
2010-10-18 10:25:30 ----D---- C:\Program Files\Common Files\Creative
2010-10-18 10:25:24 ----HD---- C:\Program Files\Creative Installation Information
2010-10-18 10:19:22 ----RA---- C:\WINDOWS\system32\KSRun.dll
2010-10-18 10:19:22 ----RA---- C:\WINDOWS\system32\ksaud.ini
2010-10-18 10:19:22 ----A---- C:\WINDOWS\system32\CtDvInst.dll
2010-10-18 10:19:22 ----A---- C:\WINDOWS\system32\CtCoInst.dll
2010-10-18 10:19:20 ----RA---- C:\WINDOWS\system32\drivers\ksaudfl.sys
2010-10-18 10:19:19 ----RA---- C:\WINDOWS\system32\drivers\ksaud.sys
2010-10-18 10:18:28 ----RA---- C:\WINDOWS\system32\KSXPPI32.dll
2010-10-18 10:18:28 ----RA---- C:\WINDOWS\system32\kschimp.ini
2010-10-18 10:18:28 ----RA---- C:\WINDOWS\system32\ctzapxx.ini
2010-10-18 10:15:35 ----D---- C:\Documents and Settings\Owner\Application Data\Creative
2010-10-18 10:09:33 ----D---- C:\Program Files\Common Files\Creative Labs Shared
2010-10-18 10:04:59 ----D---- C:\Program Files\Creative
2010-10-18 10:00:41 ----A---- C:\WINDOWS\system32\drivers\USBAUDIO.sys
2010-10-13 10:55:19 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2010-10-13 08:18:50 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-10-13 07:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2010-10-13 07:51:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-13 07:50:32 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-13 07:50:18 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-13 07:50:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-13 07:49:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-13 07:47:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-13 07:47:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-13 07:46:54 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-11 10:49:19 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2010-10-11 10:49:09 ----RA---- C:\WINDOWS\system32\LgExport.dll
2010-10-11 10:49:09 ----RA---- C:\WINDOWS\system32\LGDispDrv.dll
2010-10-11 10:47:58 ----D---- C:\Program Files\LG Soft India
2010-10-08 09:48:53 ----D---- C:\Program Files\ConBuilder
2010-10-08 06:52:18 ----SHD---- C:\found.000
2010-10-05 17:36:40 ----D---- C:\Program Files\MSTS Activity Analysis
2010-10-05 08:47:27 ----D---- C:\Documents and Settings\Owner\Application Data\vlc
2010-10-05 08:42:29 ----D---- C:\Documents and Settings\Owner\Application Data\Christofer Persson
2010-10-05 08:40:53 ----D---- C:\Program Files\Kantaris
2010-09-29 10:22:48 ----D---- C:\Program Files\VideoLAN
2010-09-29 10:16:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-09-26 13:58:26 ----ASH---- C:\hiberfil.sys
2010-09-26 13:47:23 ----A---- C:\WINDOWS\ntbtlog.txt
2010-09-23 07:04:24 ----D---- C:\Documents and Settings\Owner\Application Data\DivX
2010-09-23 06:56:06 ----D---- C:\Program Files\DivX
2010-09-23 06:55:34 ----D---- C:\Documents and Settings\All Users\Application Data\DivX

======List of files/folders modified in the last 1 months======

2010-10-22 09:02:50 ----D---- C:\WINDOWS\Temp
2010-10-22 08:56:29 ----D---- C:\WINDOWS\Prefetch
2010-10-22 08:55:43 ----RD---- C:\Program Files
2010-10-22 08:26:30 ----D---- C:\WINDOWS\system32\drivers
2010-10-22 08:26:11 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-22 08:26:00 ----D---- C:\WINDOWS\Minidump
2010-10-22 08:26:00 ----D---- C:\WINDOWS
2010-10-21 08:06:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-21 07:28:00 ----D---- C:\Program Files\CyberLink
2010-10-21 07:27:59 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-21 07:27:07 ----D---- C:\Program Files\MediaCheck
2010-10-19 21:38:32 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2010-10-19 04:08:20 ----SHD---- C:\WINDOWS\Installer
2010-10-18 13:12:21 ----A---- C:\WINDOWS\NeroDigital.ini
2010-10-18 10:32:39 ----D---- C:\WINDOWS\system32
2010-10-18 10:25:30 ----D---- C:\Program Files\Common Files
2010-10-18 10:20:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-18 10:20:03 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-10-18 10:18:28 ----HD---- C:\WINDOWS\inf
2010-10-14 16:24:11 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2010-10-13 10:56:17 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-10-13 08:18:10 ----D---- C:\Program Files\Internet Explorer
2010-10-13 07:52:23 ----A---- C:\WINDOWS\system32\MRT.exe
2010-10-13 07:51:52 ----D---- C:\WINDOWS\system32\dllcache
2010-10-13 07:51:45 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-13 07:47:38 ----D---- C:\WINDOWS\WinSxS
2010-10-11 10:47:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-10-11 10:47:54 ----D---- C:\Program Files\Common Files\InstallShield
2010-10-08 08:16:59 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-08 08:15:43 ----RSD---- C:\WINDOWS\assembly
2010-10-08 07:23:41 ----D---- C:\Program Files\Microsoft.NET
2010-10-04 17:15:54 ----D---- C:\Program Files\ProFact 3.0 Free
2010-09-30 17:15:06 ----A---- C:\WINDOWS\system32\TURegOpt.exe
2010-09-29 10:33:42 ----D---- C:\Documents and Settings\Owner\Application Data\Vso
2010-09-29 10:01:53 ----A---- C:\WINDOWS\system32\guard32.dll
2010-09-26 13:57:07 ----D---- C:\WINDOWS\system32\config
2010-09-26 13:55:36 ----D---- C:\WINDOWS\system32\wbem
2010-09-26 13:55:31 ----D---- C:\WINDOWS\Registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2010-09-29 91560]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2010-02-11 61824]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-21 685816]
R0 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-22 32384]
R0 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R0 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2010-02-11 77568]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-09-29 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-09-29 25240]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-08 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-04-08 95872]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-04-08 139192]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2010-02-11 62848]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2010-02-11 60800]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l150x86.sys [2009-08-20 36224]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service; C:\WINDOWS\system32\DRIVERS\AVerBDA3x.sys [2007-05-21 1180672]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-16 4225920]
R3 ksaud;Creative USB Audio Driver; C:\WINDOWS\system32\drivers\ksaud.sys [2009-08-05 845184]
R3 ksaudfl;ksaudfl; C:\WINDOWS\system32\drivers\ksaudfl.sys [2008-10-24 1830912]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2004-06-08 13105]
R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2004-06-08 54817]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-06-08 71533]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2010-02-11 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-04 10232128]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-06-15 47360]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]
S1 DumpDrv;Crash Dump Driver; C:\WINDOWS\system32\drivers\DumpDrv.sys [2010-02-11 9472]
S3 abdrrasx;abdrrasx; C:\WINDOWS\system32\drivers\abdrrasx.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 LGDDCDevice;LGDDCDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys []
S3 LGII2CDevice;LGII2CDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys []
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2010-02-11 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2010-02-11 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2010-02-11 133632]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2007-10-11 51712]
R2 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-20 148744]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-09-29 1901056]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-11-18 307200]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-08 810120]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2009-02-10 116104]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-06-15 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-09-30 1051968]
R2 UPHClean;User Profile Helper Cleanup; C:\WINDOWS\system32\svchost.exe [2010-02-11 14848]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2010-02-11 14848]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2010-02-11 14848]
S2 CardBusService;CardBusService; C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe [2007-04-23 188416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-15 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-18 79360]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-04-08 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-14 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-09 271920]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-10-13 435008]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2010-02-11 14848]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2010-02-11 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]

-----------------EOF-----------------

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Program mi nejde nainstalovat : "Some files could not be created. Please close all applications, reboot Windows and restart this instalation."
Co teď?

Píše to: Zavřete všechny aplikace, restratujte Win a zkuste instalaci znovu. Pokud to nebude ani pak fungovat, zkuiste to v nouz. režimu, příp. soubor ComboFixu přejmenujte třeba na cokoli.com a zkuste spustit.

Rudy píše:Píše to: Zavřete všechny aplikace, restratujte Win a zkuste instalaci znovu. Pokud to nebude ani pak fungovat, zkuiste to v nouz. režimu, příp. soubor ComboFixu přejmenujte třeba na cokoli.com a zkuste spustit.

Z nouzového režimu se podařilo a toto je výsledek:
ComboFix 10-10-22.04 - Owner 24.10.2010 14:28:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1023.642 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Desktop\cokoli.com
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\inst.exe
c:\windows\System32\uxtuneup.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UXTUNEUP
-------\Service_UxTuneUp


((((((((((((((((((((((((( Soubory vytvořené od 2010-09-24 do 2010-10-24 )))))))))))))))))))))))))))))))
.

2010-10-24 12:40 . 2010-10-24 12:40 -------- d-----w- c:\windows\system32\wbem\snmp
2010-10-24 12:40 . 2010-10-24 12:40 -------- d-----w- c:\windows\system32\xircom
2010-10-24 12:40 . 2010-10-24 12:40 -------- d-----w- c:\windows\system32\oobe
2010-10-24 12:40 . 2010-10-24 12:40 -------- d-----w- c:\program files\microsoft frontpage
2010-10-22 06:55 . 2010-10-22 07:02 -------- d-----w- c:\program files\trend micro
2010-10-22 06:54 . 2010-10-22 06:57 -------- d-----w- C:\rsit
2010-10-19 05:45 . 2010-10-19 05:50 -------- d-----w- c:\program files\radioPlayer
2010-10-18 08:40 . 2010-10-18 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2010-10-18 08:32 . 2003-06-12 21:25 7062 ----a-w- c:\windows\system32\audiopid.vxd
2010-10-18 08:31 . 2006-10-06 06:17 53248 ------w- c:\windows\Ctregrun.exe
2010-10-18 08:26 . 1999-11-17 17:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2010-10-18 08:26 . 1999-12-12 17:01 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2010-10-18 08:25 . 2010-10-18 08:25 -------- d-----w- c:\program files\Common Files\Creative
2010-10-18 08:25 . 2010-10-18 08:25 -------- d--h--w- c:\program files\Creative Installation Information
2010-10-18 08:19 . 2008-10-30 08:41 86016 ----a-w- c:\windows\system32\CtCoInst.dll
2010-10-18 08:19 . 2008-10-30 08:40 183296 ----a-w- c:\windows\system32\CtDvInst.dll
2010-10-18 08:19 . 2008-08-29 13:09 16896 ----a-r- c:\windows\system32\KSRun.dll
2010-10-18 08:19 . 2008-10-24 10:27 1830912 ----a-r- c:\windows\system32\drivers\ksaudfl.sys
2010-10-18 08:19 . 2009-08-05 09:58 845184 ----a-r- c:\windows\system32\drivers\ksaud.sys
2010-10-18 08:18 . 2009-08-04 11:19 190976 ----a-r- c:\windows\system32\KSXPPI32.dll
2010-10-18 08:17 . 2007-12-11 10:47 23292 ----a-r- c:\windows\ksaudENG.reg
2010-10-18 08:17 . 2007-07-05 02:27 2630 ----a-r- c:\windows\MixerName.reg
2010-10-18 08:17 . 2008-11-06 10:41 7556 ----a-r- c:\windows\system32\MixerDefaultXP.reg
2010-10-18 08:17 . 2008-08-28 15:02 3556 ----a-r- c:\windows\system32\DeviceDefaultsXP.reg
2010-10-18 08:15 . 2010-10-18 10:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Creative
2010-10-18 08:09 . 2010-10-18 08:09 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2010-10-18 08:04 . 2010-10-18 08:31 -------- d-----w- c:\program files\Creative
2010-10-18 08:03 . 2003-11-10 16:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2010-10-18 08:03 . 2003-11-10 16:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2010-10-18 08:03 . 2003-11-10 16:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2010-10-18 08:03 . 2003-11-10 16:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2010-10-18 08:03 . 2003-11-10 16:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2010-10-18 08:03 . 2010-10-18 08:03 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2010-10-18 08:03 . 2010-10-18 08:03 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2010-10-18 08:00 . 2008-04-13 21:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-10-13 06:18 . 2008-04-14 11:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-13 05:43 . 2010-08-27 08:01 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-10-13 05:43 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 05:43 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-13 05:43 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 05:41 . 2010-08-27 06:05 99840 ------w- c:\windows\system32\dllcache\srvsvc.dll
2010-10-13 05:40 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 05:40 . 2010-07-16 12:04 1289216 ------w- c:\windows\system32\dllcache\ole32.dll
2010-10-13 05:40 . 2010-07-12 13:02 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-10-11 08:49 . 2010-10-11 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-10-11 08:47 . 2004-04-16 09:24 61440 ----a-w- c:\windows\system32\ISUSPM.cpl
2010-10-11 08:47 . 2004-04-17 10:41 196608 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
2010-10-11 08:47 . 2004-04-17 10:40 385024 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_ispmres.dll
2010-10-11 08:47 . 2004-04-13 04:06 368640 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2010-10-11 08:47 . 2004-04-23 17:03 446464 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2010-10-11 08:47 . 2004-04-13 04:07 69632 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2010-10-11 08:47 . 2004-04-13 04:03 204800 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe
2010-10-08 07:48 . 2010-10-08 07:49 -------- d-----w- c:\program files\ConBuilder
2010-10-08 04:52 . 2010-10-08 04:52 -------- d-----w- C:\found.000
2010-10-05 15:36 . 2010-10-10 09:44 -------- d-----w- c:\program files\MSTS Activity Analysis
2010-10-05 06:47 . 2010-10-23 18:00 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-10-05 06:47 . 2010-10-05 06:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Christofer_Persson
2010-10-05 06:42 . 2010-10-05 06:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Christofer Persson
2010-10-05 06:40 . 2010-10-05 06:41 -------- d-----w- c:\program files\Kantaris
2010-09-29 08:22 . 2010-09-29 08:22 -------- d-----w- c:\program files\VideoLAN
2010-09-26 11:55 . 2010-09-26 11:55 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 15:15 . 2010-09-16 13:59 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-09-29 08:01 . 2010-04-09 06:26 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-29 08:01 . 2010-04-09 06:25 91560 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-29 08:01 . 2010-04-09 06:25 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-29 08:01 . 2010-04-09 06:25 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-29 08:01 . 2010-04-09 06:25 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-18 10:23 . 2008-04-14 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 11:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 11:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:57 . 2010-02-11 03:58 919552 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:57 . 2010-02-11 03:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:57 . 2010-02-11 03:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:48 . 2010-02-11 03:55 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:38 . 2010-02-11 03:58 1861888 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:01 . 2010-02-11 03:58 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 06:05 . 2008-04-14 11:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:37 . 2010-02-11 03:58 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-02-11 03:59 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2008-04-14 11:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-04-14 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:43 . 2010-02-11 03:57 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[-] 2010-02-11 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys


c:\windows\System32\wscntfy.exe ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-15 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-29 2500552]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-08 2145000]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi Surround 5.1\Console Launcher\CTAPR2.exe" [2008-08-07 61546]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" [2008-11-24 237693]
"Module Loader"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-09-08 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2010-02-11 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CoolSwitch"=c:\windows\system32\taskswitch.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Creative KSRun Persistence Module"=RunDll32 KSRun.dll,RunDLLEntry
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9.4.2010 8:25 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9.4.2010 8:25 25240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8.4.2010 4:07 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8.4.2010 4:08 95872]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [20.2.2010 0:00 148744]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8.4.2010 4:07 810120]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.9.2010 17:12 1051968]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l150x86.sys [11.6.2010 18:33 36224]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [14.6.2010 11:34 1180672]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [18.10.2010 10:19 845184]
R3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [18.10.2010 10:19 1830912]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 11:18 10064]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [11.2.2010 6:01 9472]
S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [14.6.2010 11:32 188416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.6.2010 2:57 136176]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [18.10.2010 10:09 79360]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [11.2.2010 5:58 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.6.2010 18:18 685816]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
UPHClean REG_MULTI_SZ UPHClean
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'

2010-09-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 00:57]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 00:57]

2010-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-115176313-1177238915-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-15 00:41]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-115176313-1177238915-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-15 00:41]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: {ED77B15C-E7DA-4EB6-8F25-74E9F7FD5EBB} = 195.250.128.34,195.250.128.38
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\g42rxw17.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-RailNotification - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-24 14:42
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1136)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(2432)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Creative\ShareDLL\CADI\NotiMan.exe
.
**************************************************************************
.
Celkový čas: 2010-10-24 14:53:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-24 12:53

Před spuštěním: 35 809 185 792 bytes free
Po spuštění: 36 075 286 528 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 42AB8D151899AA8D8AB731FB12EFD8D0

3 položky smazány, zbatek logu vypadá čistý. Nastala nějaká změna?

Prvni dojem je, ze se procesy preci jen trochu zrychlily. S tim padanim uvidime.
Jinak dekuji pekne.

Nemáte zač!