Zkoukněte mi log prosím mam nějakej zasekanej PC

Zpráva

Hondzzikk · #1 Příspěvek od **Hondzzikk** » 07 pro 2010 20:20

Malwarebytes' Anti-Malware 1.33
Verze databáze: 1654
Windows 5.1.2600 Service Pack 3

7.12.2010 20:19:41
mbam-log-2010-12-07 (20-19-30).txt

Typ skenu: Úplný sken (C:\|D:\|)
Objektu skenováno: 228637
Uplynulý cas: 4 hour(s), 24 minute(s), 24 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 2
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

#2 Příspěvek od **Rudy** » 07 pro 2010 20:30

Máte nainstalován AV ESET NOD?

Hondzzikk · #3 Příspěvek od **Hondzzikk** » 07 pro 2010 20:46

jj mam proč?

#4 Příspěvek od **Rudy** » 07 pro 2010 22:13

Nic. Jen, že ty položky, co našel MBAM NODu patří, takže nemažte.

Hondzzikk · #5 Příspěvek od **Hondzzikk** » 08 pro 2010 09:54

dobrá..a co dál?pomůžete mi zjistit proč mam tak pomalej pc?

#6 Příspěvek od **Rudy** » 08 pro 2010 17:59

Nejprve dejte log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 .

Hondzzikk · #7 Příspěvek od **Hondzzikk** » 08 pro 2010 20:10

Logfile of random's system information tool 1.08 (written by random/random)
Run by Hondzik at 2010-12-08 20:08:41
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 71 GB (47%) free of 150 GB
Total RAM: 1023 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:09:00, on 8.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Draxysoft\Wallpaper Sequencer\Walser.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\AIMP2\AIMP2.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Documents and Settings\Hondzik\Plocha\RSIT.exe
C:\Program Files\trend micro\Hondzik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD2.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TNOD UP] "C:\Program Files\TNod User & Password Finder\TNODUP.exe" /i
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Walser] C:\Program Files\Draxysoft\Wallpaper Sequencer\Walser.exe start
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIMP2] C:\AIMP2\AIMP2.exe
O4 - HKCU\..\Run: [U36VRSFLG6] C:\DOCUME~1\Hondzik\LOCALS~1\Temp\Ipl.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Hondzik\Data aplikací\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Hondzik\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ESET HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 11955 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2010-12-03 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVD2.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVD2.dll [2010-10-18 3908192]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2010-12-03 520192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-11-11 90112]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"mouseElf"=C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE [2004-02-24 176128]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"OPSE reminder"=C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe -r C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-04-07 2145000]
"TNOD UP"=C:\Program Files\TNod User & Password Finder\TNODUP.exe [2010-04-01 1811968]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-02-22 26101032]
"Walser"=C:\Program Files\Draxysoft\Wallpaper Sequencer\Walser.exe [2008-10-16 1365504]
"RocketDock"=C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AIMP2"=C:\AIMP2\AIMP2.exe [2010-08-07 1262592]
"U36VRSFLG6"=C:\DOCUME~1\Hondzik\LOCALS~1\Temp\Ipl.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AudioDeck.lnk - C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe

C:\Documents and Settings\Hondzik\Nabídka Start\Programy\Po spuštění
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-14 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-04-27 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe"="C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe:*:Enabled:LogMeIn Hamachi"
"C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe"="C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe:10.0.0.1/255.255.255.255:Enabled:Adobe Photoshop CS4"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"
"C:\Program Files\Warcraft III\War3.exe"="C:\Program Files\Warcraft III\War3.exe:*:Enabled:Warcraft III"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\OpenTTD\openttd.exe"="C:\Program Files\OpenTTD\openttd.exe:*:Enabled:OpenTTD"
"C:\Documents and Settings\Hondzik\Plocha\P614277.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files\Oil Tycoon 2\game.exe"="C:\Program Files\Oil Tycoon 2\game.exe:*:Disabled:game"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Touchstone\Turok\Binaries\TurokGame.exe"="C:\Program Files\Touchstone\Turok\Binaries\TurokGame.exe:*:Disabled:Turok"
"C:\Program Files\PacIn\PacIn.exe"="C:\Program Files\PacIn\PacIn.exe:*:Enabled:PacIn.exe"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\FireFly Studios\Stronghold Crusader\Stronghold Crusader.exe"="C:\Program Files\FireFly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"C:\Program Files\id Software\Quake 4\Quake4.exe"="C:\Program Files\id Software\Quake 4\Quake4.exe:192.168.1.1/255.255.255.255:Enabled:Quake 4"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-12-08 20:08:42 ----D---- C:\Program Files\trend micro
2010-12-08 20:08:41 ----D---- C:\rsit
2010-12-08 19:53:37 ----D---- C:\Program Files\LogMeIn Hamachi
2010-12-07 13:25:03 ----A---- C:\WINDOWS\DXT3E21.tmp
2010-12-07 13:24:58 ----D---- C:\Program Files\directx
2010-12-07 13:24:58 ----A---- C:\WINDOWS\DXT3E1F.tmp
2010-12-07 13:13:02 ----D---- C:\Program Files\TONY HAWK+S PRO SKATER 2
2010-12-07 13:12:49 ----D---- C:\Program Files\Tony Hawk´s Pro Skater 2
2010-12-07 13:10:51 ----D---- C:\Program Files\Activision
2010-12-05 15:53:33 ----A---- C:\WINDOWS\system32\lsasrv.dll
2010-12-05 15:53:33 ----A---- C:\WINDOWS\system32\drivers\ksecdd.sys
2010-12-05 14:23:32 ----D---- C:\WINDOWS\system32\PreInstall
2010-12-05 14:10:13 ----D---- C:\Program Files\VirtualDJ
2010-12-04 22:53:22 ----D---- C:\Documents and Settings\Hondzik\Data aplikací\Hamachi
2010-12-04 22:52:40 ----D---- C:\Program Files\Hamachi
2010-12-03 18:04:47 ----A---- C:\WINDOWS\system32\difxapi.dll
2010-12-03 18:03:08 ----A---- C:\WINDOWS\system32\UnAudioNT.dll
2010-12-03 18:03:07 ----D---- C:\Program Files\VIA Technologies, Inc
2010-12-03 18:03:07 ----A---- C:\WINDOWS\system32\drivers\vsp.sys
2010-12-03 18:03:07 ----A---- C:\WINDOWS\system32\a3d.dll
2010-12-03 17:53:51 ----D---- C:\Program Files\Setup Files
2010-12-03 17:47:06 ----D---- C:\Program Files\MSI
2010-12-03 17:22:10 ----A---- C:\WINDOWS\TRNCOM.INI
2010-12-03 17:20:28 ----D---- C:\TRANSLAT
2010-12-03 17:20:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\LangSoft
2010-12-03 17:20:04 ----D---- C:\Documents and Settings\Hondzik\Data aplikací\LangSoft
2010-12-03 10:10:54 ----A---- C:\WINDOWS\imsins.BAK
2010-12-03 10:10:53 ----D---- C:\WINDOWS\system32\appmgmt
2010-12-01 14:54:10 ----D---- C:\Program Files\PacIn
2010-12-01 13:31:16 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2010-12-01 13:31:16 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-12-01 13:31:15 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2010-12-01 13:31:15 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-12-01 13:31:14 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-12-01 13:31:13 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-12-01 13:31:13 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-12-01 13:31:12 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-12-01 13:31:11 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-12-01 13:31:11 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2010-12-01 13:31:10 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-12-01 13:23:22 ----D---- C:\Program Files\City Interactive
2010-11-29 22:11:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Intel
2010-11-29 21:21:43 ----D---- C:\Documents and Settings\Hondzik\Data aplikací\Leadertech
2010-11-29 08:58:56 ----D---- C:\Program Files\Driving Simulator 2009
2010-11-28 10:25:12 ----D---- C:\Documents and Settings\Hondzik\Data aplikací\Touchstone
2010-11-28 01:18:16 ----D---- C:\WINDOWS\system32\AGEIA
2010-11-28 01:18:10 ----D---- C:\Program Files\AGEIA Technologies
2010-11-28 01:17:02 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-11-28 01:16:21 ----A---- C:\WINDOWS\disney.ini
2010-11-24 16:28:46 ----D---- C:\Program Files\Aspyr Media, Inc
2010-11-24 09:05:44 ----D---- C:\Program Files\Zuma Deluxe
2010-11-24 08:32:19 ----D---- C:\Program Files\Vietcong2
2010-11-23 14:00:13 ----D---- C:\Program Files\ConduitEngine
2010-11-23 14:00:13 ----A---- C:\WINDOWS\system32\ConduitEngine.tmp
2010-11-15 09:22:32 ----D---- C:\Documents and Settings\Hondzik\Data aplikací\THQ
2010-11-15 02:09:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2010-11-15 02:01:40 ----D---- C:\Program Files\THQ
2010-11-09 20:33:15 ----D---- C:\Program Files\Stellar Phoenix Windows Data Recovery
2010-11-09 09:44:35 ----D---- C:\lukas

======List of files/folders modified in the last 1 months======

2010-12-08 20:08:49 ----D---- C:\WINDOWS\Prefetch
2010-12-08 20:08:42 ----RD---- C:\Program Files
2010-12-08 20:08:42 ----D---- C:\WINDOWS\Temp
2010-12-08 20:00:47 ----D---- C:\Documents and Settings\Hondzik\Data aplikací\ICQ
2010-12-08 19:54:52 ----SD---- C:\WINDOWS\Tasks
2010-12-08 19:54:01 ----SHD---- C:\WINDOWS\Installer
2010-12-08 19:54:01 ----SHD---- C:\Config.Msi
2010-12-08 19:53:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-08 19:53:03 ----D---- C:\Documents and Settings\Hondzik\Data aplikací\Skype
2010-12-08 19:52:22 ----D---- C:\Documents and Settings\Hondzik\Data aplikací\skypePM
2010-12-08 19:51:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-08 12:40:32 ----SD---- C:\Moje soubory
2010-12-08 11:00:07 ----D---- C:\Documents and Settings\Hondzik\Data aplikací\Canon
2010-12-07 21:15:07 ----A---- C:\WINDOWS\NeroDigital.ini
2010-12-07 13:25:03 ----D---- C:\WINDOWS
2010-12-07 13:19:03 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-12-06 22:38:17 ----D---- C:\WINDOWS\system32
2010-12-06 22:38:13 ----D---- C:\Documents and Settings\Hondzik\Data aplikací\vlc
2010-12-05 19:12:08 ----D---- C:\WINDOWS\AppPatch
2010-12-05 16:41:30 ----RSD---- C:\WINDOWS\assembly
2010-12-05 16:36:05 ----D---- C:\WINDOWS\Microsoft.NET
2010-12-05 16:26:47 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-05 16:26:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-05 16:15:54 ----D---- C:\WINDOWS\system32\drivers
2010-12-05 16:02:25 ----HD---- C:\WINDOWS\inf
2010-12-05 15:57:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-05 15:57:26 ----D---- C:\WINDOWS\WinSxS
2010-12-05 14:22:13 ----D---- C:\WINDOWS\SoftwareDistribution
2010-12-05 14:21:58 ----D---- C:\Documents and Settings\Hondzik\Data aplikací\PriceGong
2010-12-05 14:11:03 ----RSD---- C:\WINDOWS\Fonts
2010-12-05 11:37:42 ----D---- C:\WINDOWS\system32\config
2010-12-03 18:05:12 ----D---- C:\WINDOWS\system32\CatRoot
2010-12-03 18:03:20 ----D---- C:\WINDOWS\system
2010-12-03 17:16:00 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-03 10:22:30 ----D---- C:\Documents and Settings\Hondzik\Data aplikací\Photodex
2010-12-03 10:14:40 ----D---- C:\Program Files\Movie Maker
2010-12-03 10:14:23 ----D---- C:\WINDOWS\RegisteredPackages
2010-12-01 13:31:18 ----D---- C:\WINDOWS\system32\DirectX
2010-11-29 22:13:42 ----D---- C:\Program Files\Common Files
2010-11-28 17:49:32 ----A---- C:\WINDOWS\WINCMD.INI
2010-11-28 01:18:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-24 08:22:35 ----A---- C:\WINDOWS\Thps3.INI
2010-11-24 08:20:34 ----D---- C:\Program Files\Super Castle Attack
2010-11-23 14:00:12 ----D---- C:\Program Files\DVDVideoSoftTB
2010-11-15 10:14:31 ----D---- C:\Program Files\Mozilla Firefox
2010-11-15 09:48:40 ----D---- C:\WINDOWS\Minidump
2010-11-15 02:01:55 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-11-15 02:01:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-11-09 20:34:41 ----A---- C:\WINDOWS\win.ini
2010-11-09 20:34:41 ----A---- C:\CKINFO.TXT

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-09-18 691696]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 9216]
R0 xfilt;VIA SATA IDE Hot-plug Driver; C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 17920]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-04-07 95872]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2008-03-17 19584]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-04-07 139192]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-14 2455040]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 42496]
R3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2003-08-07 6528]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-12-04 25280]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-27 12160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudios.sys [2003-06-16 369920]
S3 a40amel5;a40amel5; C:\WINDOWS\system32\drivers\a40amel5.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-11-22 3804416]
S3 Bridge;Most MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 EuDisk;EASEUS Disk Enumerator; C:\WINDOWS\system32\DRIVERS\EuDisk.sys [2009-12-02 122504]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
S3 FLASHSYS;FLASHSYS; \??\C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Vsp;Vsp; \??\C:\WINDOWS\system32\drivers\Vsp.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-04-27 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-04-27 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-14 483328]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2008-05-08 122880]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [2010-11-02 181312]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-14 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EHttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-04-07 33560]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-09-18 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.08 2010-12-08 20:09:09

======Uninstall list======

-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1st Page 2000 2.00 Free-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Evrsoft\1st Page 2000\Uninst.isu"
1st Page 2000-->C:\Program Files\Evrsoft\1st Page 2000\uninstall.exe
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.1.0 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A81000000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AIMP2-->C:\AIMP2\Uninstall.exe
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
Canon MP Navigator 2.0-->"C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP150-->"C:\WINDOWS\system32\CanonMP Uninstaller Information\{CA9A3609-3ECC-4574-8824-A8161A71A603}\DelDrv.exe" /U:{CA9A3609-3ECC-4574-8824-A8161A71A603} /L0x0009
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Draxysoft Wallpaper Sequencer Ultra 4.6.2.451-->"C:\Program Files\Draxysoft\Wallpaper Sequencer\unins000.exe"
DVDVideoSoftTB Toolbar-->C:\PROGRA~1\DVDVID~2\UNWISE.EXE /U C:\PROGRA~1\DVDVID~2\INSTALL.LOG
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
EVEREST Ultimate Edition v4.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FlatOut2-->"C:\Program Files\FlatOut2\unins000.exe"
Free Audio CD Burner version 1.4-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube Download 2.10-->"C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
Free YouTube to MP3 Converter version 3.8-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Genius NetScroll+ Optical Mouse-->C:\Program Files\Genius NetScroll+ Optical Mouse\Setup.exe /Uninstall
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ7.2-->"C:\Program Files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Liveupdate4-->"C:\Program Files\MSI\Live Update 4\unins000.exe"
LogMeIn Hamachi-->C:\WINDOWS\system32\\msiexec.exe /i {CE4A3D0F-D1B0-47D1-BF99-3E957C548D12} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{A2C9CD1B-2551-3AED-B244-6698FB929FA6}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{546C143E-68DC-314D-97BC-1E454E3BA429}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended CSY Language Pack-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ExtendedLP
Microsoft .NET Framework 4 Extended CSY Language Pack-->MsiExec.exe /X{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}
Microsoft .NET Framework 4 Extended-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{2F750C77-1FEC-44F9-88CC-2CE322EBD61E}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170405-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
O2 Internet Konfigurator-->C:\Program Files\TO2SSM\unSupportCenter.exe
OpenTTD 0.6.0-->C:\Program Files\OpenTTD\uninstall.exe
Opera 10.63-->MsiExec.exe /X{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}
Original War-->C:\PROGRA~1\VIRGIN~1\ORIGIN~1\UNWISE.EXE C:\PROGRA~1\VIRGIN~1\ORIGIN~1\INSTALL.LOG
PacIn: Nermessova pomsta 1.0-->C:\Program Files\PacIn\uninst.exe
Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
PC Translator-->C:\DOCUME~1\Hondzik\LOCALS~1\Temp\UN32.EXE -UP
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photodex Presenter-->C:\Program Files\Photodex Presenter\uninst.exe
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
ProShow Producer-->C:\Program Files\Photodex\ProShowProducer\uninst.exe
Quake 4(TM)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x5 -removeonly
Scorpions WinCheater-->"C:\Program Files\Scorpions WinCheater\unins000.exe"
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Softarová utilita ATI - Odinstalovat-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Stellar Phoenix Windows Data Recovery V3.0-->"C:\Program Files\Stellar Phoenix Windows Data Recovery\unins000.exe"
Stronghold Crusader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe"
Stronghold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}\setup.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
TNod User & Password Finder-->"C:\Program Files\TNod User & Password Finder\uninst-TNod.exe"
Tony Hawk's American Wasteland (TM)-->MsiExec.exe /I{3293C06B-003F-4027-8380-FFD79E38167D}
Tony Hawk's Pro Skater 2-->C:\PROGRA~1\TONYHA~1\UNINST~1\UNINST~1.EXE C:\Program Files\Tony Hawk´s Pro Skater 2\uninstall\Tony Hawk's Pro Skater 2.log
Transport Tycoon Deluxe-->C:\WINDOWS\UniFISH.exe Transport Tycoon Deluxe
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
VIA Audio Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -f"C:\PROGRA~1\VIATEC~1\VIAAUD~1/Uninst.isu"
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Virtual DJ Home - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
VLC media player 1.1.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XnView 1.82.4-->"C:\Program Files\XnView\unins000.exe"
Your Uninstaller! 2008 Version 6.0-->"C:\Program Files\Your Uninstaller 2008\unins000.exe"
Zuma Deluxe 1.0-->C:\Program Files\Zuma Deluxe\Uninstal.exe

======Security center information======

AV: ESET NOD32 Antivirus 4.2

======System event log======

Computer Name: HONDZZIKK
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Sledování umístění v síti (NLA) úspěšně odeslán.

Record Number: 11146
Source Name: Service Control Manager
Time Written: 20101128083203.000000+060
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: HONDZZIKK
Event Code: 7036
Message: Stav služby Kompatibilita pro rychlé přepínání uživatelů byl změněn na: Spuštěno

Record Number: 11145
Source Name: Service Control Manager
Time Written: 20101128083203.000000+060
Event Type: Informace
User:

Computer Name: HONDZZIKK
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Kompatibilita pro rychlé přepínání uživatelů úspěšně odeslán.

Record Number: 11144
Source Name: Service Control Manager
Time Written: 20101128083203.000000+060
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: HONDZZIKK
Event Code: 7036
Message: Stav služby Terminálová služba byl změněn na: Spuštěno

Record Number: 11143
Source Name: Service Control Manager
Time Written: 20101128083203.000000+060
Event Type: Informace
User:

Computer Name: HONDZZIKK
Event Code: 7023
Message: Služba SSHNAS byla ukončena s následující chybou:
Uvedený modul nebyl nalezen.

Record Number: 11142
Source Name: Service Control Manager
Time Written: 20101128083202.000000+060
Event Type: Chyba
User:

=====Application event log=====

Computer Name: HONDZZIKK
Event Code: 11724
Message: Product: OmniPage SE -- Removal completed successfully.

Record Number: 457
Source Name: MsiInstaller
Time Written: 20100929122218.000000+120
Event Type: Informace
User: HONDZZIKK\Hondzik

Computer Name: HONDZZIKK
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 456
Source Name: SecurityCenter
Time Written: 20100929084543.000000+120
Event Type: Informace
User:

Computer Name: HONDZZIKK
Event Code: 0
Message:
Record Number: 455
Source Name: McciCMService
Time Written: 20100929084543.000000+120
Event Type: Informace
User:

Computer Name: HONDZZIKK
Event Code: 0
Message:
Record Number: 454
Source Name: ICQ Service
Time Written: 20100929084536.000000+120
Event Type: Informace
User:

Computer Name: HONDZZIKK
Event Code: 105
Message: The service was started.

Record Number: 453
Source Name: ATI Smart
Time Written: 20100929084533.000000+120
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

#8 Příspěvek od **Rudy** » 08 pro 2010 21:27

Ještě poprosím o sken ComboFix a log z něho.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Hondzzikk · #9 Příspěvek od **Hondzzikk** » 09 pro 2010 09:23

ComboFix 10-12-08.02 - Hondzik 09.12.2010 8:43.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.176 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hondzik\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\data\WINDOWSDEFENDER.EXE
c:\documents and settings\Hondzik\Data aplikací\PriceGong
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\z.xml
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-09 do 2010-12-09 )))))))))))))))))))))))))))))))
.

2010-12-08 19:08 . 2010-12-08 19:09 -------- d-----w- c:\program files\trend micro
2010-12-08 19:08 . 2010-12-08 19:09 -------- d-----w- C:\rsit
2010-12-08 18:53 . 2010-12-08 18:53 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-12-07 12:25 . 2010-12-07 12:25 0 ----a-w- c:\windows\DXT3E21.tmp
2010-12-07 12:24 . 2010-12-07 12:24 0 ----a-w- c:\windows\DXT3E1F.tmp
2010-12-07 12:24 . 2010-12-07 12:24 -------- d-----w- c:\program files\directx
2010-12-07 12:13 . 2010-12-07 12:13 -------- d-----w- c:\program files\TONY HAWK+S PRO SKATER 2
2010-12-07 12:12 . 2010-12-08 19:45 -------- d-----w- c:\program files\Tony Hawk´s Pro Skater 2
2010-12-07 12:10 . 2010-12-07 12:10 -------- d-----w- c:\program files\Activision
2010-12-05 15:22 . 2010-12-05 15:22 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\PCHealth
2010-12-05 14:53 . 2008-04-14 08:51 727040 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-05 14:53 . 2008-04-14 00:01 92288 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-12-05 13:10 . 2010-12-06 21:38 -------- d-----w- c:\program files\VirtualDJ
2010-12-04 21:53 . 2010-12-05 15:12 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\Hamachi
2010-12-04 21:52 . 2010-12-04 21:53 -------- d-----w- c:\program files\Hamachi
2010-12-03 17:04 . 2005-11-17 14:46 337320 ----a-w- c:\windows\system32\difxapi.dll
2010-12-03 17:03 . 2003-07-04 22:14 32768 ----a-w- c:\windows\system32\UnAudioNT.dll
2010-12-03 17:03 . 2010-12-03 17:03 -------- d-----w- c:\program files\VIA Technologies, Inc
2010-12-03 17:03 . 2003-06-16 10:05 765952 ----a-w- c:\windows\system\crlds3d.dll
2010-12-03 17:03 . 2003-05-27 15:45 3351 ----a-w- c:\windows\system32\drivers\vsp.sys
2010-12-03 17:03 . 2001-10-24 09:24 98304 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2010-12-03 17:03 . 2001-10-24 09:24 98304 ----a-w- c:\windows\system32\a3d.dll
2010-12-03 16:53 . 2010-12-03 17:05 -------- d-----w- c:\program files\Setup Files
2010-12-03 16:47 . 2010-12-03 16:47 -------- d-----w- c:\program files\MSI
2010-12-03 16:20 . 2010-12-03 16:25 -------- d-----w- C:\TRANSLAT
2010-12-03 16:20 . 2010-12-03 16:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LangSoft
2010-12-03 16:20 . 2010-12-03 16:22 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\LangSoft
2010-12-03 09:16 . 2010-12-03 09:16 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\WMTools Downloaded Files
2010-12-01 13:54 . 2010-12-03 14:45 -------- d-----w- c:\program files\PacIn
2010-12-01 12:31 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-12-01 12:31 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-12-01 12:31 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-12-01 12:31 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-12-01 12:31 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-01 12:31 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-12-01 12:31 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-12-01 12:23 . 2010-12-01 12:23 -------- d-----w- c:\program files\City Interactive
2010-12-01 11:52 . 2010-12-01 11:52 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\Deployment
2010-11-29 21:11 . 2010-11-29 21:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Intel
2010-11-29 20:21 . 2010-11-29 20:21 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\Leadertech
2010-11-29 07:58 . 2010-11-29 20:20 -------- d-----w- c:\program files\Driving Simulator 2009
2010-11-28 09:25 . 2010-11-29 20:21 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\Touchstone
2010-11-28 00:18 . 2010-11-28 00:18 -------- d-----w- c:\windows\system32\AGEIA
2010-11-28 00:18 . 2010-11-29 08:39 -------- d-----w- c:\program files\AGEIA Technologies
2010-11-28 00:17 . 2010-11-29 08:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-11-24 15:37 . 2010-11-24 15:37 61440 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe
2010-11-24 15:37 . 2010-11-24 15:37 65536 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe
2010-11-24 15:37 . 2010-11-24 15:37 61440 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe
2010-11-24 15:37 . 2010-11-24 15:37 57344 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\ARPPRODUCTICON.exe
2010-11-24 15:28 . 2010-11-24 15:28 -------- d-----w- c:\program files\Aspyr Media, Inc
2010-11-24 08:05 . 2010-11-24 08:05 -------- d-----w- c:\program files\Zuma Deluxe
2010-11-24 07:32 . 2010-11-24 08:04 -------- d-----w- c:\program files\Vietcong2
2010-11-23 13:00 . 2010-11-26 10:15 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\ConduitEngine
2010-11-23 13:00 . 2010-11-23 13:00 -------- d-----w- c:\program files\ConduitEngine
2010-11-23 13:00 . 2010-11-23 13:00 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-15 08:22 . 2010-11-15 08:22 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\THQ
2010-11-15 01:09 . 2010-11-15 01:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\InstallShield
2010-11-15 01:01 . 2010-11-15 01:01 -------- d-----w- c:\program files\THQ
2010-11-15 01:01 . 2006-05-16 09:58 393216 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2010-11-15 01:01 . 2006-05-16 09:58 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2010-11-15 01:01 . 2006-05-16 09:58 283568 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe
2010-11-09 19:33 . 1998-06-23 23:00 260920 ----a-w- c:\windows\system32\MSDATGRD.OCX
2010-11-09 19:33 . 2010-11-09 19:36 -------- d-----w- c:\program files\Stellar Phoenix Windows Data Recovery
2010-11-09 08:44 . 2010-11-09 20:01 -------- d-----w- C:\lukas

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-04 21:52 . 2009-09-23 07:41 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-11-08 12:24 . 2010-11-08 12:24 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-10-13 10:16 . 2010-09-30 19:31 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-09 07:16 . 2010-10-09 07:16 2330880 ----a-w- c:\windows\system32\TUKernel.exe
2010-09-18 12:00 . 2010-09-18 11:56 6118 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-09-18 12:00 . 2010-09-18 12:00 63818 ----a-w- c:\windows\BricoPackUninst.cmd
2010-09-18 12:00 . 2008-04-14 08:52 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-09-18 11:26 . 2010-09-18 11:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-15 03:50 . 2010-09-18 12:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2010-09-18 11:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

------- Sigcheck -------

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[-] 2010-09-09 . CA15720E7B3B8FD2E7F12C8A635A6308 . 3601920 . . [7.00.6000.17092] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3gdr\mshtml.dll
[-] 2010-09-09 . C5BC248010B1B6346314AE420D7ED454 . 3605504 . . [7.00.6000.21294] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3qfe\mshtml.dll
[-] 2008-03-01 . 1DD7591221D8489E79E902EFB863C60B . 3864576 . . [7.00.6000.16640] . . c:\windows\system32\mshtml.dll
[-] 2008-03-01 . 1DD7591221D8489E79E902EFB863C60B . 3864576 . . [7.00.6000.16640] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2008-03-01 . AA61A6FAA4D691A6ED38FC1099EDE19B . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll

[-] 2010-09-09 . 41DD413E4546E25E0D0C5B8B7DEE1967 . 832512 . . [7.00.6000.17091] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3gdr\wininet.dll
[-] 2010-09-09 . 40B58A838D691766E19FA3C21B16EC41 . 841216 . . [7.00.6000.21293] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3qfe\wininet.dll
[-] 2008-03-01 . DAF3BDEEBFADFF5D423310983D648291 . 817152 . . [7.00.6000.16640] . . c:\windows\system32\wininet.dll
[-] 2008-03-01 . DAF3BDEEBFADFF5D423310983D648291 . 817152 . . [7.00.6000.16640] . . c:\windows\system32\dllcache\wininet.dll
[7] 2008-03-01 . 46A1A52EB6C86344C6EBF65B17404C90 . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-04-27 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]
"Walser"="c:\program files\Draxysoft\Wallpaper Sequencer\Walser.exe" [2008-10-16 1365504]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"AIMP2"="c:\aimp2\AIMP2.exe" [2010-08-07 1262592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"mouseElf"="c:\progra~1\GENIUS~1\GNETMOUS.EXE" [2004-02-24 176128]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
"TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1811968]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\Hondzik\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AudioDeck.lnk - c:\program files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2010-12-3 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe"=
"c:\program files\Adobe\Adobe Photoshop CS4\Photoshop.exe"= c:\program files\Adobe\Adobe Photoshop CS4\Photoshop.exe:10.0.0.1/255.255.255.255:Enabled:Adobe Photoshop CS4
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\OpenTTD\\openttd.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\PacIn\\PacIn.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\FireFly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\program files\id Software\Quake 4\Quake4.exe"= c:\program files\id Software\Quake 4\Quake4.exe:192.168.1.1/255.255.255.255:Enabled:Quake 4
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:10.0.0.1/255.255.255.255:Enabled:Adobe CSI CS4
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.9.2010 12:26 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 20:07 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7.4.2010 20:08 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.4.2010 20:07 810120]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6.12.2010 8:31 1238408]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.9.2010 12:40 247096]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [18.9.2010 12:32 6528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [8.11.2010 13:34 122504]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [3.12.2010 17:47 9216]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [3.12.2010 18:03 3351]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Free YouTube Download - c:\documents and settings\Hondzik\Data aplikací\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Hondzik\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Hondzik\Data aplikací\Mozilla\Firefox\Profiles\eekw1szj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - component: c:\documents and settings\Hondzik\Data aplikací\Mozilla\Firefox\Profiles\eekw1szj.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - c:\documents and settings\Hondzik\Data aplikací\Mozilla\Firefox\Profiles\eekw1szj.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-OPSE reminder - c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe
AddRemove-PC Translator - c:\docume~1\Hondzik\LOCALS~1\Temp\UN32.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-09 09:16
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\windows\TEMP\TMP0000003B3AC79D7D3460E130 524288 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3964)
c:\windows\system32\SHDOCVW.dll
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\system32\ntshrui.dll
c:\progra~1\GENIUS~1\WhoRU.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Photodex\ProShowProducer\ScsiAccess.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-12-09 09:22:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-09 08:22

Před spuštěním: Volných bajtů: 73 956 114 432
Po spuštění: Volných bajtů: 75 545 980 928

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=594I4B

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - DF6F4C8C10780C047C6678AF91582358

#10 Příspěvek od **Rudy** » 09 pro 2010 18:38

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\TEMP\TMP0000003B3AC79D7D3460E130

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Hondzzikk · #11 Příspěvek od **Hondzzikk** » 10 pro 2010 00:05

ComboFix 10-12-08.04 - Hondzik 09.12.2010 22:32:28.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.509 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hondzik\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Hondzik\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Hondzik\Data aplikací\PriceGong
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\z.xml

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-09 do 2010-12-09 )))))))))))))))))))))))))))))))
.

2010-12-09 18:18 . 2010-12-09 18:18 -------- d-----w- C:\found.002
2010-12-09 09:08 . 2010-12-09 09:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Winter Sports 2009
2010-12-09 09:03 . 2010-12-09 09:05 -------- d-----w- c:\program files\RTL Winter Sports 2009
2010-12-08 19:08 . 2010-12-08 19:09 -------- d-----w- c:\program files\trend micro
2010-12-08 19:08 . 2010-12-08 19:09 -------- d-----w- C:\rsit
2010-12-08 18:53 . 2010-12-08 18:53 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-12-07 12:25 . 2010-12-07 12:25 0 ----a-w- c:\windows\DXT3E21.tmp
2010-12-07 12:24 . 2010-12-07 12:24 0 ----a-w- c:\windows\DXT3E1F.tmp
2010-12-07 12:24 . 2010-12-07 12:24 -------- d-----w- c:\program files\directx
2010-12-07 12:13 . 2010-12-07 12:13 -------- d-----w- c:\program files\TONY HAWK+S PRO SKATER 2
2010-12-07 12:12 . 2010-12-09 11:01 -------- d-----w- c:\program files\Tony Hawk´s Pro Skater 2
2010-12-07 12:10 . 2010-12-07 12:10 -------- d-----w- c:\program files\Activision
2010-12-05 15:22 . 2010-12-05 15:22 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\PCHealth
2010-12-05 14:53 . 2008-04-14 08:51 727040 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-05 14:53 . 2008-04-14 00:01 92288 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-12-05 13:10 . 2010-12-06 21:38 -------- d-----w- c:\program files\VirtualDJ
2010-12-04 21:53 . 2010-12-05 15:12 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\Hamachi
2010-12-04 21:52 . 2010-12-04 21:53 -------- d-----w- c:\program files\Hamachi
2010-12-03 17:04 . 2005-11-17 14:46 337320 ----a-w- c:\windows\system32\difxapi.dll
2010-12-03 17:03 . 2003-07-04 22:14 32768 ----a-w- c:\windows\system32\UnAudioNT.dll
2010-12-03 17:03 . 2010-12-03 17:03 -------- d-----w- c:\program files\VIA Technologies, Inc
2010-12-03 17:03 . 2003-06-16 10:05 765952 ----a-w- c:\windows\system\crlds3d.dll
2010-12-03 17:03 . 2003-05-27 15:45 3351 ----a-w- c:\windows\system32\drivers\vsp.sys
2010-12-03 17:03 . 2001-10-24 09:24 98304 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2010-12-03 17:03 . 2001-10-24 09:24 98304 ----a-w- c:\windows\system32\a3d.dll
2010-12-03 16:53 . 2010-12-03 17:05 -------- d-----w- c:\program files\Setup Files
2010-12-03 16:47 . 2010-12-03 16:47 -------- d-----w- c:\program files\MSI
2010-12-03 16:20 . 2010-12-03 16:25 -------- d-----w- C:\TRANSLAT
2010-12-03 16:20 . 2010-12-03 16:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LangSoft
2010-12-03 16:20 . 2010-12-03 16:22 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\LangSoft
2010-12-03 09:16 . 2010-12-03 09:16 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\WMTools Downloaded Files
2010-12-01 13:54 . 2010-12-03 14:45 -------- d-----w- c:\program files\PacIn
2010-12-01 12:31 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-12-01 12:31 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-12-01 12:31 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-12-01 12:31 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-12-01 12:31 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-01 12:31 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-12-01 12:31 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-12-01 12:23 . 2010-12-01 12:23 -------- d-----w- c:\program files\City Interactive
2010-12-01 11:52 . 2010-12-01 11:52 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\Deployment
2010-11-29 21:11 . 2010-11-29 21:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Intel
2010-11-29 20:21 . 2010-11-29 20:21 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\Leadertech
2010-11-29 07:58 . 2010-11-29 20:20 -------- d-----w- c:\program files\Driving Simulator 2009
2010-11-28 09:25 . 2010-11-29 20:21 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\Touchstone
2010-11-28 00:18 . 2010-11-28 00:18 -------- d-----w- c:\windows\system32\AGEIA
2010-11-28 00:18 . 2010-11-29 08:39 -------- d-----w- c:\program files\AGEIA Technologies
2010-11-28 00:17 . 2010-11-29 08:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-11-24 15:37 . 2010-11-24 15:37 61440 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe
2010-11-24 15:37 . 2010-11-24 15:37 65536 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe
2010-11-24 15:37 . 2010-11-24 15:37 61440 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe
2010-11-24 15:37 . 2010-11-24 15:37 57344 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\ARPPRODUCTICON.exe
2010-11-24 15:28 . 2010-11-24 15:28 -------- d-----w- c:\program files\Aspyr Media, Inc
2010-11-24 08:05 . 2010-11-24 08:05 -------- d-----w- c:\program files\Zuma Deluxe
2010-11-24 07:32 . 2010-11-24 08:04 -------- d-----w- c:\program files\Vietcong2
2010-11-23 13:00 . 2010-11-26 10:15 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\ConduitEngine
2010-11-23 13:00 . 2010-11-23 13:00 -------- d-----w- c:\program files\ConduitEngine
2010-11-23 13:00 . 2010-11-23 13:00 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-15 08:22 . 2010-11-15 08:22 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\THQ
2010-11-15 01:09 . 2010-11-15 01:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\InstallShield
2010-11-15 01:01 . 2010-11-15 01:01 -------- d-----w- c:\program files\THQ
2010-11-15 01:01 . 2006-05-16 09:58 393216 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2010-11-15 01:01 . 2006-05-16 09:58 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2010-11-15 01:01 . 2006-05-16 09:58 283568 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-04 21:52 . 2009-09-23 07:41 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-11-08 12:24 . 2010-11-08 12:24 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-10-13 10:16 . 2010-09-30 19:31 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-09 07:16 . 2010-10-09 07:16 2330880 ----a-w- c:\windows\system32\TUKernel.exe
2010-09-18 12:00 . 2010-09-18 11:56 6118 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-09-18 12:00 . 2010-09-18 12:00 63818 ----a-w- c:\windows\BricoPackUninst.cmd
2010-09-18 12:00 . 2008-04-14 08:52 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-09-18 11:26 . 2010-09-18 11:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-15 03:50 . 2010-09-18 12:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2010-09-18 11:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

------- Sigcheck -------

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[-] 2010-09-09 . CA15720E7B3B8FD2E7F12C8A635A6308 . 3601920 . . [7.00.6000.17092] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3gdr\mshtml.dll
[-] 2010-09-09 . C5BC248010B1B6346314AE420D7ED454 . 3605504 . . [7.00.6000.21294] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3qfe\mshtml.dll
[-] 2008-03-01 . 1DD7591221D8489E79E902EFB863C60B . 3864576 . . [7.00.6000.16640] . . c:\windows\system32\mshtml.dll
[-] 2008-03-01 . 1DD7591221D8489E79E902EFB863C60B . 3864576 . . [7.00.6000.16640] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2008-03-01 . AA61A6FAA4D691A6ED38FC1099EDE19B . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll

[-] 2010-09-09 . 41DD413E4546E25E0D0C5B8B7DEE1967 . 832512 . . [7.00.6000.17091] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3gdr\wininet.dll
[-] 2010-09-09 . 40B58A838D691766E19FA3C21B16EC41 . 841216 . . [7.00.6000.21293] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3qfe\wininet.dll
[-] 2008-03-01 . DAF3BDEEBFADFF5D423310983D648291 . 817152 . . [7.00.6000.16640] . . c:\windows\system32\wininet.dll
[-] 2008-03-01 . DAF3BDEEBFADFF5D423310983D648291 . 817152 . . [7.00.6000.16640] . . c:\windows\system32\dllcache\wininet.dll
[7] 2008-03-01 . 46A1A52EB6C86344C6EBF65B17404C90 . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-04-27 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-12-09_08.16.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-09 21:25 . 2010-12-09 21:25 16384 c:\windows\Temp\Perflib_Perfdata_208.dat
- 2010-12-01 12:30 . 2010-12-01 12:30 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]
"Walser"="c:\program files\Draxysoft\Wallpaper Sequencer\Walser.exe" [2008-10-16 1365504]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"AIMP2"="c:\aimp2\AIMP2.exe" [2010-08-07 1262592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"mouseElf"="c:\progra~1\GENIUS~1\GNETMOUS.EXE" [2004-02-24 176128]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
"TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1811968]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\Hondzik\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AudioDeck.lnk - c:\program files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2010-12-3 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe"=
"c:\program files\Adobe\Adobe Photoshop CS4\Photoshop.exe"= c:\program files\Adobe\Adobe Photoshop CS4\Photoshop.exe:10.0.0.1/255.255.255.255:Enabled:Adobe Photoshop CS4
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\OpenTTD\\openttd.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\PacIn\\PacIn.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\FireFly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\program files\id Software\Quake 4\Quake4.exe"= c:\program files\id Software\Quake 4\Quake4.exe:192.168.1.1/255.255.255.255:Enabled:Quake 4
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:10.0.0.1/255.255.255.255:Enabled:Adobe CSI CS4
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.9.2010 12:26 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 20:07 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7.4.2010 20:08 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.4.2010 20:07 810120]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6.12.2010 8:31 1238408]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.9.2010 12:40 247096]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [18.9.2010 12:32 6528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [8.11.2010 13:34 122504]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [3.12.2010 17:47 9216]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [3.12.2010 18:03 3351]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Free YouTube Download - c:\documents and settings\Hondzik\Data aplikací\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Hondzik\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Hondzik\Data aplikací\Mozilla\Firefox\Profiles\eekw1szj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - component: c:\documents and settings\Hondzik\Data aplikací\Mozilla\Firefox\Profiles\eekw1szj.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - c:\documents and settings\Hondzik\Data aplikací\Mozilla\Firefox\Profiles\eekw1szj.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-09 22:42
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2010-12-09 22:46:42
ComboFix-quarantined-files.txt 2010-12-09 21:46
ComboFix2.txt 2010-12-09 08:22

Před spuštěním: Volných bajtů: 72 771 121 152
Po spuštění: Volných bajtů: 72 758 235 136

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - F7ED31B2B5C542C2B7255FCFDF55A88D

#12 Příspěvek od **Rudy** » 10 pro 2010 19:54

Ještě jednou spusťte CF tímto skriptem:

Collect::
c:\windows\DXT3E21.tmp
c:\windows\DXT3E1F.tmp

Btw: Váš antivirus asi nebude moc legální, že?

Hondzzikk · #13 Příspěvek od **Hondzzikk** » 11 pro 2010 19:09

ComboFix 10-12-11.01 - Hondzik 11.12.2010 18:54:08.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.492 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hondzik\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Hondzik\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení

file zipped: c:\windows\DXT3E1F.tmp
file zipped: c:\windows\DXT3E21.tmp
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\DXT3E1F.tmp
c:\windows\DXT3E21.tmp

c:\windows\regedit.exe . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-11 do 2010-12-11 )))))))))))))))))))))))))))))))
.

2010-12-09 18:18 . 2010-12-09 18:18 -------- d-----w- C:\found.002
2010-12-09 09:08 . 2010-12-09 09:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Winter Sports 2009
2010-12-09 09:03 . 2010-12-09 09:05 -------- d-----w- c:\program files\RTL Winter Sports 2009
2010-12-08 19:08 . 2010-12-08 19:09 -------- d-----w- c:\program files\trend micro
2010-12-08 19:08 . 2010-12-08 19:09 -------- d-----w- C:\rsit
2010-12-08 18:53 . 2010-12-08 18:53 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-12-07 12:24 . 2010-12-07 12:24 -------- d-----w- c:\program files\directx
2010-12-07 12:13 . 2010-12-07 12:13 -------- d-----w- c:\program files\TONY HAWK+S PRO SKATER 2
2010-12-07 12:12 . 2010-12-09 11:01 -------- d-----w- c:\program files\Tony Hawk´s Pro Skater 2
2010-12-07 12:10 . 2010-12-07 12:10 -------- d-----w- c:\program files\Activision
2010-12-05 15:22 . 2010-12-05 15:22 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\PCHealth
2010-12-05 14:53 . 2008-04-14 08:51 727040 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-05 14:53 . 2008-04-14 00:01 92288 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-12-05 13:10 . 2010-12-06 21:38 -------- d-----w- c:\program files\VirtualDJ
2010-12-04 21:53 . 2010-12-05 15:12 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\Hamachi
2010-12-04 21:52 . 2010-12-04 21:53 -------- d-----w- c:\program files\Hamachi
2010-12-03 17:04 . 2005-11-17 14:46 337320 ----a-w- c:\windows\system32\difxapi.dll
2010-12-03 17:03 . 2003-07-04 22:14 32768 ----a-w- c:\windows\system32\UnAudioNT.dll
2010-12-03 17:03 . 2010-12-03 17:03 -------- d-----w- c:\program files\VIA Technologies, Inc
2010-12-03 17:03 . 2003-06-16 10:05 765952 ----a-w- c:\windows\system\crlds3d.dll
2010-12-03 17:03 . 2003-05-27 15:45 3351 ----a-w- c:\windows\system32\drivers\vsp.sys
2010-12-03 17:03 . 2001-10-24 09:24 98304 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2010-12-03 17:03 . 2001-10-24 09:24 98304 ----a-w- c:\windows\system32\a3d.dll
2010-12-03 16:53 . 2010-12-03 17:05 -------- d-----w- c:\program files\Setup Files
2010-12-03 16:47 . 2010-12-03 16:47 -------- d-----w- c:\program files\MSI
2010-12-03 16:20 . 2010-12-03 16:25 -------- d-----w- C:\TRANSLAT
2010-12-03 16:20 . 2010-12-03 16:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LangSoft
2010-12-03 16:20 . 2010-12-03 16:22 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\LangSoft
2010-12-03 09:16 . 2010-12-03 09:16 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\WMTools Downloaded Files
2010-12-01 13:54 . 2010-12-03 14:45 -------- d-----w- c:\program files\PacIn
2010-12-01 12:31 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-12-01 12:31 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-12-01 12:31 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-12-01 12:31 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-12-01 12:31 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-01 12:31 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-12-01 12:31 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-12-01 12:23 . 2010-12-01 12:23 -------- d-----w- c:\program files\City Interactive
2010-12-01 11:52 . 2010-12-01 11:52 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\Deployment
2010-11-29 21:11 . 2010-11-29 21:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Intel
2010-11-29 20:21 . 2010-11-29 20:21 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\Leadertech
2010-11-29 07:58 . 2010-11-29 20:20 -------- d-----w- c:\program files\Driving Simulator 2009
2010-11-28 09:25 . 2010-11-29 20:21 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\Touchstone
2010-11-28 00:18 . 2010-11-28 00:18 -------- d-----w- c:\windows\system32\AGEIA
2010-11-28 00:18 . 2010-11-29 08:39 -------- d-----w- c:\program files\AGEIA Technologies
2010-11-28 00:17 . 2010-11-29 08:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-11-24 15:37 . 2010-11-24 15:37 61440 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe
2010-11-24 15:37 . 2010-11-24 15:37 65536 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe
2010-11-24 15:37 . 2010-11-24 15:37 61440 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe
2010-11-24 15:37 . 2010-11-24 15:37 57344 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\ARPPRODUCTICON.exe
2010-11-24 15:28 . 2010-11-24 15:28 -------- d-----w- c:\program files\Aspyr Media, Inc
2010-11-24 08:05 . 2010-11-24 08:05 -------- d-----w- c:\program files\Zuma Deluxe
2010-11-24 07:32 . 2010-11-24 08:04 -------- d-----w- c:\program files\Vietcong2
2010-11-23 13:00 . 2010-11-26 10:15 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\ConduitEngine
2010-11-23 13:00 . 2010-11-23 13:00 -------- d-----w- c:\program files\ConduitEngine
2010-11-23 13:00 . 2010-11-23 13:00 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-15 08:22 . 2010-11-15 08:22 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\THQ
2010-11-15 01:09 . 2010-11-15 01:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\InstallShield
2010-11-15 01:01 . 2010-11-15 01:01 -------- d-----w- c:\program files\THQ
2010-11-15 01:01 . 2006-05-16 09:58 393216 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2010-11-15 01:01 . 2006-05-16 09:58 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2010-11-15 01:01 . 2006-05-16 09:58 283568 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-04 21:52 . 2009-09-23 07:41 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-11-08 12:24 . 2010-11-08 12:24 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-10-13 10:16 . 2010-09-30 19:31 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-09 07:16 . 2010-10-09 07:16 2330880 ----a-w- c:\windows\system32\TUKernel.exe
2010-09-18 12:00 . 2010-09-18 11:56 6118 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-09-18 12:00 . 2010-09-18 12:00 63818 ----a-w- c:\windows\BricoPackUninst.cmd
2010-09-18 12:00 . 2008-04-14 08:52 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-09-18 11:26 . 2010-09-18 11:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-15 03:50 . 2010-09-18 12:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2010-09-18 11:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

------- Sigcheck -------

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[-] 2010-09-09 . CA15720E7B3B8FD2E7F12C8A635A6308 . 3601920 . . [7.00.6000.17092] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3gdr\mshtml.dll
[-] 2010-09-09 . C5BC248010B1B6346314AE420D7ED454 . 3605504 . . [7.00.6000.21294] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3qfe\mshtml.dll
[-] 2008-03-01 . 1DD7591221D8489E79E902EFB863C60B . 3864576 . . [7.00.6000.16640] . . c:\windows\system32\mshtml.dll
[-] 2008-03-01 . 1DD7591221D8489E79E902EFB863C60B . 3864576 . . [7.00.6000.16640] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2008-03-01 . AA61A6FAA4D691A6ED38FC1099EDE19B . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll

[-] 2010-09-09 . 41DD413E4546E25E0D0C5B8B7DEE1967 . 832512 . . [7.00.6000.17091] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3gdr\wininet.dll
[-] 2010-09-09 . 40B58A838D691766E19FA3C21B16EC41 . 841216 . . [7.00.6000.21293] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3qfe\wininet.dll
[-] 2008-03-01 . DAF3BDEEBFADFF5D423310983D648291 . 817152 . . [7.00.6000.16640] . . c:\windows\system32\wininet.dll
[-] 2008-03-01 . DAF3BDEEBFADFF5D423310983D648291 . 817152 . . [7.00.6000.16640] . . c:\windows\system32\dllcache\wininet.dll
[7] 2008-03-01 . 46A1A52EB6C86344C6EBF65B17404C90 . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-04-27 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-12-09_08.16.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-11 17:44 . 2010-12-11 17:44 16384 c:\windows\Temp\Perflib_Perfdata_894.dat
- 2010-12-01 12:30 . 2010-12-01 12:30 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]
"Walser"="c:\program files\Draxysoft\Wallpaper Sequencer\Walser.exe" [2008-10-16 1365504]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"AIMP2"="c:\aimp2\AIMP2.exe" [2010-08-07 1262592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"mouseElf"="c:\progra~1\GENIUS~1\GNETMOUS.EXE" [2004-02-24 176128]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
"TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1811968]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\Hondzik\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AudioDeck.lnk - c:\program files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2010-12-3 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe"=
"c:\program files\Adobe\Adobe Photoshop CS4\Photoshop.exe"= c:\program files\Adobe\Adobe Photoshop CS4\Photoshop.exe:10.0.0.1/255.255.255.255:Enabled:Adobe Photoshop CS4
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\OpenTTD\\openttd.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\PacIn\\PacIn.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\FireFly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\program files\id Software\Quake 4\Quake4.exe"= c:\program files\id Software\Quake 4\Quake4.exe:192.168.1.1/255.255.255.255:Enabled:Quake 4
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:10.0.0.1/255.255.255.255:Enabled:Adobe CSI CS4
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.9.2010 12:26 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 20:07 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7.4.2010 20:08 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.4.2010 20:07 810120]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6.12.2010 8:31 1238408]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.9.2010 12:40 247096]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [18.9.2010 12:32 6528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [8.11.2010 13:34 122504]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [3.12.2010 17:47 9216]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [3.12.2010 18:03 3351]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Free YouTube Download - c:\documents and settings\Hondzik\Data aplikací\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Hondzik\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Hondzik\Data aplikací\Mozilla\Firefox\Profiles\eekw1szj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - component: c:\documents and settings\Hondzik\Data aplikací\Mozilla\Firefox\Profiles\eekw1szj.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - c:\documents and settings\Hondzik\Data aplikací\Mozilla\Firefox\Profiles\eekw1szj.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 19:02
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2010-12-11 19:08:08
ComboFix-quarantined-files.txt 2010-12-11 18:08
ComboFix2.txt 2010-12-09 21:46
ComboFix3.txt 2010-12-09 08:22

Před spuštěním: Volných bajtů: 72 643 928 064
Po spuštění: Volných bajtů: 72 642 260 992

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 9823EE1E2DD4E2D2DB851B46C98CDB78

#14 Příspěvek od **Rudy** » 11 pro 2010 19:24

Soubory smazány. Budete ale muset CF spustit ještě jednou tímto skriptem:

FCopy::
c:\windows\servicepackfiles\i386\egedit.exe | c:\windows\regedit.exe

Hondzzikk · #15 Příspěvek od **Hondzzikk** » 12 pro 2010 09:37

ComboFix 10-12-11.03 - Hondzik 12.12.2010 2:16.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.480 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hondzik\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Hondzik\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.exe . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-12 do 2010-12-12 )))))))))))))))))))))))))))))))
.

2010-12-09 18:18 . 2010-12-09 18:18 -------- d-----w- C:\found.002
2010-12-09 09:08 . 2010-12-09 09:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Winter Sports 2009
2010-12-09 09:03 . 2010-12-09 09:05 -------- d-----w- c:\program files\RTL Winter Sports 2009
2010-12-08 19:08 . 2010-12-08 19:09 -------- d-----w- c:\program files\trend micro
2010-12-08 19:08 . 2010-12-08 19:09 -------- d-----w- C:\rsit
2010-12-08 18:53 . 2010-12-08 18:53 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-12-07 12:24 . 2010-12-07 12:24 -------- d-----w- c:\program files\directx
2010-12-07 12:13 . 2010-12-07 12:13 -------- d-----w- c:\program files\TONY HAWK+S PRO SKATER 2
2010-12-07 12:12 . 2010-12-09 11:01 -------- d-----w- c:\program files\Tony Hawk´s Pro Skater 2
2010-12-07 12:10 . 2010-12-07 12:10 -------- d-----w- c:\program files\Activision
2010-12-05 15:22 . 2010-12-05 15:22 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\PCHealth
2010-12-05 14:53 . 2008-04-14 08:51 727040 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-05 14:53 . 2008-04-14 00:01 92288 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-12-05 13:10 . 2010-12-06 21:38 -------- d-----w- c:\program files\VirtualDJ
2010-12-04 21:53 . 2010-12-05 15:12 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\Hamachi
2010-12-04 21:52 . 2010-12-04 21:53 -------- d-----w- c:\program files\Hamachi
2010-12-03 17:04 . 2005-11-17 14:46 337320 ----a-w- c:\windows\system32\difxapi.dll
2010-12-03 17:03 . 2003-07-04 22:14 32768 ----a-w- c:\windows\system32\UnAudioNT.dll
2010-12-03 17:03 . 2010-12-03 17:03 -------- d-----w- c:\program files\VIA Technologies, Inc
2010-12-03 17:03 . 2003-06-16 10:05 765952 ----a-w- c:\windows\system\crlds3d.dll
2010-12-03 17:03 . 2003-05-27 15:45 3351 ----a-w- c:\windows\system32\drivers\vsp.sys
2010-12-03 17:03 . 2001-10-24 09:24 98304 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2010-12-03 17:03 . 2001-10-24 09:24 98304 ----a-w- c:\windows\system32\a3d.dll
2010-12-03 16:53 . 2010-12-03 17:05 -------- d-----w- c:\program files\Setup Files
2010-12-03 16:47 . 2010-12-03 16:47 -------- d-----w- c:\program files\MSI
2010-12-03 16:20 . 2010-12-03 16:25 -------- d-----w- C:\TRANSLAT
2010-12-03 16:20 . 2010-12-03 16:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LangSoft
2010-12-03 16:20 . 2010-12-03 16:22 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\LangSoft
2010-12-03 09:16 . 2010-12-03 09:16 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\WMTools Downloaded Files
2010-12-01 13:54 . 2010-12-03 14:45 -------- d-----w- c:\program files\PacIn
2010-12-01 12:31 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-12-01 12:31 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-12-01 12:31 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-12-01 12:31 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-12-01 12:31 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-01 12:31 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-12-01 12:31 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-12-01 12:23 . 2010-12-01 12:23 -------- d-----w- c:\program files\City Interactive
2010-12-01 11:52 . 2010-12-01 11:52 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\Deployment
2010-11-29 21:11 . 2010-11-29 21:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Intel
2010-11-29 20:21 . 2010-11-29 20:21 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\Leadertech
2010-11-29 07:58 . 2010-11-29 20:20 -------- d-----w- c:\program files\Driving Simulator 2009
2010-11-28 09:25 . 2010-11-29 20:21 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\Touchstone
2010-11-28 00:18 . 2010-11-28 00:18 -------- d-----w- c:\windows\system32\AGEIA
2010-11-28 00:18 . 2010-11-29 08:39 -------- d-----w- c:\program files\AGEIA Technologies
2010-11-28 00:17 . 2010-11-29 08:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-11-24 15:37 . 2010-11-24 15:37 61440 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe
2010-11-24 15:37 . 2010-11-24 15:37 65536 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe
2010-11-24 15:37 . 2010-11-24 15:37 61440 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe
2010-11-24 15:37 . 2010-11-24 15:37 57344 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\ARPPRODUCTICON.exe
2010-11-24 15:28 . 2010-11-24 15:28 -------- d-----w- c:\program files\Aspyr Media, Inc
2010-11-24 08:05 . 2010-11-24 08:05 -------- d-----w- c:\program files\Zuma Deluxe
2010-11-24 07:32 . 2010-11-24 08:04 -------- d-----w- c:\program files\Vietcong2
2010-11-23 13:00 . 2010-11-26 10:15 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\ConduitEngine
2010-11-23 13:00 . 2010-11-23 13:00 -------- d-----w- c:\program files\ConduitEngine
2010-11-23 13:00 . 2010-11-23 13:00 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-15 08:22 . 2010-11-15 08:22 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\THQ
2010-11-15 01:09 . 2010-11-15 01:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\InstallShield
2010-11-15 01:01 . 2010-11-15 01:01 -------- d-----w- c:\program files\THQ
2010-11-15 01:01 . 2006-05-16 09:58 393216 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2010-11-15 01:01 . 2006-05-16 09:58 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2010-11-15 01:01 . 2006-05-16 09:58 283568 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-04 21:52 . 2009-09-23 07:41 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-11-08 12:24 . 2010-11-08 12:24 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-10-13 10:16 . 2010-09-30 19:31 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-09 07:16 . 2010-10-09 07:16 2330880 ----a-w- c:\windows\system32\TUKernel.exe
2010-09-18 12:00 . 2010-09-18 11:56 6118 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-09-18 12:00 . 2010-09-18 12:00 63818 ----a-w- c:\windows\BricoPackUninst.cmd
2010-09-18 12:00 . 2008-04-14 08:52 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-09-18 11:26 . 2010-09-18 11:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-15 03:50 . 2010-09-18 12:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2010-09-18 11:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

------- Sigcheck -------

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[-] 2010-09-09 . CA15720E7B3B8FD2E7F12C8A635A6308 . 3601920 . . [7.00.6000.17092] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3gdr\mshtml.dll
[-] 2010-09-09 . C5BC248010B1B6346314AE420D7ED454 . 3605504 . . [7.00.6000.21294] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3qfe\mshtml.dll
[-] 2008-03-01 . 1DD7591221D8489E79E902EFB863C60B . 3864576 . . [7.00.6000.16640] . . c:\windows\system32\mshtml.dll
[-] 2008-03-01 . 1DD7591221D8489E79E902EFB863C60B . 3864576 . . [7.00.6000.16640] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2008-03-01 . AA61A6FAA4D691A6ED38FC1099EDE19B . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll

[-] 2010-09-09 . 41DD413E4546E25E0D0C5B8B7DEE1967 . 832512 . . [7.00.6000.17091] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3gdr\wininet.dll
[-] 2010-09-09 . 40B58A838D691766E19FA3C21B16EC41 . 841216 . . [7.00.6000.21293] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3qfe\wininet.dll
[-] 2008-03-01 . DAF3BDEEBFADFF5D423310983D648291 . 817152 . . [7.00.6000.16640] . . c:\windows\system32\wininet.dll
[-] 2008-03-01 . DAF3BDEEBFADFF5D423310983D648291 . 817152 . . [7.00.6000.16640] . . c:\windows\system32\dllcache\wininet.dll
[7] 2008-03-01 . 46A1A52EB6C86344C6EBF65B17404C90 . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-04-27 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-12-09_08.16.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-12 01:04 . 2010-12-12 01:04 16384 c:\windows\Temp\Perflib_Perfdata_6ec.dat
- 2010-12-01 12:30 . 2010-12-01 12:30 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]
"Walser"="c:\program files\Draxysoft\Wallpaper Sequencer\Walser.exe" [2008-10-16 1365504]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"AIMP2"="c:\aimp2\AIMP2.exe" [2010-08-07 1262592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"mouseElf"="c:\progra~1\GENIUS~1\GNETMOUS.EXE" [2004-02-24 176128]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
"TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1811968]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\Hondzik\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AudioDeck.lnk - c:\program files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2010-12-3 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe"=
"c:\program files\Adobe\Adobe Photoshop CS4\Photoshop.exe"= c:\program files\Adobe\Adobe Photoshop CS4\Photoshop.exe:10.0.0.1/255.255.255.255:Enabled:Adobe Photoshop CS4
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\OpenTTD\\openttd.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\PacIn\\PacIn.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\FireFly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\program files\id Software\Quake 4\Quake4.exe"= c:\program files\id Software\Quake 4\Quake4.exe:192.168.1.1/255.255.255.255:Enabled:Quake 4
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:10.0.0.1/255.255.255.255:Enabled:Adobe CSI CS4
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.9.2010 12:26 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 20:07 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7.4.2010 20:08 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.4.2010 20:07 810120]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6.12.2010 8:31 1238408]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.9.2010 12:40 247096]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [18.9.2010 12:32 6528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [8.11.2010 13:34 122504]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [3.12.2010 17:47 9216]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [3.12.2010 18:03 3351]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Free YouTube Download - c:\documents and settings\Hondzik\Data aplikací\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Hondzik\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Hondzik\Data aplikací\Mozilla\Firefox\Profiles\eekw1szj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - component: c:\documents and settings\Hondzik\Data aplikací\Mozilla\Firefox\Profiles\eekw1szj.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - c:\documents and settings\Hondzik\Data aplikací\Mozilla\Firefox\Profiles\eekw1szj.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 02:29
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(1000)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Celkový čas: 2010-12-12 02:33:07
ComboFix-quarantined-files.txt 2010-12-12 01:33
ComboFix2.txt 2010-12-11 18:08
ComboFix3.txt 2010-12-09 21:46
ComboFix4.txt 2010-12-09 08:22

Před spuštěním: Volných bajtů: 72 664 264 704
Po spuštění: Volných bajtů: 72 649 781 248

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 043683ADDB32669A30AFF0BECAF563FE

VIRY.CZ

Zkoukněte mi log prosím mam nějakej zasekanej PC

Zkoukněte mi log prosím mam nějakej zasekanej PC

Re: Zkoukněte mi log prosím mam nějakej zasekanej PC

Re: Zkoukněte mi log prosím mam nějakej zasekanej PC

Re: Zkoukněte mi log prosím mam nějakej zasekanej PC

Re: Zkoukněte mi log prosím mam nějakej zasekanej PC

Re: Zkoukněte mi log prosím mam nějakej zasekanej PC

Re: Zkoukněte mi log prosím mam nějakej zasekanej PC

Re: Zkoukněte mi log prosím mam nějakej zasekanej PC

Re: Zkoukněte mi log prosím mam nějakej zasekanej PC

Re: Zkoukněte mi log prosím mam nějakej zasekanej PC

Re: Zkoukněte mi log prosím mam nějakej zasekanej PC

Re: Zkoukněte mi log prosím mam nějakej zasekanej PC

Re: Zkoukněte mi log prosím mam nějakej zasekanej PC

Re: Zkoukněte mi log prosím mam nějakej zasekanej PC

Re: Zkoukněte mi log prosím mam nějakej zasekanej PC