VIRY.CZ

Krasny den preji... bohuzel i mistr tesar se nekdy utne
Predem dekuji za pomoc, resp mrknuti se na log...


Logfile of random's system information tool 1.09 (written by random/random)
Run by jfnukal at 2011-08-21 10:24:35
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 29 GB (48%) free of 60 GB
Total RAM: 2030 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:24:54, on 21.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
D:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\DWRCST.exe
D:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
D:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\jfnukal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jfnukal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jfnukal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jfnukal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jfnukal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
d:\-= Programy =-\ostatni\TOR\Tor Browser\App\vidalia.exe
d:\-= Programy =-\ostatni\TOR\Tor Browser\App\tor.exe
d:\-= Programy =-\ostatni\TOR\Tor Browser\App\polipo.exe
d:\-= Programy =-\ostatni\TOR\Tor Browser\FirefoxPortable\App\Firefox\tbb-firefox.exe
C:\Documents and Settings\jfnukal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\jfnukal\Dokumenty\Downloads\RSIT (1).exe
C:\Program Files\trend micro\jfnukal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ddd.cz.dhl.com;2.42*;198.141.*;192.168.*;ppl;www.ppl.cz;165.72.*;160.58.*;beta.ppl.cz;*klient*;199.40.*;webmail.cz.dhl.com;ppl;165.72.75.232;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "D:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to &Teleport - C:\Program Files\Teleport Pro\teleport.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.ppl.cz
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/hou ... hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 6933469536
O16 - DPF: {68432C8E-E70F-4AE7-B93F-921DB237C6D8} (TermoPrinta Class) - http://testklient.ppl.cz/TermoPrint.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1297176871
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PPLC.cz
O17 - HKLM\Software\..\Telephony: DomainName = PPLC.cz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PPLC.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = PPLC.cz
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = PPLC.cz
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - D:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - D:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - D:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - D:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - D:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12723 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1935655697-1957994488-3719Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1935655697-1957994488-3719UA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\jfnukal\Data aplikací\Mozilla\Firefox\Profiles\eijfccta.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.3.3-alpha, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3]
"Description"=Office Live Update v1.3
"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandasecurity.com/activescan]
"Description"=Panda ActiveScan 2.0
"Path"=C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox 4.0 Beta 6\extensions\
testpilot@labs.mozilla.com
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox 4.0 Beta 6\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox 4.0 Beta 6\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\jfnukal\Data aplikací\Mozilla\Firefox\Profiles\eijfccta.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2008-06-16 191096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-27 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-07-25 823296]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-07-25 974848]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-31 8429568]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=nvHotkey.dll,Start []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-05-31 81920]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-12-05 405504]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe -hide []
"Communicator"=C:\Program Files\Microsoft Office Communicator\communicator.exe [2011-03-07 5150560]
"OfficeScanNT Monitor"=D:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [2009-04-16 746792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey []
"DameWare MRC Agent"=C:\WINDOWS\system32\DWRCST.exe [2009-02-04 78848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2910376.exe]
C:\WINDOWS\TEMP\2910376.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7097151.exe]
C:\WINDOWS\TEMP\7097151.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7099035.exe]
C:\DOCUME~1\jfnukal\LOCALS~1\Temp\7099035.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7323368.exe]
C:\WINDOWS\TEMP\7323368.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alt-Tab Thingy]
C:\Program Files\Alt-Tab Thingy v4\attmain.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator]
c:\Program Files\Microsoft Office Communicator\communicator.exe [2011-03-07 5150560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DameWare MRC Agent]
C:\WINDOWS\system32\DWRCST.exe [2009-02-04 78848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\jfnukal\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-09-17 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files\QIP 2010\qip.exe [2010-11-19 5842384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]
D:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [2009-04-16 746792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysdriver32.exe]
C:\WINDOWS\sysdriver32.exe rezerv []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysdriver32_.exe]
C:\WINDOWS\sysdriver32_.exe rezerv []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico0]
C:\WINDOWS\update.tray-15-0\svchost.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico1]
C:\WINDOWS\update.tray-14-0\svchost.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico2]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico3]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico4]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
d:\-= Programy =-\ostatni\TOR\Tor Browser\App\vidalia.exe [2011-02-25 5636136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wxpdrv]
C:\WINDOWS\services32.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-10-05 83224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager"
"D:\Programy\phone\utorrent-portable\utorrent.exe"="D:\Programy\phone\utorrent-portable\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Opera 10 Beta\opera.exe"="C:\Program Files\Opera 10 Beta\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Program Files\Miranda\miranda32.exe"="D:\Program Files\Miranda\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Documents and Settings\jfnukal\Dokumenty\Downloads\Flash-Player.exe"="C:\Documents and Settings\jfnukal\Dokumenty\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\jfnukal\Dokumenty\Downloads\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.tray-15-0\svchost.exe"="C:\WINDOWS\update.tray-15-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-15-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Office Communicator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Programy\phone\utorrent-portable\utorrent.exe"="D:\Programy\phone\utorrent-portable\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Opera 10 Beta\opera.exe"="C:\Program Files\Opera 10 Beta\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 R2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2011-08-21 00:08:19 ----AD---- C:\WINDOWS\VDLL.DLL
2011-08-21 00:08:19 ----AD---- C:\WINDOWS\system32\runouce.exe
2011-08-21 00:08:19 ----AD---- C:\WINDOWS\rundll16.exe
2011-08-21 00:08:19 ----AD---- C:\WINDOWS\RUNDL132.EXE
2011-08-21 00:08:19 ----AD---- C:\WINDOWS\logo1_.exe
2011-08-21 00:08:19 ----AD---- C:\WINDOWS\logo_1.exe
2011-08-20 19:55:51 ----A---- C:\WINDOWS\system32\msvcr80.dll
2011-08-20 19:55:50 ----A---- C:\WINDOWS\system32\msvcp80.dll
2011-08-20 19:55:49 ----A---- C:\WINDOWS\system32\eEmpty.exe
2011-08-20 19:55:39 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2011-08-20 19:55:39 ----A---- C:\WINDOWS\system32\T.COM
2011-08-20 19:55:39 ----A---- C:\WINDOWS\REGEDIT.COM
2011-08-20 19:55:39 ----A---- C:\WINDOWS\R.COM
2011-08-20 19:55:37 ----D---- C:\Program Files\Common Files\MicroWorld
2011-08-20 19:55:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2011-08-20 18:10:27 ----HD---- C:\WINDOWS\update.tray-14-0-lnk
2011-08-20 18:10:27 ----HD---- C:\WINDOWS\update.tray-14-0
2011-08-20 18:06:55 ----D---- C:\Program Files\Microsoft Security Client
2011-08-20 18:06:36 ----D---- C:\ce8f0dac9c344c6ef11b8f2cf8b892
2011-08-20 18:00:51 ----D---- C:\rsit
2011-08-20 18:00:51 ----D---- C:\Program Files\trend micro
2011-08-20 17:12:23 ----D---- C:\Program Files\Bitdefender
2011-08-20 17:08:08 ----D---- C:\Documents and Settings\jfnukal\Data aplikací\QuickScan
2011-08-20 09:50:31 ----A---- C:\WINDOWS\DCEBoot.exe
2011-08-20 09:49:44 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-08-20 09:30:35 ----A---- C:\WINDOWS\unrar.exe
2011-08-20 09:30:21 ----HD---- C:\WINDOWS\update.2
2011-08-20 09:30:02 ----HD---- C:\WINDOWS\update.7.1
2011-08-20 09:29:22 ----A---- C:\WINDOWS\iplist.txt
2011-08-20 09:28:16 ----A---- C:\WINDOWS\front_ip_list.txt
2011-08-20 09:27:47 ----D---- C:\WINDOWS\av_ico
2011-08-20 09:25:12 ----HD---- C:\WINDOWS\update.1
2011-08-20 09:25:10 ----HD---- C:\WINDOWS\update.tray-15-0-lnk
2011-08-20 09:25:10 ----HD---- C:\WINDOWS\update.tray-15-0
2011-08-19 19:12:17 ----A---- C:\WINDOWS\winlog-ids.txt
2011-08-19 19:12:17 ----A---- C:\WINDOWS\winlog-dirs.txt

======List of files/folders modified in the last 1 month======

2011-08-21 10:24:01 ----D---- C:\WINDOWS\Prefetch
2011-08-21 10:19:32 ----A---- C:\WINDOWS\wincmd.ini
2011-08-21 10:04:53 ----D---- C:\Documents and Settings\jfnukal\Data aplikací\Winamp
2011-08-21 10:04:53 ----D---- C:\Documents and Settings\jfnukal\Data aplikací\Media Player Classic
2011-08-21 10:04:48 ----D---- C:\WINDOWS\Temp
2011-08-21 10:04:48 ----D---- C:\WINDOWS\Minidump
2011-08-21 10:04:48 ----D---- C:\WINDOWS\Debug
2011-08-21 10:04:48 ----D---- C:\WINDOWS
2011-08-21 10:00:19 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-21 09:58:38 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-08-21 09:58:19 ----RD---- C:\Program Files
2011-08-21 09:57:33 ----D---- C:\WINDOWS\system32\drivers\etc
2011-08-21 00:08:19 ----D---- C:\WINDOWS\system32
2011-08-20 23:59:41 ----D---- C:\Documents and Settings
2011-08-20 22:14:05 ----SHD---- C:\WINDOWS\Installer
2011-08-20 22:10:00 ----A---- C:\WINDOWS\win.ini
2011-08-20 22:10:00 ----A---- C:\WINDOWS\system.ini
2011-08-20 22:10:00 ----A---- C:\boot.ini
2011-08-20 22:05:15 ----D---- C:\Documents and Settings\jfnukal\Data aplikací\Vidalia
2011-08-20 22:05:15 ----D---- C:\Documents and Settings\jfnukal\Data aplikací\Tor
2011-08-20 19:55:37 ----D---- C:\Program Files\Common Files
2011-08-20 19:05:17 ----HD---- C:\WINDOWS\inf
2011-08-20 18:20:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-08-20 18:17:08 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-08-20 18:16:14 ----D---- C:\WINDOWS\system32\drivers
2011-08-20 18:16:14 ----D---- C:\WINDOWS\system32\CatRoot
2011-08-20 18:07:24 ----SD---- C:\WINDOWS\Tasks
2011-08-20 17:27:03 ----SHD---- C:\WINDOWS\CSC
2011-08-20 10:31:53 ----D---- C:\Program Files\Windows Defender
2011-08-13 20:57:33 ----A---- C:\WINDOWS\NeroDigital.ini
2011-08-11 19:59:00 ----D---- C:\Program Files\Trillian
2011-08-08 13:03:13 ----D---- C:\WINDOWS\security
2011-08-08 10:16:14 ----A---- C:\WINDOWS\cfgall.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 pavboot;pavboot; C:\WINDOWS\system32\drivers\pavboot.sys [2009-06-30 28552]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver; C:\WINDOWS\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2009-02-23 78352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-03-12 21393]
R2 aksfridge;aksfridge; \??\C:\WINDOWS\system32\drivers\aksfridge.sys []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-12-02 12672]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-05-29 12416]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 TmFilter;Trend Micro Filter; \??\D:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys []
R2 TmPreFilter;Trend Micro PreFilter; \??\D:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys []
R2 VSApiNt;Trend Micro VSAPI NT; \??\D:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
R3 BTHFILT;Bluetooth Command Filter; C:\WINDOWS\system32\DRIVERS\BthFilt.sys [2006-11-07 13824]
R3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
R3 DwMirror;DwMirror; C:\WINDOWS\system32\DRIVERS\DamewareMini.sys [2007-02-07 3712]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-09-19 254872]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-12-23 68696]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-09-10 45056]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-12-02 989952]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-12-02 211200]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NETw4x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-08-08 2211456]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-31 6727136]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-12-05 1222840]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2009-02-23 338960]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-12-02 731136]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2008-09-16 239744]
S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2008-09-16 19968]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CSRBC;CSRBC.Sys CSR test driver; C:\WINDOWS\System32\Drivers\csrbcxp.sys [2007-01-16 31744]
S3 GT680x;GrandTechICNameNT; C:\WINDOWS\System32\Drivers\gt680x.sys [2006-06-16 12416]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-07-16 17432]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Scan;Process creation detector for NT.; \??\C:\DOCUME~1\jfnukal\LOCALS~1\Temp\scan.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 DWMRCS;DameWare Mini Remote Control; C:\WINDOWS\system32\DWRCS.EXE [2009-02-04 234496]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2008-07-17 2549248]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ntrtscan;OfficeScanNT RealTime Scan; D:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2009-04-15 1332520]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-31 163908]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-07-25 987136]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\StacSV.exe [2007-12-05 94208]
R2 tmlisten;OfficeScan NT Listener; D:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2009-04-21 1246848]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-07-25 294912]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 TMBMServer;Trend Micro Unauthorized Change Prevention Service; D:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe [2009-03-12 341256]
R3 TmPfw;OfficeScan NT Firewall; D:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe [2009-02-23 488768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-10 135664]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-10 135664]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2007-01-09 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S3 TmProxy;OfficeScan NT Proxy Service; D:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [2009-02-23 652552]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Hezké odpoledne


Stáhněte Roguekiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
-ukončete všechny spuštěné programy
-spusťte program, pro visty/win 7 spustte pravým tlačítkem myši - jako správce
-použijte volbu 2 - enter
-pak použijte postupně i volby 3,4,5
-vložte zde logy


Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
- přejmenujte combofix na potvůrka.com

Snad vkladam dobry log chmmm


RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: jfnukal [Admin rights]
Mode: DNSFix -- Date : 08/22/2011 10:59:00

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

A ještě combofix.

Musim se na to mrknout, az bude vice casu. Kazdopadne zatim diky moc za pomoc. Nedari se mi stahnout, pri spusteni combofixu, download Konzoly pro zotavení.

jeste jednou dekuji moc. Hezký den.

Konzoli nestahujte.

Dobrý den, děkuji za trpělivost
přikládám log

ComboFix 11-09-05.06 - jfnukal 06.09.2011 7:46.1.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2030.1622 [GMT 2:00]
Spuštěný z: c:\documents and settings\jfnukal\Dokumenty\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {59E54CEB-00CB-42BF-B0BA-25312154A9B3}
FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\d.ini
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\regedit.com
c:\windows\system32\paqbonus.exe
c:\windows\system32\taskmgr.com
c:\windows\system32\UNWISE.EXE
c:\windows\system32\winping.exe
c:\windows\update.1
c:\windows\update.2
c:\windows\update.7.1
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DDSERVICE
-------\Legacy_SRVSYSDRIVER32
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-06 do 2011-09-06 )))))))))))))))))))))))))))))))
.
.
2011-09-05 13:03 . 2011-08-11 17:44 7152464 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{01BB62E9-A318-46AA-87A1-EFF454B36566}\mpengine.dll
2011-08-31 09:44 . 2011-09-06 06:11 102400 ----a-w- c:\windows\RegBootClean.exe
2011-08-25 12:26 . 2011-08-11 17:44 7152464 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-24 05:30 . 2011-08-11 17:44 7152464 ------w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-24 05:01 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-24 04:47 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-20 22:08 . 2011-08-20 22:08 -------- d---a-w- c:\windows\VDLL.DLL
2011-08-20 22:08 . 2011-08-20 22:08 -------- d---a-w- c:\windows\system32\runouce.exe
2011-08-20 22:08 . 2011-08-20 22:08 -------- d---a-w- c:\windows\rundll16.exe
2011-08-20 22:08 . 2011-08-20 22:08 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-08-20 22:08 . 2011-08-20 22:08 -------- d---a-w- c:\windows\logo1_.exe
2011-08-20 22:08 . 2011-08-20 22:08 -------- d---a-w- c:\windows\logo_1.exe
2011-08-20 17:55 . 2011-08-20 17:55 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-08-20 17:55 . 2011-08-20 17:55 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-08-20 17:55 . 2011-08-20 17:55 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-08-20 17:55 . 2008-04-14 07:52 137216 ----a-w- c:\windows\system32\T.COM
2011-08-20 17:55 . 2008-04-14 07:52 147968 ----a-w- c:\windows\R.COM
2011-08-20 17:55 . 2011-08-20 17:55 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-08-20 17:55 . 2011-08-20 17:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-08-20 17:03 . 2011-08-20 17:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\PCHealth
2011-08-20 16:16 . 2011-08-20 16:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\PCHealth
2011-08-20 16:10 . 2011-08-20 21:46 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-08-20 16:10 . 2011-08-20 21:46 -------- d--h--w- c:\windows\update.tray-14-0
2011-08-20 16:06 . 2011-08-20 16:23 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-20 16:06 . 2011-08-20 16:07 -------- d-----w- C:\ce8f0dac9c344c6ef11b8f2cf8b892
2011-08-20 16:00 . 2011-08-21 08:24 -------- d-----w- c:\program files\trend micro
2011-08-20 16:00 . 2011-08-20 16:01 -------- d-----w- C:\rsit
2011-08-20 15:12 . 2011-08-20 15:12 92841 ----a-w- c:\documents and settings\All Users\Data aplikací\1313853114.bdinstall.bin
2011-08-20 15:12 . 2011-08-20 15:12 -------- d-----w- c:\program files\Bitdefender
2011-08-20 15:08 . 2011-08-20 15:08 -------- d-----w- c:\documents and settings\jfnukal\Data aplikací\QuickScan
2011-08-20 13:47 . 2011-08-20 13:47 -------- d-----w- c:\documents and settings\Administrator.NTB0901XP\Local Settings\Data aplikací\Opera
2011-08-20 08:36 . 2011-08-20 08:36 -------- d-----w- c:\documents and settings\Administrator.NTB0901XP\Data aplikací\Apple Computer
2011-08-20 08:36 . 2011-08-20 08:36 -------- d-----w- c:\documents and settings\Administrator.NTB0901XP\Local Settings\Data aplikací\Apple Computer
2011-08-20 08:35 . 2011-08-20 13:47 -------- d-----w- c:\documents and settings\Administrator.NTB0901XP\Tracing
2011-08-20 07:50 . 2011-08-20 20:41 11264 ----a-w- c:\windows\DCEBoot.exe
2011-08-20 07:30 . 2011-08-20 07:30 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-08-20 07:30 . 2011-08-20 07:30 246272 ----a-w- c:\windows\unrar.exe
2011-08-20 07:27 . 2011-08-20 16:14 -------- d-----w- c:\windows\av_ico
2011-08-20 07:25 . 2011-08-20 21:46 -------- d--h--w- c:\windows\update.tray-15-0-lnk
2011-08-20 07:25 . 2011-08-20 21:46 -------- d--h--w- c:\windows\update.tray-15-0
2011-08-19 17:12 . 2011-08-19 17:12 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-08-08 06:00 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{8771F859-144E-4D57-AC88-93A333816F67}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-20 07:29 . 2011-06-23 07:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-03 21:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-13 03:39 . 2009-03-16 15:06 6881616 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-07-08 14:02 . 2001-10-25 14:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2009-03-12 10:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2004-08-17 13:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 18:31 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 12:05 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-17 13:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-09 06:40 . 2009-03-12 10:42 98304 ----a-w- c:\windows\DUMP89c1.tmp
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"nwiz"="nwiz.exe" [2007-05-31 1626112]
"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 405504]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2011-03-07 5150560]
"OfficeScanNT Monitor"="d:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-04-16 746792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2009-02-04 78848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 07:52 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator]
2011-03-07 11:43 5150560 ----a-w- c:\program files\Microsoft Office Communicator\communicator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-17 09:04 133104 ----atw- c:\documents and settings\jfnukal\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 15:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2010-11-19 14:11 5842384 ----a-w- c:\program files\QIP 2010\qip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]
2009-04-16 03:11 746792 ----a-w- d:\program files\Trend Micro\OfficeScan Client\PccNTMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
2011-02-25 00:05 5636136 ----a-w- d:\-= programy =-\ostatni\TOR\Tor Browser\App\vidalia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=
"d:\\Program Files\\Miranda\\miranda32.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"30323:TCP"= 30323:TCP:Trend Micro OfficeScan Listener
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [28.3.2011 9:03 28552]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [15.2.2007 19:00 26624]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 TmFilter;Trend Micro Filter;d:\program files\Trend Micro\OfficeScan Client\TmXpflt.sys [26.11.2007 13:38 249424]
R2 TmPreFilter;Trend Micro PreFilter;d:\program files\Trend Micro\OfficeScan Client\TmPreflt.sys [26.11.2007 13:38 36432]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [7.2.2007 19:00 3712]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [26.11.2007 13:38 338960]
R3 TmPfw;OfficeScan NT Firewall;d:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [26.11.2007 13:38 488768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.11.2009 13:58 135664]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [23.3.2010 12:53 51792]
S2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]
S3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\drivers\BthFilt.sys [20.3.2009 10:04 13824]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10.11.2009 13:58 135664]
S3 TmProxy;OfficeScan NT Proxy Service;d:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [26.11.2007 13:38 652552]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [17.8.2004 15:49 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 11:58]
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 11:58]
.
2011-08-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Settings,ProxyOverride = ddd.cz.dhl.com;2.42*;198.141.*;192.168.*;ppl;www.ppl.cz;165.72.*;160.58.*;beta.ppl.cz;*klient*;199.40.*;webmail.cz.dhl.com;ppl;165.72.75.232;<local>
uInternet Settings,ProxyServer = proxy.ppl.cz:8080
IE: Add to &Teleport - c:\program files\Teleport Pro\teleport.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: ppl.cz
TCP: DhcpNameServer = 192.168.102.214 192.168.100.10
DPF: {68432C8E-E70F-4AE7-B93F-921DB237C6D8} - hxxp://testklient.ppl.cz/TermoPrint.cab
FF - ProfilePath - c:\documents and settings\jfnukal\Data aplikací\Mozilla\Firefox\Profiles\eijfccta.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 6\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
MSConfigStartUp-Alt-Tab Thingy - c:\program files\Alt-Tab Thingy v4\attmain.exe
MSConfigStartUp-sysdriver32 - c:\windows\sysdriver32.exe
MSConfigStartUp-sysdriver32_ - c:\windows\sysdriver32_.exe
MSConfigStartUp-tray_ico0 - c:\windows\update.tray-15-0\svchost.exe
MSConfigStartUp-tray_ico1 - c:\windows\update.tray-14-0\svchost.exe
MSConfigStartUp-wxpdrv - c:\windows\services32.exe
AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE
AddRemove-Microsoft Security Client - c:\program files\Microsoft Security Client\Setup.exe
AddRemove-Your Freedom - c:\program files\Your Freedom\uninstall.exe
AddRemove-Your_Deploy_0 - c:\program files\Your Freedom\Uninstall.exe
AddRemove-Google Chrome - c:\documents and settings\jfnukal\Local Settings\Data aplikací\Google\Chrome\Application\7.0.517.0\Installer\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-06 08:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="2BEDFA1770BF521135A1A9D25553A298F7026DD75FC5EF2838F93B1DA6DF42858AA5476628C06A2CA9B4DCCFB0AE1B03E81FB820D22D1459B2AA85F9E870DEB514BFD2C9B51513775F0AB2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D67949DB7CE019D40AA5CA6A0AC4980AC7933447E7B73B1ED49E1D1DF398AFAD56F5918424178F2AB30644A79CB6334710884FA8F07E19B365ECF8FD953C2E833277E9198506BAA7BD99542B935BF84BC350E0294859D3B0954A30C4604E51AB6901DFC9507199D533AB62AEA9001F81D190F4E543DEA6291C42A7EA17E71B68EC389740328D8E8810747A246CC77C3A0A6CD25996DB27541001673E5ED87772C8EFEE82D6AA4BA97A9ABA30BCF96A61C06F72335C503EDCA09FBC91470ED2BC36F9BA166F99BD5EA40A974FC6F77FBA68F1F34FA6B8AD8A719D5B4B1978EB4CE1E61B584F48291181C6EB46078542F99D3B59D4178A0581399803EC76A77890A7F3711E16E3DD97AC18754032A8D3F161395736478BB218D2C3DBF61E15BB377B267F5DAED59ADB6ECE99B31BAA7C3FD45FA24C36DFAFCDB22336A8FEC8ED2DA07A07852ED049FB1086C22BD504BE1F794846B444C9E488505E84069EB0C184001F5012D5D10D894384AD68087C1D6F160B85DCBFD0A74D60FCD1C84B6F0C9715ADB4E5520F5134F50A17B5370FDF3183A7FE0C6DE48875F303227FD9700C201FD2D6E370CCF9D92DA78A5150F119CDEE825302540059AF38B4DE1F74A1EEFC48DAA4846EC5C5CD615353F285B3548FCE559D95A6812DA2CF8B5A0958256D5D4DD739377817E455371A20573C14504EEE131425D8EE2896505EB0B02E556090FF5905D447D3D6608947089E1A14170F13E251E2BE1917B3F6D4F9CE58F6F3494936B072B0743DBB6D73333E0CECB42891291794381DA1A9CA625A4F40C17164927D0C32C3A5FDA66C8DFBB6412AFC07EA637B228031F63A6571848635D680058D4F59D4E2505AA5FA9533063A7D649D97B39FB62EEE4E7C9DC35FD69FA21592D75EFF09BCACA25306F4D7157BE51C9EC42A05EFCC352CC36466D11C24CA29BF995396FA0226CBB2C437137BFFB54C849E2DAB1087136CC605516A33232F3553374AF9C6E17476F6904458B9E77B55EC5F6B6A617DC8133FD83E8287AFD3D29130996511D08DFD8C04236C8FABCF136FECC6A3FC1DF48628EFA0365E4754D4D9579143B43475B23D1431225DE4BA911D3E70CD1A4C644CF509C66783F51950B7C24325B811E868D7D810EA35A98A1C1E5FD1A0BDDD2D083477AF7D0D741AD424C185F0476454EEA6A2A409E7F0C3F329E79746711B9711D3DDC013206E6CC63CE9A6E614BEC47A3039DA4C3E3018FDD27F8DD3B6823494B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2188)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\DWRCS.EXE
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
d:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\StacSV.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\SearchIndexer.exe
d:\program files\Trend Micro\OfficeScan Client\tmlisten.exe
d:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Celkový čas: 2011-09-06 08:23:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-06 06:23
.
Před spuštěním: Volných bajtů: 27 780 825 088
Po spuštění: Volných bajtů: 28 891 656 192
.
- - End Of File - - AED70D67C74C48060E302DCBCAD88A2A

Omlouvám se za zpoždění

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

no vy se fakt nemusite omlouvat

ComboFix 11-09-05.06 - jfnukal 07.09.2011 12:29:31.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2030.894 [GMT 2:00]
Spuštěný z: c:\documents and settings\jfnukal\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\jfnukal\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {59E54CEB-00CB-42BF-B0BA-25312154A9B3}
FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_defender_start.ico
c:\windows\av_ico\ico_Essentials_start.ico
c:\windows\ehome\medctrro.exe
c:\windows\unrar.exe
c:\windows\update.tray-14-0-lnk
c:\windows\update.tray-14-0
c:\windows\update.tray-15-0-lnk
c:\windows\update.tray-15-0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-07 do 2011-09-07 )))))))))))))))))))))))))))))))
.
.
2011-09-07 05:18 . 2011-08-11 17:44 7152464 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C4FE0AFC-49E4-4AA1-845D-6729D9D7C0FB}\mpengine.dll
2011-08-24 05:30 . 2011-08-11 17:44 7152464 ------w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-24 05:01 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-24 04:47 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-20 22:08 . 2011-08-20 22:08 -------- d---a-w- c:\windows\VDLL.DLL
2011-08-20 22:08 . 2011-08-20 22:08 -------- d---a-w- c:\windows\system32\runouce.exe
2011-08-20 22:08 . 2011-08-20 22:08 -------- d---a-w- c:\windows\rundll16.exe
2011-08-20 22:08 . 2011-08-20 22:08 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-08-20 22:08 . 2011-08-20 22:08 -------- d---a-w- c:\windows\logo1_.exe
2011-08-20 22:08 . 2011-08-20 22:08 -------- d---a-w- c:\windows\logo_1.exe
2011-08-20 17:55 . 2011-08-20 17:55 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-08-20 17:55 . 2011-08-20 17:55 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-08-20 17:55 . 2011-08-20 17:55 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-08-20 17:55 . 2008-04-14 07:52 137216 ----a-w- c:\windows\system32\T.COM
2011-08-20 17:55 . 2008-04-14 07:52 147968 ----a-w- c:\windows\R.COM
2011-08-20 17:55 . 2011-08-20 17:55 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-08-20 17:55 . 2011-08-20 17:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-08-20 17:03 . 2011-08-20 17:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\PCHealth
2011-08-20 16:16 . 2011-08-20 16:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\PCHealth
2011-08-20 16:06 . 2011-08-20 16:23 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-20 16:06 . 2011-08-20 16:07 -------- d-----w- C:\ce8f0dac9c344c6ef11b8f2cf8b892
2011-08-20 16:00 . 2011-08-21 08:24 -------- d-----w- c:\program files\trend micro
2011-08-20 16:00 . 2011-08-20 16:01 -------- d-----w- C:\rsit
2011-08-20 15:12 . 2011-08-20 15:12 92841 ----a-w- c:\documents and settings\All Users\Data aplikací\1313853114.bdinstall.bin
2011-08-20 15:12 . 2011-08-20 15:12 -------- d-----w- c:\program files\Bitdefender
2011-08-20 15:08 . 2011-08-20 15:08 -------- d-----w- c:\documents and settings\jfnukal\Data aplikací\QuickScan
2011-08-20 13:47 . 2011-08-20 13:47 -------- d-----w- c:\documents and settings\Administrator.NTB0901XP\Local Settings\Data aplikací\Opera
2011-08-20 08:36 . 2011-08-20 08:36 -------- d-----w- c:\documents and settings\Administrator.NTB0901XP\Data aplikací\Apple Computer
2011-08-20 08:36 . 2011-08-20 08:36 -------- d-----w- c:\documents and settings\Administrator.NTB0901XP\Local Settings\Data aplikací\Apple Computer
2011-08-20 08:35 . 2011-08-20 13:47 -------- d-----w- c:\documents and settings\Administrator.NTB0901XP\Tracing
2011-08-20 07:50 . 2011-08-20 20:41 11264 ----a-w- c:\windows\DCEBoot.exe
2011-08-20 07:30 . 2011-08-20 07:30 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-08-19 17:12 . 2011-08-19 17:12 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-20 07:29 . 2011-06-23 07:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-03 21:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-13 03:39 . 2011-08-08 06:00 6881616 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{8771F859-144E-4D57-AC88-93A333816F67}\mpengine.dll
2011-07-13 03:39 . 2009-03-16 15:06 6881616 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-07-08 14:02 . 2001-10-25 14:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2009-03-12 10:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2004-08-17 13:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 18:31 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 12:05 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-17 13:49 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-06_06.18.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-06 06:32 . 2011-09-06 06:32 16384 c:\windows\temp\Perflib_Perfdata_24c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"nwiz"="nwiz.exe" [2007-05-31 1626112]
"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 405504]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2011-03-07 5150560]
"OfficeScanNT Monitor"="d:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-04-16 746792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2009-02-04 78848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 07:52 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator]
2011-03-07 11:43 5150560 ----a-w- c:\program files\Microsoft Office Communicator\communicator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-17 09:04 133104 ----atw- c:\documents and settings\jfnukal\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 15:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2010-11-19 14:11 5842384 ----a-w- c:\program files\QIP 2010\qip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]
2009-04-16 03:11 746792 ----a-w- d:\program files\Trend Micro\OfficeScan Client\PccNTMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
2011-02-25 00:05 5636136 ----a-w- d:\-= programy =-\ostatni\TOR\Tor Browser\App\vidalia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=
"d:\\Program Files\\Miranda\\miranda32.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"30323:TCP"= 30323:TCP:Trend Micro OfficeScan Listener
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [28.3.2011 9:03 28552]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [15.2.2007 19:00 26624]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 TmFilter;Trend Micro Filter;d:\program files\Trend Micro\OfficeScan Client\TmXpflt.sys [26.11.2007 13:38 249424]
R2 TmPreFilter;Trend Micro PreFilter;d:\program files\Trend Micro\OfficeScan Client\TmPreflt.sys [26.11.2007 13:38 36432]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [7.2.2007 19:00 3712]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [26.11.2007 13:38 338960]
R3 TmPfw;OfficeScan NT Firewall;d:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [26.11.2007 13:38 488768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.11.2009 13:58 135664]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [23.3.2010 12:53 51792]
S2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]
S3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\drivers\BthFilt.sys [20.3.2009 10:04 13824]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10.11.2009 13:58 135664]
S3 TmProxy;OfficeScan NT Proxy Service;d:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [26.11.2007 13:38 652552]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [17.8.2004 15:49 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 11:58]
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 11:58]
.
2011-08-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Settings,ProxyOverride = ddd.cz.dhl.com;2.42*;198.141.*;192.168.*;ppl;www.ppl.cz;165.72.*;160.58.*;beta.ppl.cz;*klient*;199.40.*;webmail.cz.dhl.com;ppl;165.72.75.232;<local>
uInternet Settings,ProxyServer = 127.0.0.1:8118
IE: Add to &Teleport - c:\program files\Teleport Pro\teleport.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: ppl.cz
TCP: DhcpNameServer = 192.168.102.214 192.168.100.10
DPF: {68432C8E-E70F-4AE7-B93F-921DB237C6D8} - hxxp://testklient.ppl.cz/TermoPrint.cab
FF - ProfilePath - c:\documents and settings\jfnukal\Data aplikací\Mozilla\Firefox\Profiles\eijfccta.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 6\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-07 12:36
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="2BEDFA1770BF521135A1A9D25553A298F7026DD75FC5EF2838F93B1DA6DF42858AA5476628C06A2CA9B4DCCFB0AE1B03E81FB820D22D1459B2AA85F9E870DEB514BFD2C9B51513775F0AB2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D67949DB7CE019D40AA5CA6A0AC4980AC7933447E7B73B1ED49E1D1DF398AFAD56F5918424178F2AB30644A79CB6334710884FA8F07E19B365ECF8FD953C2E833277E9198506BAA7BD99542B935BF84BC350E0294859D3B0954A30C4604E51AB6901DFC9507199D533AB62AEA9001F81D190F4E543DEA6291C42A7EA17E71B68EC389740328D8E8810747A246CC77C3A0A6CD25996DB27541001673E5ED87772C8EFEE82D6AA4BA97A9ABA30BCF96A61C06F72335C503EDCA09FBC91470ED2BC36F9BA166F99BD5EA40A974FC6F77FBA68F1F34FA6B8AD8A719D5B4B1978EB4CE1E61B584F48291181C6EB46078542F99D3B59D4178A0581399803EC76A77890A7F3711E16E3DD97AC18754032A8D3F161395736478BB218D2C3DBF61E15BB377B267F5DAED59ADB6ECE99B31BAA7C3FD45FA24C36DFAFCDB22336A8FEC8ED2DA07A07852ED049FB1086C22BD504BE1F794846B444C9E488505E84069EB0C184001F5012D5D10D894384AD68087C1D6F160B85DCBFD0A74D60FCD1C84B6F0C9715ADB4E5520F5134F50A17B5370FDF3183A7FE0C6DE48875F303227FD9700C201FD2D6E370CCF9D92DA78A5150F119CDEE825302540059AF38B4DE1F74A1EEFC48DAA4846EC5C5CD615353F285B3548FCE559D95A6812DA2CF8B5A0958256D5D4DD739377817E455371A20573C14504EEE131425D8EE2896505EB0B02E556090FF5905D447D3D6608947089E1A14170F13E251E2BE1917B3F6D4F9CE58F6F3494936B072B0743DBB6D73333E0CECB42891291794381DA1A9CA625A4F40C17164927D0C32C3A5FDA66C8DFBB6412AFC07EA637B228031F63A6571848635D680058D4F59D4E2505AA5FA9533063A7D649D97B39FB62EEE4E7C9DC35FD69FA21592D75EFF09BCACA25306F4D7157BE51C9EC42A05EFCC352CC36466D11C24CA29BF995396FA0226CBB2C437137BFFB54C849E2DAB1087136CC605516A33232F3553374AF9C6E17476F6904458B9E77B55EC5F6B6A617DC8133FD83E8287AFD3D29130996511D08DFD8C04236C8FABCF136FECC6A3FC1DF48628EFA0365E4754D4D9579143B43475B23D1431225DE4BA911D3E70CD1A4C644CF509C66783F51950B7C24325B811E868D7D810EA35A98A1C1E5FD1A0BDDD2D083477AF7D0D741AD424C185F0476454EEA6A2A409E7F0C3F329E79746711B9711D3DDC013206E6CC63CE9A6E614BEC47A3039DA4C3E3018FDD27F8DD3B6823494B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1528)
c:\windows\system32\msctfime.ime
.
Celkový čas: 2011-09-07 12:38:37
ComboFix-quarantined-files.txt 2011-09-07 10:38
ComboFix2.txt 2011-09-06 06:23
.
Před spuštěním: Volných bajtů: 29 082 185 728
Po spuštění: Volných bajtů: 29 059 751 936
.
- - End Of File - - A271205FF4C094C91C6C6236B704C68E

Jak to vypadá s počítačem?
Ještě otestujte na www.virustotal.com
c:\windows\DCEBoot.exe

Dobrý den,
vypadá to ok. Vámi uváděný soubor v pohodě.

Pokud už se nic nevyskytne, díky moc...jsem dlužníkem

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://tharifas.sweb.cz/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?