Nekdo je napojen na moje PC - jak se ho zbavim ?

[roomm]

Pri vypinani pc se mi objevi hlaska o pripojenem uzivateli a o ztrate dat pokud pc vypnu. Ale na muj pc neni nikdo pripojen aspon jsem k tomu nikomu nedaval souhlas. Je mozne ze se tak stalo diky nejakemu viru ? jak zjistim o co se jedna a jak toto muzu odstarnit ? Diky za pomoc Roman

[motji]

Hezké dopoledne

koukneme na to, zatím poprosím o log ze Rsitu, viz můj podpis

[roomm]

System drive C: has 451 GB (95%) free of 477 GB
Total RAM: 3326 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:54, on 29.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\docume~1\roman\locals~1\temp\cdm\{80697324-3223-42be-9a3f-8ad934f82595}\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\Roman\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Roman.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ctivex.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5427755328
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.909.8267 (GoogleDesktopManager-090809-085438) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\docume~1\roman\locals~1\temp\cdm\{80697324-3223-42be-9a3f-8ad934f82595}\STacSV.exe

--
End of file - 11001 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1409082233-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1409082233-839522115-1003UA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-06-27 143360]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-06-27 163840]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-06-27 135168]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-04-10 413696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-25 13680640]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-25 86016]
"Device Detector"=DevDetect.exe -autorun []
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-14 30192]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-14 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-10-13 133104]
"AdobeBridge"= []
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]

C:\Documents and Settings\Roman\Nabídka Start\Programy\Po spuštění
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-06-27 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Jalbum\Jalbum.exe"="C:\Program Files\Jalbum\Jalbum.exe:*:Enabled:Jalbum"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 1 months======

2009-10-29 10:47:46 ----D---- C:\rsit
2009-10-29 10:47:46 ----D---- C:\Program Files\trend micro
2009-10-28 16:34:27 ----D---- C:\Documents and Settings\Roman\Data aplikací\Google
2009-10-26 11:06:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\NOS
2009-10-21 11:46:41 ----D---- C:\Program Files\Topaz Labs
2009-10-21 11:37:36 ----D---- C:\Documents and Settings\Roman\Data aplikací\IrfanView
2009-10-21 11:37:35 ----D---- C:\Program Files\IrfanView
2009-10-21 09:05:09 ----D---- C:\Documents and Settings\Roman\Data aplikací\JAlbum
2009-10-21 08:59:52 ----D---- C:\Program Files\Jalbum
2009-10-19 06:21:22 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-10-16 11:35:53 ----D---- C:\Documents and Settings\Roman\Data aplikací\GRETECH
2009-10-16 11:33:44 ----D---- C:\Program Files\GRETECH
2009-10-16 11:07:40 ----D---- C:\WINDOWS\Minidump
2009-10-16 10:56:01 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-16 10:55:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-16 10:54:22 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-16 10:54:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-16 10:54:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-16 10:54:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-16 10:53:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-16 10:53:53 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-16 10:53:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-16 10:53:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-16 10:47:02 ----D---- C:\WINDOWS\system32\KB905474
2009-10-15 11:41:06 ----D---- C:\Documents and Settings\Roman\Data aplikací\HDRsoft
2009-10-15 11:36:59 ----D---- C:\Program Files\PhotomatixPro3
2009-10-15 11:36:07 ----RSD---- C:\WINDOWS\assembly
2009-10-15 11:36:07 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-15 11:36:06 ----D---- C:\WINDOWS\system32\URTTemp
2009-10-15 11:34:46 ----D---- C:\Documents and Settings\Roman\Data aplikací\WinRAR
2009-10-15 11:34:07 ----D---- C:\Program Files\WinRAR
2009-10-15 10:27:44 ----D---- C:\Documents and Settings\Roman\Data aplikací\XnView
2009-10-15 10:27:33 ----D---- C:\Program Files\XnView
2009-10-15 10:04:43 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-10-15 09:20:42 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-10-15 09:12:28 ----D---- C:\WINDOWS\system32\appmgmt
2009-10-15 09:07:13 ----D---- C:\Program Files\Software602
2009-10-15 08:49:04 ----D---- C:\WINDOWS\system32\LogFiles
2009-10-14 18:15:26 ----D---- C:\WINDOWS\Sun
2009-10-14 18:15:09 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-14 18:15:09 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-14 18:15:09 ----A---- C:\WINDOWS\system32\java.exe
2009-10-14 18:15:09 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-14 18:15:01 ----D---- C:\Program Files\Java
2009-10-14 18:14:39 ----D---- C:\Documents and Settings\Roman\Data aplikací\Sun
2009-10-13 16:50:34 ----D---- C:\Program Files\Microsoft ActiveSync
2009-10-13 16:26:39 ----D---- C:\Documents and Settings\Roman\Data aplikací\ACD Systems
2009-10-13 16:26:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
2009-10-13 16:26:20 ----D---- C:\Program Files\Common Files\ACD Systems
2009-10-13 16:26:20 ----D---- C:\Program Files\ACD Systems
2009-10-13 15:59:58 ----D---- C:\WINDOWS\system32\AGEIA
2009-10-13 15:59:57 ----D---- C:\Program Files\AGEIA Technologies
2009-10-13 15:59:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-10-13 15:58:50 ----D---- C:\WINDOWS\nview
2009-10-13 15:58:50 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-10-13 15:58:10 ----D---- C:\Program Files\InstallShield Installation Information
2009-10-13 15:58:09 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-10-13 15:58:08 ----D---- C:\Program Files\My Company Name
2009-10-13 15:57:22 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-10-13 15:57:22 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-10-13 15:57:22 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-10-13 15:57:22 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-10-13 15:57:21 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-10-13 15:57:21 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-10-13 15:57:20 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-10-13 15:57:20 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-10-13 15:57:20 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-10-13 15:57:20 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-10-13 15:57:20 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-10-13 15:57:19 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-10-13 15:57:19 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-10-13 15:57:18 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-10-13 15:57:18 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-10-13 15:44:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-10-13 15:44:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-10-13 15:43:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-10-13 15:43:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-10-13 15:29:58 ----D---- C:\Program Files\HWiNFO32
2009-10-13 15:20:12 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-10-13 15:20:12 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-10-13 15:19:07 ----D---- C:\Program Files\Kolor
2009-10-13 15:14:44 ----D---- C:\Documents and Settings\Roman\Data aplikací\Apple Computer
2009-10-13 15:14:37 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-10-13 15:13:45 ----D---- C:\Program Files\iPod
2009-10-13 15:13:43 ----D---- C:\Program Files\iTunes
2009-10-13 15:13:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-13 15:13:32 ----D---- C:\Program Files\Bonjour
2009-10-13 15:13:07 ----D---- C:\Program Files\QuickTime
2009-10-13 15:13:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2009-10-13 15:12:51 ----D---- C:\Program Files\Apple Software Update
2009-10-13 15:12:44 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-13 15:12:07 ----D---- C:\Program Files\Common Files\Apple
2009-10-13 15:12:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2009-10-13 15:02:48 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-10-13 15:02:48 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-10-13 15:02:48 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-10-13 15:02:48 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-10-13 15:02:48 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-10-13 15:02:48 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-10-13 15:00:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2009-10-13 14:38:39 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-10-13 14:38:39 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-10-13 14:38:39 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-10-13 14:38:39 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-10-13 14:38:39 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-10-13 14:38:39 ----N---- C:\WINDOWS\system32\px.dll
2009-10-13 13:30:40 ----D---- C:\WINDOWS\system32\IOSUBSYS
2009-10-13 13:30:34 ----D---- C:\Program Files\Google
2009-10-13 13:00:37 ----D---- C:\Program Files\IDT
2009-10-13 13:00:37 ----A---- C:\WINDOWS\system32\stlang.dll
2009-10-13 13:00:37 ----A---- C:\WINDOWS\system32\stacsv.exe
2009-10-13 12:29:32 ----D---- C:\Program Files\Common Files\InstallShield
2009-10-13 12:20:18 ----RA---- C:\WINDOWS\system32\AdobePDFUI.dll
2009-10-13 12:20:18 ----RA---- C:\WINDOWS\system32\AdobePDF.dll
2009-10-13 12:15:30 ----D---- C:\Program Files\Adobe Media Player
2009-10-13 12:15:27 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-10-13 12:14:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2009-10-13 12:13:41 ----D---- C:\Program Files\Adobe
2009-10-13 12:11:48 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-10-13 12:01:23 ----D---- C:\Documents and Settings\Roman\Data aplikací\uTorrent
2009-10-13 12:01:20 ----D---- C:\Program Files\uTorrent
2009-10-13 11:50:41 ----D---- C:\WINDOWS\ie8updates
2009-10-13 11:50:16 ----D---- C:\WINDOWS\WBEM
2009-10-13 11:49:18 ----HDC---- C:\WINDOWS\ie8
2009-10-13 11:48:41 ----A---- C:\WINDOWS\system32\MRT.exe
2009-10-13 11:36:09 ----D---- C:\WINDOWS\Prefetch
2009-10-13 11:34:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-10-13 11:34:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-10-13 11:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-10-13 11:33:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-10-13 11:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-10-13 11:33:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-10-13 11:33:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-10-13 11:33:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-10-13 11:33:21 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-10-13 11:33:16 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-10-13 11:33:10 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-10-13 11:33:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-10-13 11:32:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-10-13 11:32:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-10-13 11:32:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-10-13 11:32:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-10-13 11:32:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-10-13 11:32:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-10-13 11:32:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-10-13 11:32:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-10-13 11:32:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-13 11:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-10-13 11:32:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-10-13 11:31:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-10-13 11:31:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-10-13 11:31:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-10-13 11:31:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-10-13 11:31:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-10-13 11:31:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-10-13 11:31:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-10-13 11:31:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-10-13 11:31:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-10-13 11:31:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-10-13 11:31:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-10-13 11:30:58 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-10-13 11:30:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-10-13 11:30:48 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-10-13 11:28:29 ----D---- C:\WINDOWS\system32\cs-cz
2009-10-13 11:28:28 ----D---- C:\WINDOWS\system32\cs
2009-10-13 11:28:28 ----D---- C:\WINDOWS\system32\bits
2009-10-13 11:28:28 ----D---- C:\WINDOWS\l2schemas
2009-10-13 11:25:05 ----A---- C:\WINDOWS\system32\h323log.txt
2009-10-13 11:24:25 ----D---- C:\WINDOWS\network diagnostic
2009-10-13 11:23:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-10-13 11:21:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-10-13 11:19:10 ----A---- C:\WINDOWS\system32\usbui.dll
2009-10-13 11:18:32 ----A---- C:\WINDOWS\imsins.BAK
2009-10-13 11:18:29 ----SHD---- C:\WINDOWS\Installer
2009-10-13 11:18:29 ----D---- C:\Program Files\Common Files\ODBC
2009-10-13 11:18:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-13 11:18:29 ----A---- C:\WINDOWS\ODBCINST.INI
2009-10-13 11:18:26 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-10-13 11:18:25 ----RD---- C:\Program Files
2009-10-13 11:18:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-13 11:18:25 ----D---- C:\Program Files\Common Files
2009-10-13 11:18:23 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-10-13 11:18:23 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-10-13 11:18:23 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-10-13 11:18:21 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-10-13 11:18:20 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-10-13 11:18:20 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-10-13 11:18:20 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-10-13 11:18:20 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-10-13 11:18:20 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-10-13 11:18:20 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-10-13 11:18:20 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-10-13 11:18:20 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-10-13 11:18:20 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-10-13 11:18:20 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-10-13 11:18:20 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-10-13 11:18:18 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-10-13 11:18:18 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-10-13 11:18:18 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-10-13 11:18:18 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-10-13 11:18:18 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-10-13 11:18:18 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-10-13 11:18:18 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-10-13 11:18:16 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-10-13 11:18:16 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-10-13 11:18:16 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-10-13 11:18:16 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-10-13 11:18:16 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-10-13 11:18:13 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2009-10-13 11:18:13 ----A---- C:\WINDOWS\system32\kbdsl.dll
2009-10-13 11:18:12 ----A---- C:\WINDOWS\system32\kbdycl.dll
2009-10-13 11:18:12 ----A---- C:\WINDOWS\system32\kbdro.dll
2009-10-13 11:18:12 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2009-10-13 11:18:12 ----A---- C:\WINDOWS\system32\kbdpl.dll
2009-10-13 11:18:12 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2009-10-13 11:18:12 ----A---- C:\WINDOWS\system32\kbdhu.dll
2009-10-13 11:18:12 ----A---- C:\WINDOWS\system32\kbdcr.dll
2009-10-13 11:18:12 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2009-10-13 11:18:12 ----A---- C:\WINDOWS\system32\irclass.dll
2009-10-13 11:18:11 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-10-13 11:18:11 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-10-13 11:18:11 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-10-13 11:18:11 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-10-13 11:18:09 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-10-13 11:18:09 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-10-13 11:18:08 ----A---- C:\WINDOWS\system32\batt.dll
2009-10-13 11:18:08 ----A---- C:\WINDOWS\notepad.exe
2009-10-13 11:18:07 ----A---- C:\WINDOWS\system32\storprop.dll
2009-10-13 11:18:01 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2009-10-13 11:17:59 ----RA---- C:\WINDOWS\SET8.tmp
2009-10-13 11:17:57 ----RA---- C:\WINDOWS\SET4.tmp
2009-10-13 11:17:55 ----RA---- C:\WINDOWS\SET3.tmp
2009-10-13 11:17:51 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-13 11:17:51 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-13 11:17:46 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-10-13 11:17:23 ----A---- C:\WINDOWS\setuplog.txt
2009-10-13 11:17:21 ----SHD---- C:\System Volume Information
2009-10-13 11:17:21 ----D---- C:\Documents and Settings
2009-10-13 11:16:31 ----SH---- C:\boot.ini
2009-10-13 11:12:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-13 11:12:09 ----RSD---- C:\WINDOWS\Fonts
2009-10-13 11:12:09 ----RD---- C:\WINDOWS\Web
2009-10-13 11:12:09 ----HD---- C:\WINDOWS\inf
2009-10-13 11:12:09 ----D---- C:\WINDOWS\WinSxS
2009-10-13 11:12:09 ----D---- C:\WINDOWS\twain_32
2009-10-13 11:12:09 ----D---- C:\WINDOWS\Temp
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\wins
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\wbem
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\usmt
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\spool
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\ShellExt
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\Setup
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\ras
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\oobe
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\npp
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\mui
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\inetsrv
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\IME
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\icsxml
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\ias
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\export
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\drivers
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\dhcp
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\config
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\3com_dmi
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\3076
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\2052
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\1054
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\1042
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\1041
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\1037
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\1033
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\1031
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\1029
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\1028
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32\1025
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system32
2009-10-13 11:12:09 ----D---- C:\WINDOWS\system
2009-10-13 11:12:09 ----D---- C:\WINDOWS\security
2009-10-13 11:12:09 ----D---- C:\WINDOWS\Resources
2009-10-13 11:12:09 ----D---- C:\WINDOWS\repair
2009-10-13 11:12:09 ----D---- C:\WINDOWS\Provisioning
2009-10-13 11:12:09 ----D---- C:\WINDOWS\pchealth
2009-10-13 11:12:09 ----D---- C:\WINDOWS\PeerNet
2009-10-13 11:12:09 ----D---- C:\WINDOWS\mui
2009-10-13 11:12:09 ----D---- C:\WINDOWS\msapps
2009-10-13 11:12:09 ----D---- C:\WINDOWS\msagent
2009-10-13 11:12:09 ----D---- C:\WINDOWS\Media
2009-10-13 11:12:09 ----D---- C:\WINDOWS\java
2009-10-13 11:12:09 ----D---- C:\WINDOWS\ime
2009-10-13 11:12:09 ----D---- C:\WINDOWS\Help
2009-10-13 11:12:09 ----D---- C:\WINDOWS\ehome
2009-10-13 11:12:09 ----D---- C:\WINDOWS\Driver Cache
2009-10-13 11:12:09 ----D---- C:\WINDOWS\Debug
2009-10-13 11:12:09 ----D---- C:\WINDOWS\Cursors
2009-10-13 11:12:09 ----D---- C:\WINDOWS\Connection Wizard
2009-10-13 11:12:09 ----D---- C:\WINDOWS\Config
2009-10-13 11:12:09 ----D---- C:\WINDOWS\AppPatch
2009-10-13 11:12:09 ----D---- C:\WINDOWS\addins
2009-10-13 11:12:09 ----D---- C:\WINDOWS
2009-10-13 11:04:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-10-13 11:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-10-13 11:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-10-13 11:04:11 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-10-13 11:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-10-13 11:04:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2009-10-13 11:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2_0$
2009-10-13 11:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB972260_0$
2009-10-13 11:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-10-13 11:03:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2009-10-13 11:03:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$
2009-10-13 11:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-10-13 11:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-10-13 11:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-10-13 11:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2009-10-13 11:02:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-10-13 11:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-10-13 11:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-10-13 11:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971633_0$
2009-10-13 11:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-10-13 11:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2009-10-13 11:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-10-13 11:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-10-13 11:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2009-10-13 11:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-10-13 11:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-10-13 11:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-10-13 11:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-10-13 11:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2009-10-13 11:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-10-13 11:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-10-13 11:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-10-13 11:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-13 11:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-10-13 11:01:18 ----D---- C:\WINDOWS\ServicePackFiles
2009-10-13 11:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-10-13 11:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-10-13 11:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2009-10-13 11:01:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2009-10-13 11:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB968537_0$
2009-10-13 11:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-10-13 11:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-10-13 11:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-10-13 11:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-10-13 11:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-10-13 11:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-10-13 11:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-10-13 11:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-10-13 10:57:18 ----D---- C:\Documents and Settings\Roman\Data aplikací\Macromedia
2009-10-13 10:57:18 ----D---- C:\Documents and Settings\Roman\Data aplikací\Adobe
2009-10-13 10:50:42 ----D---- C:\Program Files\Common Files\Adobe
2009-10-13 10:46:55 ----D---- C:\KBcertifikat
2009-10-13 10:10:56 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-10-13 10:10:34 ----D---- C:\Program Files\Microsoft Works
2009-10-13 10:10:29 ----D---- C:\Program Files\MSBuild
2009-10-13 10:10:19 ----D---- C:\Program Files\Microsoft Visual Studio
2009-10-13 10:10:19 ----D---- C:\Program Files\Common Files\DESIGNER
2009-10-13 10:08:34 ----D---- C:\WINDOWS\SHELLNEW
2009-10-13 10:08:19 ----D---- C:\Program Files\Microsoft Office
2009-10-13 10:08:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2009-10-13 10:08:06 ----RHD---- C:\MSOCache
2009-10-13 10:01:26 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-10-13 09:59:28 ----SHD---- C:\RECYCLER
2009-10-13 09:56:36 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-10-13 09:56:19 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-10-13 09:56:19 ----D---- C:\WINDOWS\system32\PreInstall
2009-10-13 09:56:19 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-10-13 09:56:18 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-10-13 09:56:18 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-13 09:54:42 ----D---- C:\Program Files\ESET
2009-10-13 09:54:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2009-10-13 09:52:54 ----D---- C:\Program Files\totalcmd
2009-10-13 09:52:54 ----A---- C:\WINDOWS\wincmd.ini
2009-10-13 09:52:40 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-10-13 09:47:50 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-10-13 09:34:47 ----D---- C:\Documents and Settings\Roman\Data aplikací\Identities
2009-10-13 09:34:46 ----HD---- C:\Program Files\Uninstall Information
2009-10-13 09:34:42 ----SD---- C:\Documents and Settings\Roman\Data aplikací\Microsoft
2009-10-13 09:34:42 ----ASH---- C:\Documents and Settings\Roman\Data aplikací\desktop.ini
2009-10-13 09:33:45 ----D---- C:\WINDOWS\SoftwareDistribution
2009-10-13 09:33:43 ----SD---- C:\WINDOWS\system32\Microsoft
2009-10-13 09:33:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-13 09:31:02 ----D---- C:\WINDOWS\system32\xircom
2009-10-13 09:31:02 ----D---- C:\Program Files\xerox
2009-10-13 09:31:02 ----D---- C:\Program Files\microsoft frontpage
2009-10-13 09:30:51 ----A---- C:\WINDOWS\control.ini
2009-10-13 09:30:51 ----A---- C:\AUTOEXEC.BAT
2009-10-13 09:30:44 ----A---- C:\WINDOWS\OEWABLog.txt
2009-10-13 09:30:41 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-10-13 09:30:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-13 09:30:05 ----RD---- C:\WINDOWS\Offline Web Pages
2009-10-13 09:30:05 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-10-13 09:30:01 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-10-13 09:29:58 ----HD---- C:\Program Files\WindowsUpdate
2009-10-13 09:29:55 ----D---- C:\Program Files\Online Services
2009-10-13 09:29:38 ----D---- C:\WINDOWS\system32\DirectX
2009-10-13 09:29:16 ----A---- C:\WINDOWS\system32\atrace.dll
2009-10-13 09:29:13 ----A---- C:\WINDOWS\system32\desktop.ini
2009-10-13 09:29:13 ----A---- C:\WINDOWS\desktop.ini
2009-10-13 09:29:06 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-10-13 09:29:05 ----A---- C:\WINDOWS\system32\acctres.dll
2009-10-13 09:29:04 ----D---- C:\Program Files\Common Files\Services
2009-10-13 09:29:01 ----SD---- C:\WINDOWS\Tasks
2009-10-13 09:29:01 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-10-13 09:29:00 ----D---- C:\Program Files\Common Files\MSSoap
2009-10-13 09:28:56 ----D---- C:\WINDOWS\srchasst
2009-10-13 09:28:55 ----D---- C:\WINDOWS\system32\Macromed
2009-10-13 09:28:52 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-10-13 09:28:52 ----A---- C:\WINDOWS\system32\wups.dll
2009-10-13 09:28:52 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-10-13 09:28:52 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-10-13 09:28:52 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-10-13 09:28:52 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-10-13 09:28:52 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-10-13 09:28:52 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-10-13 09:28:51 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-10-13 09:28:51 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-10-13 09:28:51 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-10-13 09:28:51 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-10-13 09:28:51 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-10-13 09:28:47 ----D---- C:\Program Files\Movie Maker
2009-10-13 09:28:43 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-10-13 09:28:43 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-10-13 09:28:43 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-10-13 09:28:43 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-10-13 09:28:39 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-10-13 09:28:39 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-10-13 09:28:38 ----D---- C:\WINDOWS\system32\Restore
2009-10-13 09:28:38 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-10-13 09:28:38 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-10-13 09:28:38 ----A---- C:\WINDOWS\system32\srclient.dll
2009-10-13 09:28:37 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-10-13 09:28:37 ----A---- C:\WINDOWS\system32\msconf.dll
2009-10-13 09:28:37 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-10-13 09:28:37 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-10-13 09:28:37 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-10-13 09:28:37 ----A---- C:\WINDOWS\system32\ils.dll
2009-10-13 09:28:34 ----D---- C:\Program Files\NetMeeting
2009-10-13 09:28:34 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-10-13 09:28:34 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-10-13 09:28:33 ----A---- C:\WINDOWS\system32\inetres.dll
2009-10-13 09:28:33 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-10-13 09:28:31 ----D---- C:\Program Files\Outlook Express
2009-10-13 09:28:31 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-10-13 09:28:31 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-10-13 09:28:31 ----A---- C:\WINDOWS\system32\mstask.dll
2009-10-13 09:28:30 ----A---- C:\WINDOWS\system32\isign32.dll
2009-10-13 09:28:30 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-10-13 09:28:30 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-10-13 09:28:30 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-10-13 09:28:24 ----D---- C:\Program Files\Common Files\System
2009-10-13 09:28:23 ----D---- C:\Program Files\Internet Explorer
2009-10-13 09:27:59 ----D---- C:\Program Files\ComPlus Applications
2009-10-13 09:27:58 ----A---- C:\WINDOWS\vbaddin.ini
2009-10-13 09:27:58 ----A---- C:\WINDOWS\vb.ini
2009-10-13 09:27:54 ----D---- C:\WINDOWS\Registration
2009-10-13 09:27:49 ----D---- C:\Program Files\Windows Media Player
2009-10-13 09:27:44 ----D---- C:\Program Files\Messenger
2009-10-13 09:27:40 ----D---- C:\Program Files\MSN Gaming Zone
2009-10-13 09:27:40 ----A---- C:\WINDOWS\system32\write.exe
2009-10-13 09:27:30 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-10-13 09:27:30 ----A---- C:\WINDOWS\system32\hticons.dll
2009-10-13 09:27:29 ----A---- C:\WINDOWS\system32\winchat.exe
2009-10-13 09:27:29 ----A---- C:\WINDOWS\system32\avwav.dll
2009-10-13 09:27:29 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-10-13 09:27:29 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-10-13 09:27:21 ----A---- C:\WINDOWS\system32\sol.exe
2009-10-13 09:27:21 ----A---- C:\WINDOWS\system32\charmap.exe
2009-10-13 09:27:21 ----A---- C:\WINDOWS\system32\getuname.dll
2009-10-13 09:27:21 ----A---- C:\WINDOWS\system32\calc.exe
2009-10-13 09:27:20 ----A---- C:\WINDOWS\system32\winmine.exe
2009-10-13 09:27:20 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-10-13 09:27:20 ----A---- C:\WINDOWS\system32\reset.exe
2009-10-13 09:27:20 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-10-13 09:27:20 ----A---- C:\WINDOWS\system32\freecell.exe
2009-10-13 09:27:19 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-10-13 09:27:19 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-10-13 09:27:19 ----A---- C:\WINDOWS\system32\tskill.exe
2009-10-13 09:27:19 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-10-13 09:27:19 ----A---- C:\WINDOWS\system32\tscon.exe
2009-10-13 09:27:19 ----A---- C:\WINDOWS\system32\shadow.exe
2009-10-13 09:27:19 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-10-13 09:27:19 ----A---- C:\WINDOWS\system32\regini.exe
2009-10-13 09:27:19 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-10-13 09:27:19 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-10-13 09:27:19 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-10-13 09:27:19 ----A---- C:\WINDOWS\system32\msg.exe
2009-10-13 09:27:19 ----A---- C:\WINDOWS\system32\logoff.exe
2009-10-13 09:27:18 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-10-13 09:27:18 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-10-13 09:27:17 ----A---- C:\WINDOWS\system32\stclient.dll
2009-10-13 09:27:17 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-10-13 09:27:17 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-10-13 09:27:17 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-10-13 09:27:17 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-10-13 09:27:17 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-10-13 09:27:17 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-10-13 09:27:17 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-10-13 09:27:11 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-10-13 09:27:10 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-10-13 09:27:10 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-10-13 09:27:10 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-10-13 09:27:10 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-10-13 09:27:09 ----D---- C:\Program Files\Windows NT
2009-10-13 09:27:09 ----A---- C:\WINDOWS\system32\spider.exe
2009-10-13 09:27:09 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-10-13 09:27:09 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-10-13 09:27:08 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-10-13 09:27:08 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-10-13 09:27:08 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-10-13 09:27:07 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-10-13 09:27:07 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-10-13 09:27:07 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-10-13 09:27:07 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-10-13 09:27:07 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-10-13 09:27:07 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-10-13 09:27:07 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-10-13 09:27:07 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-10-13 09:27:07 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-10-13 09:27:07 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-10-13 09:27:07 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-10-13 09:27:06 ----D---- C:\WINDOWS\system32\MsDtc
2009-10-13 09:27:06 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-10-13 09:27:06 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-10-13 09:27:06 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-10-13 09:27:06 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-10-13 09:27:06 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-10-13 09:27:05 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-10-13 09:27:05 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-10-13 09:27:05 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-10-13 09:27:05 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-10-13 09:27:04 ----D---- C:\WINDOWS\system32\Com
2009-10-13 09:27:04 ----A---- C:\WINDOWS\system32\colbact.dll
2009-10-13 09:27:04 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-10-13 09:27:04 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-10-13 09:27:04 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-10-13 09:27:04 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-10-13 09:27:03 ----A---- C:\WINDOWS\system32\comuid.dll
2009-10-13 09:27:03 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-10-13 09:27:03 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-10-13 09:26:57 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-10-13 09:26:57 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-10-13 09:26:56 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-10-13 09:26:56 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-09-30 15:11:42 ----A---- C:\WINDOWS\system32\tlisimplify20.dll
2009-09-30 12:52:56 ----A---- C:\WINDOWS\system32\tliadjust34.dll

======List of files/folders modified in the last 1 months======

2009-10-16 10:49:10 ----A---- C:\WINDOWS\win.ini
2009-10-13 14:26:02 ----A---- C:\WINDOWS\system32\diskmgmt.msc
2009-10-13 11:18:25 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-02-06 242320]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-07-09 44416]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-25 6301344]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-04-10 1271032]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-06-27 6023072]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-14 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-25 163908]
R2 STacSV;Audio Service; c:\docume~1\roman\locals~1\temp\cdm\{80697324-3223-42be-9a3f-8ad934f82595}\STacSV.exe [2008-04-10 212992]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-13 655624]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-28 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-14 30192]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

[motji]

Já v logu nic nevidím , koukneme pořádně



Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem



Stáhněte SysProt AntiRootkit
http://sites.google.com/site/sysprotantirootkit/
-rozbalte a spusťte
-přepněte do záložky Lab tab, v ní označíte vše ve sloupci Write to log.
-zmáčkněte Create log, odklikněte případné vytvoření logu.
-chvíli vyčkejte než se objeví okno s infem, kde chcete skenovat - zvolíte scan Root Drive.
-klik na Start.
-po ukončení skenu se otevře log,který zkopírujete zde.

[roomm]

ComboFix 09-10-28.06 - Roman 29.10.2009 11:09.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2454 [GMT 1:00]
Spuštěný z: c:\documents and settings\Roman\Dokumenty\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Roman\LOCALS~1\Temp\install_flash_player.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-28 do 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-29 09:47 . 2009-10-29 09:47 -------- d-----w- C:\rsit
2009-10-29 09:47 . 2009-10-29 09:47 -------- d-----w- c:\program files\trend micro
2009-10-27 07:50 . 2009-10-27 07:50 54068 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-21 10:46 . 2009-10-23 15:36 -------- d-----w- c:\program files\Topaz Labs
2009-10-21 10:37 . 2009-10-21 10:38 -------- d-----w- c:\program files\IrfanView
2009-10-21 07:59 . 2009-10-21 08:00 -------- d-----w- c:\program files\Jalbum
2009-10-19 05:21 . 2009-10-19 05:21 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-16 10:33 . 2009-10-16 10:33 -------- d-----w- c:\program files\GRETECH
2009-10-16 10:08 . 2009-10-16 10:08 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-10-16 09:47 . 2009-10-16 09:47 -------- d-----w- c:\windows\system32\KB905474
2009-10-16 09:47 . 2009-03-10 20:26 1435008 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-10-16 09:47 . 2009-03-10 20:18 454024 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-10-15 10:36 . 2009-10-15 10:37 -------- d-----w- c:\program files\PhotomatixPro3
2009-10-15 10:36 . 2009-10-15 10:36 -------- d-----w- c:\windows\system32\URTTemp
2009-10-15 09:27 . 2009-10-15 09:27 -------- d-----w- c:\program files\XnView
2009-10-15 08:20 . 2008-04-14 03:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-10-15 08:07 . 2009-10-15 08:07 -------- d-----w- c:\program files\Software602
2009-10-15 07:49 . 2009-10-15 07:49 -------- d-----w- c:\windows\system32\LogFiles
2009-10-14 17:15 . 2009-10-14 17:15 -------- d-----w- c:\windows\Sun
2009-10-14 17:15 . 2009-10-14 17:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-14 17:15 . 2009-10-14 17:15 -------- d-----w- c:\program files\Java
2009-10-13 15:50 . 2009-10-16 08:51 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-13 15:26 . 2009-10-13 15:26 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-10-13 15:26 . 2009-10-13 15:26 -------- d-----w- c:\program files\ACD Systems
2009-10-13 14:59 . 2009-10-13 14:59 -------- d-----w- c:\windows\system32\AGEIA
2009-10-13 14:59 . 2009-10-13 14:59 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-13 14:59 . 2009-10-13 14:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-13 14:58 . 2009-10-13 14:58 -------- d-----w- c:\windows\nview
2009-10-13 14:58 . 2008-12-25 16:08 453152 ----a-w- c:\windows\system32\nvudisp.exe
2009-10-13 14:58 . 2009-10-13 14:58 -------- d-----w- c:\program files\InstallShield Installation Information
2009-10-13 14:58 . 2008-12-23 19:58 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-10-13 14:58 . 2009-10-13 14:58 -------- d-----w- c:\program files\My Company Name
2009-10-13 14:29 . 2009-10-13 14:30 -------- d-----w- c:\program files\HWiNFO32
2009-10-13 14:20 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-13 14:19 . 2009-10-13 14:19 -------- d-----w- c:\program files\Kolor
2009-10-13 14:14 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-13 14:14 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-13 14:13 . 2009-10-13 14:13 -------- d-----w- c:\program files\iPod
2009-10-13 14:13 . 2009-10-13 14:14 -------- d-----w- c:\program files\iTunes
2009-10-13 14:13 . 2009-10-13 14:13 -------- d-----w- c:\program files\Bonjour
2009-10-13 14:13 . 2009-10-13 14:13 -------- d-----w- c:\program files\QuickTime
2009-10-13 14:12 . 2009-10-13 14:12 -------- d-----w- c:\program files\Apple Software Update
2009-10-13 14:12 . 2009-10-13 14:14 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-13 14:12 . 2009-10-13 14:13 -------- d-----w- c:\program files\Common Files\Apple
2009-10-13 14:02 . 2008-11-24 01:06 129520 ------w- c:\windows\system32\pxafs.dll
2009-10-13 14:02 . 2008-11-24 01:06 120568 ------w- c:\windows\system32\pxcpyi64.exe
2009-10-13 14:02 . 2008-11-24 01:06 118256 ------w- c:\windows\system32\pxinsi64.exe
2009-10-13 13:38 . 2008-11-20 19:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-10-13 13:38 . 2008-11-20 19:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-10-13 12:30 . 2009-10-13 12:30 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-10-13 12:30 . 2009-10-28 15:34 -------- d-----w- c:\program files\Google
2009-10-13 12:03 . 2008-04-13 18:45 6272 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2009-10-13 12:03 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-10-13 12:03 . 2008-04-13 19:17 83072 -c--a-w- c:\windows\system32\dllcache\wdmaud.sys
2009-10-13 12:03 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2009-10-13 12:03 . 2008-04-13 18:45 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
2009-10-13 12:03 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2009-10-13 12:03 . 2008-04-13 18:45 56576 -c--a-w- c:\windows\system32\dllcache\swmidi.sys
2009-10-13 12:03 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2009-10-13 12:03 . 2008-04-13 16:39 142592 -c--a-w- c:\windows\system32\dllcache\aec.sys
2009-10-13 12:03 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2009-10-13 12:02 . 2008-04-13 18:45 172416 -c--a-w- c:\windows\system32\dllcache\kmixer.sys
2009-10-13 12:02 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2009-10-13 12:02 . 2008-04-13 18:45 2944 -c--a-w- c:\windows\system32\dllcache\drmkaud.sys
2009-10-13 12:02 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2009-10-13 12:02 . 2008-04-13 19:15 60800 -c--a-w- c:\windows\system32\dllcache\sysaudio.sys
2009-10-13 12:02 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2009-10-13 12:02 . 2008-04-13 18:39 7552 -c--a-w- c:\windows\system32\dllcache\mskssrv.sys
2009-10-13 12:02 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2009-10-13 12:02 . 2008-04-13 18:39 4992 -c--a-w- c:\windows\system32\dllcache\mspqm.sys
2009-10-13 12:02 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2009-10-13 12:02 . 2008-04-13 18:39 5376 -c--a-w- c:\windows\system32\dllcache\mspclock.sys
2009-10-13 12:02 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2009-10-13 12:00 . 2009-10-13 12:00 -------- d-----w- c:\program files\IDT
2009-10-13 12:00 . 2008-04-10 18:08 212992 ----a-w- c:\windows\system32\stacsv.exe
2009-10-13 12:00 . 2008-04-10 18:06 2129920 ----a-w- c:\windows\system32\stlang.dll
2009-10-13 11:35 . 2009-08-29 07:58 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-13 11:35 . 2009-08-29 07:58 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-13 11:35 . 2009-08-29 07:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-13 11:35 . 2009-08-29 07:58 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-13 11:35 . 2009-08-29 07:58 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-13 11:34 . 2009-10-13 11:34 -------- d-sh--w- c:\documents and settings\Roman\PrivacIE
2009-10-13 11:31 . 2009-10-13 11:31 -------- d-sh--w- c:\documents and settings\Roman\IETldCache
2009-10-13 11:29 . 2009-10-13 14:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-13 11:20 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-10-13 11:20 . 2008-04-07 03:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-10-13 11:15 . 2009-10-13 11:15 -------- d-----w- c:\program files\Adobe Media Player
2009-10-13 11:15 . 2009-10-13 11:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-13 11:11 . 2009-10-13 11:11 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-10-13 11:01 . 2009-10-13 11:01 -------- d-----w- c:\program files\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 10:08 . 2001-10-25 12:00 62982 ----a-w- c:\windows\system32\perfc005.dat
2009-10-29 10:08 . 2001-10-25 12:00 382472 ----a-w- c:\windows\system32\perfh005.dat
2009-10-16 09:50 . 2009-10-13 09:10 -------- d-----w- c:\program files\Microsoft Works
2009-10-13 16:47 . 2009-10-13 09:50 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-13 09:10 . 2009-10-13 09:10 -------- d-----w- c:\program files\MSBuild
2009-10-13 08:59 . 2009-10-13 08:52 -------- d-----w- c:\program files\totalcmd
2009-10-13 08:54 . 2009-10-13 08:54 -------- d-----w- c:\program files\ESET
2009-10-13 08:31 . 2009-10-13 08:31 -------- d-----w- c:\program files\microsoft frontpage
2009-08-06 18:24 . 2004-08-17 13:49 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2009-10-13 08:28 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2009-10-13 08:28 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 18:23 . 2008-10-16 12:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2004-08-17 13:49 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2004-08-17 13:45 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2004-08-17 15:45 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Roman\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-10-13 133104]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-27 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-27 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-27 135168]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-10 413696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-14 30192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-14 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-25 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Roman\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Jalbum\\Jalbum.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 13:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 13:24 93336]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [13.10.2009 15:30 19064]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 13:23 727720]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.10.2009 16:33 133104]
S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [14.10.2009 10:24 30192]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - PCIIDEX_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2
.
Obsah adresáře 'Naplánované úlohy'

2009-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-28 15:33]

2009-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-28 15:33]

2009-10-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-16 20:18]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ctivex.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-AdobeBridge - (no file)
HKLM-Run-Device Detector - DevDetect.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 11:14
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3784)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\ACD Systems\EN\DevDetect.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-10-29 11:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-29 10:16

Před spuštěním: Volných bajtů: 474 014 429 184
Po spuštění: Volných bajtů: 474 454 609 920

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 336F2B36C62B8AD623DB09405460E39C

[roomm]

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 648
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 712
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 736
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 792
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 804
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 980
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1048
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1144
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1224
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1336
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1504
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 272
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 324
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 336
Hidden: No
Window Visible: No

Name: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PID: 424
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 556
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\nvsvc32.exe
PID: 688
Hidden: No
Window Visible: No

Name: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PID: 1704
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PID: 420
Hidden: No
Window Visible: No

Name: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PID: 996
Hidden: No
Window Visible: No

Name: C:\Program Files\IDT\WDM\sttray.exe
PID: 228
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 1624
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\rundll32.exe
PID: 1664
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
PID: 2028
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PID: 2060
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 2168
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PID: 2236
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PID: 2360
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\MI3AA1~1\rapimgr.exe
PID: 2428
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2732
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 3092
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 3152
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\wmiapsrv.exe
PID: 3496
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wscntfy.exe
PID: 3352
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 3784
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
PID: 3988
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
PID: 444
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
PID: 456
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
PID: 3084
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
PID: 2000
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
PID: 3080
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
PID: 2964
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
PID: 704
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
PID: 672
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
PID: 944
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
PID: 660
Hidden: No
Window Visible: No

Name: C:\Program Files\WinRAR\WinRAR.exe
PID: 480
Hidden: No
Window Visible: No

Name: C:\DOCUME~1\Roman\LOCALS~1\Temp\Rar$EX00.968\SysProt\SysProt.exe
PID: 3000
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\DOCUME~1\Roman\LOCALS~1\Temp\Rar$EX00.968\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: B5014000
Module End: B501F000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E4000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E4000
Module End: 80704D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: BA5A8000
Module End: BA5AA000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: BA4B8000
Module End: BA4BB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: B9F79000
Module End: B9FA7000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: BA5AA000
Module End: BA5AC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: B9F68000
Module End: B9F79000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: BA0A8000
Module End: BA0B2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: BA0B8000
Module End: BA0C8000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: BA0C8000
Module End: BA0D6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: BA670000
Module End: BA671000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: BA328000
Module End: BA32F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: BA0D8000
Module End: BA0E3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: B9F49000
Module End: B9F68000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: BA5AC000
Module End: BA5AE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: B9F23000
Module End: B9F49000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: BA330000
Module End: BA335000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: BA0E8000
Module End: BA0F5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: B9F0B000
Module End: B9F23000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: BA0F8000
Module End: BA101000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: BA108000
Module End: BA115000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: B9EEB000
Module End: B9F0B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: B9ED9000
Module End: B9EEB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: BA118000
Module End: BA121000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: B9EC2000
Module End: B9ED9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: B9E35000
Module End: B9EC2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: B9E08000
Module End: B9E35000
Hidden: No

Module Name: Combo-Fix.sys
Service Name: ---
Module Base: BA128000
Module End: BA137000
Hidden: Yes

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: B9DEE000
Module End: B9E08000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Service Name: NIC1394
Module Base: BA148000
Module End: BA158000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: BA2A8000
Module End: BA2B2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: B9530000
Module End: B9B33000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: B951C000
Module End: B9530000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HECI.sys
Service Name: HECI
Module Base: BA2B8000
Module End: BA2C3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: BA2C8000
Module End: BA2D8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: BA59C000
Module End: BA5A0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Service Name: e1express
Module Base: B94DE000
Module End: B951C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: BA450000
Module End: BA456000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: B94BA000
Module End: B94DE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: BA458000
Module End: BA460000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: B9492000
Module End: B94BA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: BA2D8000
Module End: BA2E3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: BA2E8000
Module End: BA2F8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: BA2F8000
Module End: BA307000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: B946F000
Module End: B9492000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: BA460000
Module End: BA466000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: B945B000
Module End: B946F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: BA308000
Module End: BA315000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: BA468000
Module End: BA46E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: BA739000
Module End: BA73A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: BA318000
Module End: BA325000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: BA5A4000
Module End: BA5A7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: B9237000
Module End: B924E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: BA158000
Module End: BA163000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: BA168000
Module End: BA174000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: BA470000
Module End: BA475000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: B9186000
Module End: B9197000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: BA178000
Module End: BA181000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: BA478000
Module End: BA47D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: BA480000
Module End: BA485000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: B9156000
Module End: B9186000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: BA188000
Module End: BA192000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: BA488000
Module End: BA48E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: BA5D8000
Module End: BA5DA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: B90F8000
Module End: B9156000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: B9D9D000
Module End: B9DA1000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: BA198000
Module End: BA1A2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: BA1B8000
Module End: BA1C7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: BA5DA000
Module End: BA5DC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sthda.sys
Service Name: STHDA
Module Base: B6E87000
Module End: B6FB0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: B6E63000
Module End: B6E87000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: BA1C8000
Module End: BA1D7000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: BA5E6000
Module End: BA5E8000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: BA7C1000
Module End: BA7C2000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: BA5E8000
Module End: BA5EA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ehdrv.sys
Service Name: ehdrv
Module Base: B6E1F000
Module End: B6E3B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: BA4A0000
Module End: BA4A7000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: BA4A8000
Module End: BA4AE000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: BA5EA000
Module End: BA5EC000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: BA5EC000
Module End: BA5EE000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: BA4B0000
Module End: BA4B5000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: BA340000
Module End: BA348000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: BA568000
Module End: BA56B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: B6DEC000
Module End: B6DFF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: B6D93000
Module End: B6DEC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: B6D6B000
Module End: B6D93000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: B6D45000
Module End: B6D6B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
Service Name: epfwtdir
Module Base: B6D2C000
Module End: B6D45000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: BA1E8000
Module End: BA1F1000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: B6D0A000
Module End: B6D2C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: BA1F8000
Module End: BA201000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: B6CDF000
Module End: B6D0A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Service Name: Arp1394
Module Base: BA208000
Module End: BA217000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: B6C6F000
Module End: B6CDF000
Hidden: No

Module Name: \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS
Service Name: HWiNFO32
Module Base: BA580000
Module End: BA583000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: BA218000
Module End: BA223000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: BA238000
Module End: BA248000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: usbstor
Module Base: BA390000
Module End: BA397000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: hidusb
Module Base: B90F4000
Module End: B90F7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: BA248000
Module End: BA251000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Service Name: usbprint
Module Base: BA398000
Module End: BA39F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: B90E4000
Module End: B90E8000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B6B8F000
Module End: B6BA7000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA5F8000
Module End: BA5FA000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: B90D8000
Module End: B90DB000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: BA3A0000
Module End: BA3A5000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: BA6E1000
Module End: BA6E2000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: B696B000
Module End: B698F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\eamon.sys
Service Name: eamon
Module Base: B676F000
Module End: B682B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: B686B000
Module End: B686F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: B652A000
Module End: B653F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: B668F000
Module End: B669E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: B6206000
Module End: B6233000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Service Name: ParVdm
Module Base: BA654000
Module End: BA656000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\adfs.SYS
Service Name: adfs
Module Base: B61CD000
Module End: B61DE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: B608B000
Module End: B60DD000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\CLASSPNP_2.sys
Service Name: CLASSPNP_2
Module Base: B5C2B000
Module End: B5C38000
Hidden: Yes

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: B5AD2000
Module End: B5B13000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\PCIIDEX_2.sys
Service Name: PCIIDEX_2
Module Base: BA440000
Module End: BA447000
Hidden: Yes

Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: BA448000
Module End: BA450000
Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Service Name: ---
Module Base: BA5C0000
Module End: BA5C2000
Hidden: Yes

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: B4D19000
Module End: B4D44000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAssignProcessToJobObject
Address: 89CF78A0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: 89CF6CB0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: 89CF70D0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendProcess
Address: 89CF76D0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendThread
Address: 89CF74F0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 89CF6EE0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateThread
Address: 89CF7310
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: GRAFIKA:1189
Remote Address: HB-IN-F147.1E100.NET:HTTPS
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: CLOSE_WAIT

Local Address: GRAFIKA:1187
Remote Address: HB-IN-F147.1E100.NET:HTTPS
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: CLOSE_WAIT

Local Address: GRAFIKA:1185
Remote Address: HB-IN-F147.1E100.NET:HTTPS
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: CLOSE_WAIT

Local Address: GRAFIKA:1167
Remote Address: MU-IN-F139.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: GRAFIKA:1143
Remote Address: 195.113.232.98:HTTP
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: CLOSE_WAIT

Local Address: GRAFIKA:1062
Remote Address: MU-IN-F113.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: GRAFIKA:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: GRAFIKA:30606
Remote Address: LOCALHOST:1192
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: GRAFIKA:30606
Remote Address: LOCALHOST:1190
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: GRAFIKA:30606
Remote Address: LOCALHOST:1188
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: FIN_WAIT2

Local Address: GRAFIKA:30606
Remote Address: LOCALHOST:1186
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: FIN_WAIT2

Local Address: GRAFIKA:30606
Remote Address: LOCALHOST:1184
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: FIN_WAIT2

Local Address: GRAFIKA:30606
Remote Address: LOCALHOST:1176
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: GRAFIKA:30606
Remote Address: LOCALHOST:1166
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: GRAFIKA:30606
Remote Address: LOCALHOST:1142
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: FIN_WAIT2

Local Address: GRAFIKA:30606
Remote Address: LOCALHOST:1061
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: GRAFIKA:30606
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: LISTENING

Local Address: GRAFIKA:27015
Remote Address: LOCALHOST:1031
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: GRAFIKA:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: GRAFIKA:7438
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Microsoft ActiveSync\wcescomm.exe
State: LISTENING

Local Address: GRAFIKA:5679
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Microsoft ActiveSync\wcescomm.exe
State: LISTENING

Local Address: GRAFIKA:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: GRAFIKA:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: GRAFIKA:4664
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
State: LISTENING

Local Address: GRAFIKA:1188
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
State: CLOSE_WAIT

Local Address: GRAFIKA:1186
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
State: CLOSE_WAIT

Local Address: GRAFIKA:1184
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
State: CLOSE_WAIT

Local Address: GRAFIKA:1166
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
State: ESTABLISHED

Local Address: GRAFIKA:1160
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
State: CLOSE_WAIT

Local Address: GRAFIKA:1142
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jusched.exe
State: CLOSE_WAIT

Local Address: GRAFIKA:1139
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
State: CLOSE_WAIT

Local Address: GRAFIKA:1061
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
State: ESTABLISHED

Local Address: GRAFIKA:1032
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: GRAFIKA:1031
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: GRAFIKA:990
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\MI3AA1~1\rapimgr.exe
State: LISTENING

Local Address: GRAFIKA:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: GRAFIKA:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: GRAFIKA:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: GRAFIKA:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: GRAFIKA:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: GRAFIKA:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: GRAFIKA:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: GRAFIKA:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: GRAFIKA:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: GRAFIKA:64612
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: GRAFIKA:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: GRAFIKA:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: GRAFIKA:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: GRAFIKA:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{7FCFF501-1922-42CC-A235-D23C3B80EBAA}
Status: Access denied

[motji]

Start - ovládací panely - možnosti složky - zobrazení - odkrýt skryté a systémové soubory

Dejte soubor otestovat na http://www.virustotal.com

C:\WINDOWS\system32\drivers\PCIIDEX_2.sys
C:\WINDOWS\system32\drivers\CLASSPNP_2.sys

Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.

Kolik máte uživatelských učtů?
Nemohl by jste tu tabulku vyfotit? Objevuje se Vám vždy při vypínání pc?
Když se odhlásíte jen z učtu, objeví se také?

[roomm]

ani jeden z techto souboru nemam ve svem pc ????

[roomm]

mam ty same ale bez 2 na konci

[roomm]

pokusim se to vyfotit a zaslu sem az bude zase na me obrazovce

[motji]

Zkuste cestu k souboru nakopírovat přímo do spodního okénka

[roomm]

DAL jsem otestovat soubor

CLASSPNP.SYS

a zde je vysledek testovani

Soubor classpnp.sys přijatý 2009.11.01 15:24:46 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0%)
Formátované
Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.41 2009.11.01 -
AhnLab-V3 5.0.0.2 2009.10.30 -
AntiVir 7.9.1.53 2009.10.30 -
Antiy-AVL 2.0.3.7 2009.10.30 -
Authentium 5.1.2.4 2009.10.31 -
Avast 4.8.1351.0 2009.11.01 -
AVG 8.5.0.423 2009.11.01 -
BitDefender 7.2 2009.11.01 -
CAT-QuickHeal 10.00 2009.10.31 -
ClamAV 0.94.1 2009.11.01 -
Comodo 2805 2009.11.01 -
DrWeb 5.0.0.12182 2009.11.01 -
eSafe 7.0.17.0 2009.11.01 -
eTrust-Vet 35.1.7094 2009.10.30 -
F-Prot 4.5.1.85 2009.10.31 -
F-Secure 9.0.15370.0 2009.10.30 -
Fortinet 3.120.0.0 2009.11.01 -
GData 19 2009.11.01 -
Ikarus T3.1.1.72.0 2009.11.01 -
Jiangmin 11.0.800 2009.11.01 -
K7AntiVirus 7.10.885 2009.10.31 -
Kaspersky 7.0.0.125 2009.11.01 -
McAfee 5788 2009.10.31 -
McAfee+Artemis 5788 2009.10.31 -
McAfee-GW-Edition 6.8.5 2009.11.01 -
Microsoft 1.5202 2009.11.01 -
NOD32 4562 2009.11.01 -
Norman 6.03.02 2009.11.01 -
nProtect 2009.1.8.0 2009.11.01 -
Panda 10.0.2.2 2009.11.01 -
PCTools 7.0.3.5 2009.10.30 -
Prevx 3.0 2009.11.01 -
Rising 21.53.62.00 2009.11.01 -
Sophos 4.47.0 2009.11.01 -
Sunbelt 3.2.1858.2 2009.10.31 -
Symantec 1.4.4.12 2009.11.01 -
TheHacker 6.5.0.2.058 2009.10.31 -
TrendMicro 8.950.0.1094 2009.11.01 -
VBA32 3.12.10.11 2009.10.30 -
ViRobot 2009.10.31.2015 2009.10.31 -
VirusBuster 4.6.5.0 2009.10.31 -
Rozšiřující informace
File size: 49536 bytes
MD5...: fe47dd8fe6d7768ff94ebec6c74b2719
SHA1..: 8c5c77dd926b64574df1d6b8fd03fd8522704aaf
SHA256: f6da1c222b327198cc316c4ec44f9ecebe1c78ea6adbb3a05456018c9688a4b2
ssdeep: 1536:W9FR01yrgIE1FCb7DuCLP2afmZnFRmRW3HXau4xxl0:4FSOzE1BCLuaAF4U
HXwxxl0
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xae0f
timedatestamp.....: 0x48025c05 (Sun Apr 13 19:16:21 2008)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x62c5 0x6300 6.51 4ad4059d23a54ab8e4c18c2e28de8573
.rdata 0x6680 0x2b4 0x300 4.21 21ba1f1b85434fa4a04d3070ced912b6
.data 0x6980 0x24 0x80 1.51 b768db3a1595b70d18cf5c5bc1e860e3
PAGE 0x6a00 0x3b69 0x3b80 6.39 61a28abb28cbfb615b4ef1eaa714cf1a
.edata 0xa580 0x7bc 0x800 5.11 f91543be80d0d9fe6f429560fc3677f5
PAGE 0xad80 0x60 0x80 2.17 5f8edb37eb36603ae9f827b09bf403c7
INIT 0xae00 0x9e6 0xa00 5.45 81c33b6eca69bbb2d8b054d26714581f
.rsrc 0xb800 0x3f0 0x400 3.36 81c14ca724285023c3f094bcadb94016
.reloc 0xbc00 0x524 0x580 6.37 95915b154676e55553fefef3294548cc

( 2 imports )
> HAL.dll: KfReleaseSpinLock, KfRaiseIrql, KfLowerIrql, KfAcquireSpinLock
> ntoskrnl.exe: ZwClose, RtlQueryRegistryValues, ZwCreateKey, RtlInitUnicodeString, IoOpenDeviceRegistryKey, ZwOpenKey, IoFreeIrp, RtlCompareMemory, IoStopTimer, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, KeQueryTimeIncrement, KeQuerySystemTime, _allmul, IofCallDriver, KeInitializeEvent, MmBuildMdlForNonPagedPool, IoAllocateMdl, IoFreeMdl, RtlFreeUnicodeString, RtlAnsiStringToUnicodeString, IoFreeWorkItem, ObfDereferenceObject, IoBuildDeviceIoControlRequest, IoGetAttachedDeviceReference, KeInitializeMutex, IoAllocateIrp, IoQueueWorkItem, IoAllocateWorkItem, IoStartTimer, IoInitializeTimer, KeSetEvent, IoGetDriverObjectExtension, _allshl, IoStartNextPacket, MmUnlockPages, IoSetDeviceInterfaceState, IoRegisterDeviceInterface, KeInitializeSpinLock, IoInitializeIrp, KefReleaseSpinLockFromDpcLevel, KeBugCheckEx, KeWaitForSingleObject, KeGetCurrentThread, KeSetTimerEx, KeTickCount, IoGetDeviceProperty, IoStartPacket, IoSetHardErrorOrVerifyDevice, ObReferenceObjectByPointer, MmProbeAndLockPages, _alldvrm, IoDeleteDevice, IoDetachDevice, IoInvalidateDeviceRelations, IoWMIRegistrationControl, ZwSetValueKey, RtlInitString, _snprintf, KeInitializeDpc, KeInitializeTimer, KeBugCheck, ObfReferenceObject, KeLeaveCriticalRegion, KeEnterCriticalRegion, KeDelayExecutionThread, _except_handler3, IofCompleteRequest, RtlDeleteRegistryValue, RtlCopyUnicodeString, IoAllocateDriverObjectExtension, IoCreateDevice, IoWMIWriteEvent, InterlockedPopEntrySList, PoStartNextPowerIrp, PoCallDriver, PoSetPowerState, InterlockedPushEntrySList, ExVerifySuite, IoReuseIrp, KeSetTimer, strncmp, RtlWriteRegistryValue, ExDeleteNPagedLookasideList, ExInitializeNPagedLookasideList, KeReleaseMutex, ExAllocatePoolWithTag, IoReportTargetDeviceChangeAsynchronous, KefAcquireSpinLockAtDpcLevel, ExFreePoolWithTag

( 57 exports )
ClassAcquireChildLock, ClassAcquireRemoveLockEx, ClassAsynchronousCompletion, ClassBuildRequest, ClassCheckMediaState, ClassClaimDevice, ClassCleanupMediaChangeDetection, ClassCompleteRequest, ClassCreateDeviceObject, ClassDebugPrint, ClassDeleteSrbLookasideList, ClassDeviceControl, ClassDisableMediaChangeDetection, ClassEnableMediaChangeDetection, ClassFindModePage, ClassForwardIrpSynchronous, ClassGetDescriptor, ClassGetDeviceParameter, ClassGetDriverExtension, ClassGetVpb, ClassInitialize, ClassInitializeEx, ClassInitializeMediaChangeDetection, ClassInitializeSrbLookasideList, ClassInitializeTestUnitPolling, ClassInternalIoControl, ClassInterpretSenseInfo, ClassInvalidateBusRelations, ClassIoComplete, ClassIoCompleteAssociated, ClassMarkChildMissing, ClassMarkChildrenMissing, ClassModeSense, ClassNotifyFailurePredicted, ClassQueryTimeOutRegistryValue, ClassReadDriveCapacity, ClassReleaseChildLock, ClassReleaseQueue, ClassReleaseRemoveLock, ClassRemoveDevice, ClassResetMediaChangeTimer, ClassScanForSpecial, ClassSendDeviceIoControlSynchronous, ClassSendIrpSynchronous, ClassSendSrbAsynchronous, ClassSendSrbSynchronous, ClassSendStartUnit, ClassSetDeviceParameter, ClassSetFailurePredictionPoll, ClassSetMediaChangeState, ClassSignalCompletion, ClassSpinDownPowerHandler, ClassSplitRequest, ClassStopUnitPowerHandler, ClassUpdateInformationInRegistry, ClassWmiCompleteRequest, ClassWmiFireEvent
RDS...: NSRL Reference Data Set
-
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
pdfid.: -
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: SCSI Class System Dll
original name: Classpnp.sys
internal name: Classpnp.sys
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

[roomm]

A jeste test souboru

PCIIDEX.sys

Soubor PCIIDEX.sys přijatý 2009.11.01 15:29:55 (UTC)
Současný stav: Dokončeno
Výsledek: 0/35 (0%)
Formátované
Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.41 2009.11.01 -
AhnLab-V3 5.0.0.2 2009.10.30 -
AntiVir 7.9.1.53 2009.10.30 -
Antiy-AVL 2.0.3.7 2009.10.30 -
Authentium 5.1.2.4 2009.10.31 -
CAT-QuickHeal 10.00 2009.10.31 -
ClamAV 0.94.1 2009.11.01 -
Comodo 2802 2009.11.01 -
DrWeb 5.0.0.12182 2009.11.01 -
eSafe 7.0.17.0 2009.11.01 -
eTrust-Vet 35.1.7094 2009.10.30 -
F-Prot 4.5.1.85 2009.10.31 -
F-Secure 9.0.15370.0 2009.10.30 -
Fortinet 3.120.0.0 2009.11.01 -
GData 19 2009.11.01 -
Jiangmin 11.0.800 2009.11.01 -
K7AntiVirus 7.10.885 2009.10.31 -
Kaspersky 7.0.0.125 2009.11.01 -
McAfee 5788 2009.10.31 -
McAfee+Artemis 5788 2009.10.31 -
McAfee-GW-Edition 6.8.5 2009.11.01 -
Microsoft 1.5202 2009.11.01 -
NOD32 4562 2009.11.01 -
nProtect 2009.1.8.0 2009.11.01 -
PCTools 7.0.3.5 2009.10.30 -
Prevx 3.0 2009.11.01 -
Rising 21.53.62.00 2009.11.01 -
Sophos None 2009.11.01 -
Sunbelt 3.2.1858.2 2009.10.31 -
Symantec 1.4.4.12 2009.11.01 -
TheHacker 6.5.0.2.058 2009.10.31 -
TrendMicro 8.950.0.1094 2009.11.01 -
VBA32 3.12.10.11 2009.10.30 -
ViRobot 2009.10.31.2015 2009.10.31 -
VirusBuster 4.6.5.0 2009.10.31 -
Rozšiřující informace
File size: 24960 bytes
MD5...: 52e60f29221d0d1ac16737e8dbf7c3e9
SHA1..: 0a0ba37b88df275f38606b06361ad3dcad2f2562
SHA256: b541534e0fbdfac858ad9754d1427e8d926a8c548904f6ab6c7a31cdc8b43267
ssdeep: 384:LI8a49KHoGb0vccZZzlx32fiz89ADjXklriaLDuLwc2z1N96Wnjlrj9dWQqJ
wWKz:cT49KHoGO1ouDjqWYewc2r9Vjfqa9l
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5205
timedatestamp.....: 0x4802539d (Sun Apr 13 18:40:29 2008)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
NONPAGE 0x380 0xf24 0xf80 6.14 6dd072ffc658af7005f30e77f32e4f0c
.text 0x1300 0x5ca 0x600 5.88 20e2672032c6292d5dd1d8833cf95b9c
.rdata 0x1900 0x2c4 0x300 4.38 7523e521594a9f397b7341063192405d
.data 0x1c00 0x1d0 0x200 0.63 f94944bff433c8c222e6bb9ff0070b92
PAGE 0x1e00 0x3293 0x3300 6.44 03706ac59843915b5614720f104ce955
.edata 0x5100 0xa4 0x100 3.19 e0e6c35b43ab5b1230027f94f664320a
INIT 0x5200 0x712 0x780 5.22 afce1ed934abd1f64e988af48a3ac1b5
.rsrc 0x5980 0x3f8 0x400 3.40 bfec23551b5dd379d468f4d15317d3ac
.reloc 0x5d80 0x3d8 0x400 5.88 b1026bd97408bde3f2e360dd40c6b93d

( 2 imports )
> ntoskrnl.exe: IoBuildSynchronousFsdRequest, KeInitializeEvent, IoDeleteDevice, IoDetachDevice, IoAttachDeviceToDeviceStack, IoCreateDevice, swprintf, IofCompleteRequest, ObReferenceObjectByPointer, KeInitializeSpinLock, KeQueryTimeIncrement, KeTickCount, IoGetConfigurationInformation, _aulldiv, _allmul, IoConnectInterrupt, IoDisconnectInterrupt, IoInvalidateDeviceState, MmUnmapIoSpace, wcslen, RtlAnsiStringToUnicodeString, RtlInitAnsiString, RtlFindMessage, KeWaitForSingleObject, IoGetAttachedDeviceReference, memmove, IoInvalidateDeviceRelations, ObReferenceObjectByHandle, ZwClose, ZwCreateDirectoryObject, PoCallDriver, PoStartNextPowerIrp, IoFreeIrp, RtlQueryRegistryValues, IoOpenDeviceRegistryKey, IoAllocateDriverObjectExtension, IoAllocateIrp, IoGetDmaAdapter, MmGetPhysicalAddress, IoDeleteController, IoAllocateController, IoFreeController, IoCreateController, PoRequestPowerIrp, PoSetPowerState, KeBugCheckEx, IoGetDriverObjectExtension, RtlInitUnicodeString, RtlUnicodeStringToInteger, ExAllocatePoolWithTag, ExFreePoolWithTag, MmMapIoSpace, HalDispatchTable, IofCallDriver, ObfDereferenceObject, KeSetEvent
> HAL.dll: WRITE_PORT_ULONG, KfRaiseIrql, KfLowerIrql, KeStallExecutionProcessor, KfAcquireSpinLock, KfReleaseSpinLock, READ_PORT_UCHAR, WRITE_PORT_UCHAR, HalAllocateCrashDumpRegisters

( 4 exports )
PciIdeXDebugPrint, PciIdeXGetBusData, PciIdeXInitialize, PciIdeXSetBusData
RDS...: NSRL Reference Data Set
-
pdfid.: -
packers (Kaspersky): PE_Patch
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: PCI IDE Bus Driver Extension
original name: pciidex.sys
internal name: pciidex.sys
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

[motji]

Používáte torrenty nebo něco takového? Vypínejte to před vypnutím počítače.

Ve službách zakažte veškeré sdílení plochy a podobně, vzdálené řízení pc
start - ovládací panely - nástroje pro správu - služby


Odinstalujte combofix přes
Start >> Spustit zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.



Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



Stáhněte Ccleaner,viz můj podpis
-nainstalujte a vyčištěte dočasné soubory, i registry

V logu já nic špatného nevidím, zkuste vypnout ty torrenty a pak napište, zda ta tabulka stále vyskakuje.

[roomm]

Diky, az se hlaska zase objevi vyfotim a poslu. Verim, ze to nebude nic viroveho. Zdravim Roman