Prosím o kontrolu - VIRUS

[korda]

Prosím o kontrolu níže uvedeného logu. V PC byl virus, je to vyléčeno NODem, ale mám pocit, že ještě něco není v pořádku, protože se PC chová divně po spuštění.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kořený at 2010-01-11 15:00:28
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 96 GB (63%) free of 153 GB
Total RAM: 2046 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:41, on 11.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
D:\Programy\Spyware Terminator\sp_rsser.exe
D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Documents and Settings\Kořený\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Kořený.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://tudosearch.com/index.php?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Programy\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/KOEN~1/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/KOEN~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 5659 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\AWC Update.job
C:\WINDOWS\tasks\Driver Robot.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\SLOW-PCfighter.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
D:\Programy\IObit\Advanced SystemCare 3\AWC.exe [2009-01-09 2262352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
D:\Programy\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Digital Patrol Update 5]
D:\Programy\NictaTech Software\Digital Patrol 5\dpatrolu.exe [2008-07-09 492392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
D:\Programy\VistaIcons\VistaIcons.exe [2007-12-16 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-01-12 488984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe [2007-01-12 244512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Programy\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\reset]
regedit /s reset.reg []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2009-12-10 18789920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
D:\Programy\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe [2009-01-06 202064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
D:\Programy\Spyware Terminator\SpywareTerminatorShield.exe [2009-12-30 2166784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-12-30 3037696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-10-20 111928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
D:\Programy\Winamp\winampa.exe [2008-01-15 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
D:\Programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech Desktop Messenger.lnk]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-12-03 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech SetPoint.lnk]
C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-01-30 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^SetPointII.lnk]
C:\PROGRA~1\Logitech\SETPOI~1\SETPOI~1.EXE [2009-07-21 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kořený^Nabídka Start^Programy^Po spuštění^Registrace .lnk]
D:\Hry\EA GAMES\Need for Speed Undercover\Support\EAregister.exe [2008-10-22 4369408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Hry\Starship Troopers\STGame.exe"="D:\Hry\Starship Troopers\STGame.exe:*:Enabled:Starship Troopers E1"
"D:\Hry\Counter-Strike1.6\hl.exe"="D:\Hry\Counter-Strike1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"D:\Hry\Sierra\FEAR\FEAR.exe"="D:\Hry\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR"
"H:\zabava\maniadrive\game\mania_server.exe"="H:\zabava\maniadrive\game\mania_server.exe:*:Enabled:mania_server"
"D:\Hry\Counter-Strike1.6\hltv.exe"="D:\Hry\Counter-Strike1.6\hltv.exe:*:Enabled:HLTV Launcher"
"D:\Hry\OpenArena\ioquake3.x86.exe"="D:\Hry\OpenArena\ioquake3.x86.exe:*:Enabled:ioquake3.x86"
"D:\Hry\Ascaron Entertainment\Sacred Gold\gameserver.exe"="D:\Hry\Ascaron Entertainment\Sacred Gold\gameserver.exe:*:Enabled:Sacred Gameserver"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Programy\ICQ6.5\ICQ.exe"="D:\Programy\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe"="C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404"
"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe"="C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Web ANNO 1404"
"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Benchmark.exe"="C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Benchmark.exe:*:Enabled:Anno 1404 Setup Benchmark"
"D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe"="D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\setupSNK.exe


======List of files/folders created in the last 1 months======

2010-01-11 15:00:29 ----D---- C:\Program Files\trend micro
2010-01-11 15:00:28 ----D---- C:\rsit
2010-01-06 16:43:00 ----D---- C:\Documents and Settings\Kořený\Data aplikací\ZipGenius
2010-01-04 11:19:47 ----D---- C:\WINDOWS\Prefetch
2010-01-03 15:18:25 ----A---- C:\WINDOWS\killproc.exe
2010-01-03 15:17:50 ----A---- C:\WINDOWS\system32\mwnsp.dll
2010-01-03 15:17:50 ----A---- C:\WINDOWS\system32\contfilt.dll
2010-01-03 15:17:31 ----A---- C:\WINDOWS\sporder.dll
2010-01-03 15:17:30 ----A---- C:\WINDOWS\sporder.exe
2010-01-03 15:17:23 ----A---- C:\WINDOWS\system32\UNZDLL.DLL
2010-01-03 15:17:22 ----A---- C:\WINDOWS\system32\ZIPDLL.DLL
2010-01-03 15:17:07 ----A---- C:\WINDOWS\system32\mwtsp.dll
2010-01-03 15:17:06 ----A---- C:\WINDOWS\inst_tsp.exe
2010-01-03 15:16:21 ----D---- C:\WINDOWS\system32\FLCSS.EXE
2010-01-02 12:26:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-01-01 15:09:04 ----AD---- C:\WINDOWS\VDLL.DLL
2010-01-01 15:09:04 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-01-01 15:09:04 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-01-01 15:09:04 ----AD---- C:\WINDOWS\logo_1.exe
2010-01-01 14:30:39 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-01-01 14:30:39 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-01-01 14:30:39 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-01-01 14:30:35 ----D---- C:\Program Files\Common Files\MicroWorld
2010-01-01 14:30:35 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2010-01-01 14:30:35 ----A---- C:\WINDOWS\system32\T.COM
2010-01-01 14:30:35 ----A---- C:\WINDOWS\REGEDIT.COM
2010-01-01 14:30:35 ----A---- C:\WINDOWS\R.COM
2010-01-01 13:54:49 ----A---- C:\WINDOWS\system32\simptcp.dll
2010-01-01 13:02:52 ----A---- C:\WINDOWS\ModemLog_Standardní modem 9 600 bitů za sekundu.txt
2010-01-01 11:49:23 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-01 11:47:57 ----D---- C:\Program Files\Microsoft Works
2010-01-01 11:47:04 ----D---- C:\Program Files\Microsoft.NET
2010-01-01 11:46:36 ----D---- C:\Program Files\Norton Security Scan
2010-01-01 11:46:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skyline
2010-01-01 11:46:00 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-01-01 11:45:09 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Desktopicon
2010-01-01 11:44:48 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-01 11:44:26 ----D---- C:\Program Files\SystemRequirementsLab
2010-01-01 11:44:21 ----D---- C:\WINDOWS\Sun
2010-01-01 01:23:45 ----D---- C:\WINDOWS\system32\KB905474
2010-01-01 01:05:02 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Download Manager
2009-12-31 21:51:19 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Digital Patrol
2009-12-31 21:29:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2009-12-31 11:44:38 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Interactive Studios
2009-12-31 11:43:54 ----D---- C:\Program Files\Interactive Studios
2009-12-30 13:13:58 ----D---- C:\Program Files\WinClamAVShield
2009-12-30 13:10:44 ----D---- C:\Program Files\Crawler
2009-12-30 13:10:40 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Spyware Terminator
2009-12-30 13:10:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2009-12-30 12:44:47 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Blitware
2009-12-30 12:44:39 ----D---- C:\Program Files\Driver Robot
2009-12-30 12:09:35 ----A---- C:\WINDOWS\system32\dbexpsyb.dll
2009-12-28 19:53:45 ----D---- C:\WINDOWS\pss
2009-12-26 12:11:36 ----D---- C:\Program Files\Scorpions WinCheater
2009-12-25 12:33:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\DriverScanner
2009-12-25 12:33:02 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-12-25 11:47:24 ----A---- C:\WINDOWS\vncutil.exe
2009-12-25 11:47:22 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2009-12-25 11:47:22 ----A---- C:\WINDOWS\RtkAudioService.exe
2009-12-25 11:42:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\LogiShrd
2009-12-25 11:36:51 ----A---- C:\WINDOWS\system32\RtNicProp32.dll
2009-12-25 10:51:48 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Glj4cb
2009-12-25 10:36:25 ----A---- C:\WINDOWS\ProductKeyExplorer.INI
2009-12-25 09:53:54 ----A---- C:\WINDOWS\system32\CSVer.dll
2009-12-19 18:04:20 ----D---- C:\Program Files\TeamViewer
2009-12-19 17:03:31 ----D---- C:\Program Files\Fighters
2009-12-19 17:00:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Fighters
2009-12-18 15:14:58 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Ubisoft
2009-12-18 15:04:24 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-12-18 15:04:24 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-12-18 15:04:23 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-12-18 15:04:22 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-12-18 15:04:21 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-12-18 15:04:21 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-12-18 15:04:20 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-12-18 15:04:19 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-12-18 15:04:19 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-12-18 15:04:18 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-12-18 15:04:17 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-12-18 15:04:17 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-12-18 15:04:16 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-12-18 15:04:15 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-12-18 15:04:14 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-12-18 15:04:14 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-12-18 15:04:13 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-12-18 15:04:12 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-12-18 15:04:12 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-12-18 15:04:11 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-12-18 14:59:41 ----D---- C:\Program Files\Ubisoft
2009-12-17 16:40:25 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Thinstall
2009-12-17 15:52:55 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Uniblue
2009-12-14 18:07:45 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-12-14 18:06:29 ----D---- C:\Program Files\MSBuild
2009-12-14 18:03:37 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-12-14 18:02:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2009-12-14 18:01:14 ----RHD---- C:\MSOCache
2009-12-12 19:47:26 ----D---- C:\Program Files\Skyline

======List of files/folders modified in the last 1 months======

2010-01-11 15:00:29 ----RD---- C:\Program Files
2010-01-11 15:00:29 ----D---- C:\WINDOWS\Temp
2010-01-11 14:58:29 ----D---- C:\Program Files\Mozilla Firefox
2010-01-11 14:52:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-11 14:52:32 ----SHD---- C:\System Volume Information
2010-01-11 14:52:32 ----D---- C:\WINDOWS\system32\Restore
2010-01-11 14:24:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-08 07:51:41 ----A---- C:\WINDOWS\win.ini
2010-01-08 07:51:41 ----A---- C:\WINDOWS\system.ini
2010-01-07 15:25:48 ----D---- C:\WINDOWS
2010-01-07 13:52:45 ----HD---- C:\WINDOWS\inf
2010-01-06 16:41:26 ----SHD---- C:\WINDOWS\Installer
2010-01-06 16:41:25 ----SHD---- C:\Config.Msi
2010-01-04 11:25:32 ----D---- C:\WINDOWS\system32\drivers
2010-01-03 16:22:53 ----D---- C:\WINDOWS\system32
2010-01-03 15:18:56 ----D---- C:\Documents and Settings
2010-01-03 14:18:08 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-01 19:20:17 ----A---- C:\WINDOWS\wg2000.ini
2010-01-01 19:20:15 ----A---- C:\WINDOWS\wk2000.ini
2010-01-01 19:20:15 ----A---- C:\WINDOWS\winklav.ini
2010-01-01 14:30:35 ----D---- C:\Program Files\Common Files
2010-01-01 14:04:23 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-01 14:00:03 ----D---- C:\WINDOWS\security
2010-01-01 13:54:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-01 13:54:48 ----D---- C:\WINDOWS\system32\wbem
2010-01-01 12:56:49 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-01-01 11:57:05 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-01 11:54:48 ----D---- C:\WINDOWS\system32\config
2010-01-01 11:54:31 ----D---- C:\WINDOWS\Registration
2010-01-01 11:51:02 ----D---- C:\Program Files\Outlook Express
2010-01-01 11:50:41 ----D---- C:\WINDOWS\AppPatch
2010-01-01 11:50:41 ----D---- C:\Program Files\Messenger
2010-01-01 11:49:48 ----D---- C:\WINDOWS\system32\RTCOM
2010-01-01 11:49:10 ----D---- C:\WINDOWS\system32\DirectX
2010-01-01 11:47:21 ----RSD---- C:\WINDOWS\Fonts
2010-01-01 11:47:04 ----D---- C:\WINDOWS\Media
2010-01-01 11:46:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-01-01 11:46:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2010-01-01 11:46:11 ----D---- C:\Program Files\Common Files\Teleca Shared
2010-01-01 11:46:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
2010-01-01 11:45:58 ----D---- C:\WINDOWS\system32\Adobe
2010-01-01 11:45:37 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-01 11:45:31 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-01 11:45:09 ----D---- C:\Program Files\Ask.com
2010-01-01 11:45:06 ----D---- C:\WINDOWS\Help
2010-01-01 11:44:49 ----D---- C:\Program Files\AGEIA Technologies
2010-01-01 11:44:20 ----D---- C:\Program Files\ICQ6Toolbar
2010-01-01 11:36:50 ----D---- C:\Program Files\NVIDIA Corporation
2010-01-01 11:32:00 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-01 11:31:53 ----D---- C:\Program Files\Common Files\LogiShrd
2010-01-01 11:31:49 ----D---- C:\Program Files\Realtek
2010-01-01 01:24:17 ----A---- C:\WINDOWS\imsins.BAK
2010-01-01 01:23:49 ----D---- C:\WINDOWS\WinSxS
2010-01-01 01:23:45 ----SD---- C:\WINDOWS\Tasks
2010-01-01 00:39:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-01 00:39:01 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-28 20:27:27 ----D---- C:\Documents and Settings\Kořený\Data aplikací\IObit
2009-12-25 11:43:19 ----D---- C:\Program Files\Logitech
2009-12-23 14:34:13 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Canon
2009-12-18 15:03:39 ----RSD---- C:\WINDOWS\assembly
2009-12-14 20:35:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-14 19:23:31 ----SD---- C:\Documents and Settings\Kořený\Data aplikací\Microsoft
2009-12-14 18:10:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-14 18:10:16 ----HD---- C:\WINDOWS\ShellNew
2009-12-14 18:10:03 ----D---- C:\Program Files\Common Files\System
2009-12-14 18:06:22 ----D---- C:\Program Files\Microsoft Office
2009-12-14 18:05:36 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [2009-05-14 55768]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2003-10-10 52128]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 StarOpen;StarBurn StarOpen Driver; \??\C:\WINDOWS\system32\drivers\StarOpen.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-12-18 281760]
R2 eamon;eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfw;epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [2009-05-14 133000]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-12-18 25888]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-12-10 6017568]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-01-23 20496]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-01-23 62992]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-01-23 78864]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-21 10235968]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-01-22 120064]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 CrystalSysInfo;CrystalSysInfo; \??\D:\Programy\MediaCoder\SysInfo.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-06-03 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-06-03 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-06-03 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-06-03 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-06-03 79488]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
S3 WmHidLo;Logitech WingMan USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2004-04-14 14432]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-03 153376]
R2 MWAgent;MWAgent; C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE [2006-03-31 414208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-01-16 66872]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\System32\tcpsvcs.exe [2001-10-25 19456]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; D:\Programy\Spyware Terminator\sp_rsser.exe [2009-12-30 488960]
R2 StarWindService;StarWind iSCSI Service; D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[Unlimited_Killer]

Je tam toho dost, pustíme tam ComboFix.

~~~

Vložte sem log z ComboFix.

Stáhněte a uložte na Plochu ComboFix, poté ho spusťte s administrátorským oprávněním.
Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'. Budete také dotázán na instalaci konzole pro zotavení, klikněte na 'Ano'.
Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat. Váš PC bude pravděpodobně restartován, tak se toho neděste. Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
Po skončení skenu na Vás vypadne log, který vkopírujete sem.

[korda]

Omlouvám se, ale včera mi to už nevyšlo.
Zde je ten log

ComboFix 10-01-11.03 - Kořený 12.01.2010 8:11.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1635 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kořený\Plocha\potvora.exe
AV: Digital Patrol *On-access scanning enabled* (Outdated) {35237DD9-776F-4485-A7AF-729074E24B96}
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\OPTIONS\CABS\_desktop.ini
c:\windows\regedit.com
c:\windows\system32\ieuinit.inf
c:\windows\system32\taskmgr.com
c:\windows\system32\vbzlib1.dll
c:\windows\winsbak.reg
c:\windows\winsbak2.reg
D:\Autorun.inf
D:\install.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-12 do 2010-01-12 )))))))))))))))))))))))))))))))
.

2010-01-11 14:00 . 2010-01-11 14:00 -------- d-----w- c:\program files\trend micro
2010-01-11 14:00 . 2010-01-11 14:00 -------- d-----w- C:\rsit
2010-01-08 07:13 . 2010-01-08 07:13 336 ----a-w- C:\01.reg
2010-01-04 10:22 . 2009-09-02 09:20 652 ----a-w- c:\windows\FIX.reg
2010-01-04 10:22 . 2008-11-01 12:23 280 ----a-w- c:\windows\reset.reg
2010-01-03 14:17 . 2006-07-31 03:12 950272 ----a-w- c:\windows\system32\contfilt.dll
2010-01-03 14:17 . 2006-07-31 02:48 118784 ----a-w- c:\windows\system32\mwnsp.dll
2010-01-03 14:17 . 1997-09-18 05:12 9488 ----a-w- c:\windows\sporder.dll
2010-01-03 14:17 . 1997-09-18 05:12 7680 ----a-w- c:\windows\sporder.exe
2010-01-03 14:17 . 2005-10-09 17:53 125440 ----a-w- c:\windows\system32\UNZDLL.DLL
2010-01-03 14:17 . 2000-04-03 21:00 130560 ----a-w- c:\windows\system32\ZIPDLL.DLL
2010-01-03 14:17 . 2006-07-31 02:52 339968 ----a-w- c:\windows\system32\mwtsp.dll
2010-01-03 14:17 . 2006-07-31 02:52 40448 ----a-w- c:\windows\inst_tsp.exe
2010-01-03 14:16 . 2010-01-03 14:16 -------- d-----w- c:\windows\system32\FLCSS.EXE
2010-01-01 14:09 . 2010-01-01 14:09 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-01 14:09 . 2010-01-01 14:09 -------- d---a-w- c:\windows\system32\runouce.exe
2010-01-01 14:09 . 2010-01-01 14:09 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-01-01 14:09 . 2010-01-01 14:09 -------- d---a-w- c:\windows\logo_1.exe
2010-01-01 13:30 . 2009-12-31 20:30 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-01-01 13:30 . 2009-12-31 20:30 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-01-01 13:30 . 2009-12-31 20:30 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-01-01 13:30 . 2010-01-03 15:07 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-01 13:30 . 2008-04-14 07:52 137216 ----a-w- c:\windows\system32\T.COM
2010-01-01 13:30 . 2008-04-14 07:52 147968 ----a-w- c:\windows\R.COM
2010-01-01 13:02 . 2010-01-01 13:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-01 12:54 . 2001-10-25 14:00 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2010-01-01 12:54 . 2001-10-25 14:00 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2010-01-01 12:54 . 2001-10-25 14:00 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2010-01-01 12:54 . 2001-10-25 14:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2010-01-01 12:54 . 2001-10-25 14:00 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll
2010-01-01 12:54 . 2001-10-25 14:00 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2010-01-01 12:54 . 2001-10-25 14:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2010-01-01 10:54 . 2010-01-01 10:54 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-01 10:47 . 2010-01-01 10:47 -------- d-----w- c:\program files\Microsoft Works
2010-01-01 10:47 . 2010-01-01 10:47 -------- d-----w- c:\program files\Microsoft.NET
2010-01-01 10:46 . 2010-01-01 10:46 -------- d-----w- c:\program files\Norton Security Scan
2010-01-01 10:46 . 2010-01-01 10:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-01 10:44 . 2010-01-06 15:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-01 10:44 . 2010-01-01 10:50 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-01 10:44 . 2010-01-01 10:44 -------- d-----w- c:\windows\Sun
2010-01-01 00:23 . 2010-01-01 10:27 -------- d-----w- c:\windows\system32\KB905474
2009-12-31 10:43 . 2009-12-31 10:43 -------- d-----w- c:\program files\Interactive Studios
2009-12-30 12:13 . 2010-01-01 10:50 -------- d-----w- c:\program files\WinClamAVShield
2009-12-30 12:10 . 2010-01-01 10:30 -------- d-----w- c:\program files\Crawler
2009-12-30 12:10 . 2009-12-30 12:10 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-12-30 11:44 . 2010-01-01 10:50 -------- d-----w- c:\program files\Driver Robot
2009-12-30 11:09 . 2005-12-05 18:25 177152 ----a-w- c:\windows\system32\dbexpsyb.dll
2009-12-26 11:11 . 2009-12-26 11:11 -------- d-----w- c:\program files\Scorpions WinCheater
2009-12-25 10:47 . 2009-12-10 17:00 358944 ----a-w- c:\windows\vncutil.exe
2009-12-25 10:47 . 2009-12-10 17:00 50208 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-12-25 10:47 . 2009-12-10 17:00 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-12-25 10:47 . 2009-11-18 06:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2009-12-25 10:47 . 2009-11-18 06:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2009-12-25 10:44 . 2009-06-17 08:55 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2009-12-25 10:36 . 2009-01-16 21:45 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-12-25 08:53 . 2009-12-14 11:33 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-12-19 17:04 . 2009-12-19 17:04 -------- d-----w- c:\program files\TeamViewer
2009-12-19 16:03 . 2009-12-19 16:03 -------- d-----w- c:\program files\Fighters
2009-12-18 14:15 . 2009-12-18 14:15 -------- d-----w- c:\documents and settings\KoYený
2009-12-18 13:59 . 2009-12-18 13:59 -------- d-----w- c:\program files\Ubisoft
2009-12-14 17:07 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-14 17:07 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-12-14 17:06 . 2009-12-14 17:06 -------- d-----w- c:\program files\MSBuild
2009-12-14 17:03 . 2010-01-01 10:34 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-14 17:01 . 2009-12-14 17:01 -------- d-----r- C:\MSOCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 13:33 . 2010-01-04 13:40 312920 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1029.dat
2010-01-01 10:46 . 2008-04-20 13:09 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-01-01 10:45 . 2009-11-28 20:44 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-01 10:45 . 2008-04-09 14:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-01 10:45 . 2009-11-30 17:45 -------- d-----w- c:\program files\Ask.com
2010-01-01 10:44 . 2008-09-14 08:56 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-01 10:44 . 2009-11-29 09:18 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-01 10:36 . 2009-11-29 18:38 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-01 10:31 . 2008-04-10 06:36 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-01-01 10:31 . 2008-04-09 14:10 -------- d-----w- c:\program files\Realtek
2010-01-01 08:22 . 2001-10-25 10:00 74426 ----a-w- c:\windows\system32\perfc005.dat
2010-01-01 08:22 . 2001-10-25 10:00 401726 ----a-w- c:\windows\system32\perfh005.dat
2009-12-25 10:43 . 2009-12-25 10:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-12-25 10:43 . 2008-04-10 06:34 -------- d-----w- c:\program files\Logitech
2009-12-18 14:04 . 2009-12-04 20:54 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-12-18 14:04 . 2009-12-04 20:54 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-12-12 18:47 . 2009-12-12 18:47 -------- d-----w- c:\program files\Skyline
2009-12-10 19:11 . 2009-12-10 19:11 -------- d-----w- c:\program files\SweetIM
2009-12-10 17:00 . 2008-04-09 14:10 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-12-10 17:00 . 2008-04-09 14:10 1833504 ----a-w- c:\windows\SkyTel.exe
2009-12-10 17:00 . 2008-04-09 14:10 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-12-10 17:00 . 2008-04-09 14:10 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-12-10 17:00 . 2008-04-09 14:10 18789920 ----a-w- c:\windows\RTHDCPL.EXE
2009-12-10 17:00 . 2008-04-09 14:10 2177568 ----a-w- c:\windows\MicCal.exe
2009-12-10 17:00 . 2008-04-09 14:10 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-12-10 17:00 . 2008-04-09 14:10 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-12-10 16:23 . 2008-04-09 14:10 6017568 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-30 17:43 . 2009-11-30 17:43 -------- d-----w- c:\program files\DsNET Corp
2009-11-29 00:45 . 2009-11-29 00:45 2678 ----a-w- c:\windows\java\Packages\Data\Y3HJJ73N.DAT
2009-11-29 00:45 . 2009-11-29 00:45 558142 ----a-w- c:\windows\java\Packages\YU7TFN1B.ZIP
2009-11-29 00:45 . 2009-11-29 00:45 2678 ----a-w- c:\windows\java\Packages\Data\2FPRLZVN.DAT
2009-11-29 00:45 . 2009-11-29 00:45 155995 ----a-w- c:\windows\java\Packages\AV9ZDZLR.ZIP
2009-11-29 00:45 . 2009-11-29 00:45 2678 ----a-w- c:\windows\java\Packages\Data\OPVNXJ5N.DAT
2009-11-29 00:45 . 2009-11-29 00:45 2678 ----a-w- c:\windows\java\Packages\Data\IMNPNN39.DAT
2009-11-29 00:45 . 2009-11-29 00:45 2678 ----a-w- c:\windows\java\Packages\Data\EAFHFVVT.DAT
2009-11-29 00:43 . 2008-04-09 13:42 23544 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-28 20:44 . 2008-07-21 19:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys.15622871
2009-11-28 20:44 . 2008-07-21 19:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys.12395010
2009-11-28 17:30 . 2008-04-09 13:52 15600 ----a-w- c:\windows\gdrv.sys
2009-11-28 17:25 . 2009-11-28 17:25 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-11-28 17:03 . 2008-04-09 13:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-28 17:03 . 2008-04-09 13:44 3038 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-11-28 16:29 . 2008-04-10 06:44 -------- d-----w- c:\program files\ESET
2009-11-28 16:00 . 2009-11-28 16:00 -------- d-----w- c:\program files\Yahoo!
2009-11-28 16:00 . 2009-11-28 16:00 -------- d-----w- c:\program files\GIGABYTE
2009-11-28 09:17 . 2009-11-28 09:17 0 ----a-w- c:\windows\nsreg.dat
2009-11-25 14:48 . 2009-01-10 16:51 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-24 16:40 . 2008-04-09 14:10 838176 ----a-w- c:\windows\RtlExUpd.dll
2009-11-20 19:32 . 2009-11-20 19:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-20 19:32 . 2009-11-20 19:32 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2009-11-20 19:32 . 2009-11-20 19:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 19:32 . 2009-11-20 19:32 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-20 19:32 . 2009-11-20 19:32 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-11-19 20:42 . 2008-04-09 14:37 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-03 16:50 . 2009-11-03 16:50 411368 ----a-w- c:\windows\system32\deploytk.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backupExtension=.CommonStartup
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech Desktop Messenger.lnk]
backupExtension=.CommonStartup
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech SetPoint.lnk]
backupExtension=.CommonStartup
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^SetPointII.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\SetPointII.lnk
backup=c:\windows\pss\SetPointII.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kořený^Nabídka Start^Programy^Po spuštění^Registrace .lnk]
backupExtension=.Startup
backup=c:\windows\pss\Registrace .lnk.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\reset]
regedit [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-01-09 14:54 2262352 ----a-w- d:\programy\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 07:52 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- d:\programy\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Digital Patrol Update 5]
2008-07-09 20:36 492392 ----a-w- d:\programy\NictaTech Software\Digital Patrol 5\dpatrolu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
2007-12-16 15:34 45056 ----a-w- d:\programy\VistaIcons\VistaIcons.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2009-05-14 14:47 2029640 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 15:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-01-23 13:44 101136 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-01-23 13:44 101136 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-01-12 01:09 488984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2007-01-12 01:12 244512 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-11-20 19:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-11-20 19:32 110184 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-04 17:41 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 10:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 09:50 413696 ----a-w- d:\programy\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-12-10 17:00 18789920 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
2009-01-06 10:42 202064 ----a-w- d:\programy\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 14:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2009-12-30 12:10 2166784 ----a-w- d:\programy\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2009-12-30 12:10 3037696 ----a-w- d:\programy\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2009-10-20 12:59 111928 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-01-15 22:54 37376 ----a-w- d:\programy\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Hry\\Starship Troopers\\STGame.exe"=
"d:\\Hry\\Counter-Strike1.6\\hl.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"d:\\Hry\\Sierra\\FEAR\\FEAR.exe"=
"d:\\Hry\\Counter-Strike1.6\\hltv.exe"=
"d:\\Hry\\OpenArena\\ioquake3.x86.exe"=
"d:\\Hry\\Ascaron Entertainment\\Sacred Gold\\gameserver.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programy\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Benchmark.exe"=
"d:\\Programy\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"=

R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [12.2.2009 14:37 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [12.2.2009 14:37 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [30.12.2009 13:10 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [29.11.2009 10:18 222968]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25.12.2009 11:44 10384]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25.12.2009 11:47 1691480]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [28.11.2009 18:25 23600]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-12 c:\windows\Tasks\AWC AutoSweep.job
- d:\programy\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-12-28 10:32]

2010-01-02 c:\windows\Tasks\AWC Update.job
- d:\programy\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-12-28 10:37]

2009-12-31 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2009-12-30 16:29]

2010-01-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-05-06 17:11]

2010-01-12 c:\windows\Tasks\SLOW-PCfighter.job
- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2009-10-21 16:00]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://tudosearch.com/index.php?q=
mStart Page = hxxp://home.sweetim.com
IE: Crawler Search - tbr:iemenu
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Kořený\Data aplikací\Mozilla\Firefox\Profiles\8li8e1st.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2484283&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://thepiratebay.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Kořený\Data aplikací\Mozilla\Firefox\Profiles\8li8e1st.default\extensions\{f92547c0-4afd-4836-80c9-06fa0f86ff11}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Kořený\Data aplikací\Mozilla\Firefox\Profiles\8li8e1st.default\extensions\{f92547c0-4afd-4836-80c9-06fa0f86ff11}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Kořený\Data aplikací\Mozilla\Firefox\Profiles\8li8e1st.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\documents and settings\Kořený\Data aplikací\Mozilla\Firefox\Profiles\8li8e1st.default\extensions\thepiratebay@toolbar\components\toolbarhomewmp.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: d:\programy\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: d:\programy\VideoLAN\VLC\npvlc.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Network Play System (Patching) - c:\program files\Electronic Arts\Network Play System\NPSPatch.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 08:19
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89F134B8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb811cf28
\Driver\ACPI -> ACPI.sys @ 0xb7f7fcb8
\Driver\atapi -> 0x89f134b8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb7ddebb0
PacketIndicateHandler -> NDIS.sys @ 0xb7deba21
SendHandler -> NDIS.sys @ 0xb7dc987b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2500)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Altap Salamander 2.5\plugins\salamext.dll
d:\programy\Zoner\Callisto 4\PROGRAM\fshex40.dll
d:\programy\Zoner\Callisto 4\PROGRAM\FShEx40Res.CZ
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
c:\windows\system32\PnkBstrA.exe
c:\progra~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
d:\programy\Spyware Terminator\sp_rsser.exe
d:\programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
.
**************************************************************************
.
Celkový čas: 2010-01-12 08:21:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-12 07:21

Před spuštěním: Volných bajtů: 99 929 481 216
Po spuštění: Volných bajtů: 99 890 728 960

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B644E4AA126A74B5010CE1144F390E67

[Unlimited_Killer]

Zbytečně tam máte antivir jménem Digital Patrol - když už máte ESS.
Můžete jej odinstalovat.

~~~

Otevřete si Poznámkový blok a zkopírujte do něj

Kód: Vybrat vše

KillAll::

Folder::
c:\program files\Crawler
c:\program files\Ask.com
c:\program files\ICQ6Toolbar
c:\program files\DAEMON Tools Toolbar
C:\program files\Yahoo!
C:\Program Files\SweetIM\Toolbars

File::
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}"=-
"{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\reset]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kořený^Nabídka Start^Programy^Po spuštění^Registrace .lnk]
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

Extra::
DDS::
uDefault_Search_URL = hxxp://tudosearch.com/index.php?q=
mStart Page = hxxp://home.sweetim.com
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FireFox::
FF - ProfilePath - c:\documents and settings\Kořený\Data aplikací\Mozilla\Firefox\Profiles\8li8e1st.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://thepiratebay.toolbarhome.com/sea ... srch=ku&q=
FF - component: c:\documents and settings\Kořený\Data aplikací\Mozilla\Firefox\Profiles\8li8e1st.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
F - component: c:\documents and settings\Kořený\Data aplikací\Mozilla\Firefox\Profiles\8li8e1st.default\extensions\thepiratebay@toolbar\components\toolbarhomewmp.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll

Driver::
ICQ Service
JavaQuickStarterService

uložte to na Plochu jako CFScript.txt Pak jej myší přetáhněte nad ComboFix (!musí být na Ploše!) a pusťte.



ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem dejte log, který na Vás po dočistění vybafne.

~~~

Otestujte na VirusTotal soubory:

Kód: Vybrat vše

c:\windows\system32\dbexpsyb.dll

Jednoduše tam vkopírujete cesty, co jsem napsal do code, když Vám to napíše, že soubor byl testován, dejte otestovat znovu. Poté jsem vložíte linky (odkazy) na jednotlivé testy.

[korda]

ComboFix 10-01-12.04 - Kořený 13.01.2010 8:10.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1654 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kořený\Plocha\potvora.exe
Použité ovládací přepínače :: c:\documents and settings\Kořený\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý


FILE ::
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk"
"c:\windows\tasks\Scheduled Update for Ask Toolbar.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kořený\Data aplikací\Mozilla\Firefox\Profiles\8li8e1st.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
c:\progra~1\Crawler\Toolbar\ctbr.dll
c:\program files\Ask.com
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Crawler
c:\program files\Crawler\Toolbar\adrkeys.dat
c:\program files\Crawler\Toolbar\COMMON_FF.dat
c:\program files\Crawler\Toolbar\confirm.dat
c:\program files\Crawler\Toolbar\ctbcomm.dll
c:\program files\Crawler\Toolbar\ctbr.dll
c:\program files\Crawler\Toolbar\CTConf.dat
c:\program files\Crawler\Toolbar\CTipsDef.dll
c:\program files\Crawler\Toolbar\CToolbar.exe
c:\program files\Crawler\Toolbar\CUpdate.exe
c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
c:\program files\Crawler\Toolbar\firefox\components\xplugin.xpt
c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
c:\program files\Crawler\Toolbar\firefox\components\xshared.xpt
c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
c:\program files\Crawler\Toolbar\firefox\components\xsupport.xpt
c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
c:\program files\Crawler\Toolbar\firefox\chrome.manifest
c:\program files\Crawler\Toolbar\firefox\chrome\common.jar
c:\program files\Crawler\Toolbar\firefox\chrome\stwsg.jar
c:\program files\Crawler\Toolbar\firefox\install.ini
c:\program files\Crawler\Toolbar\firefox\install.rdf
c:\program files\Crawler\Toolbar\firefox\stwsg_ff.ini
c:\program files\Crawler\Toolbar\Languages\STWSG_CS.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_DE.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_EN.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_ES.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_FF.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_FR.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_IT.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_NL.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_PT-BR.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_PT.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_RU.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_CS.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_CS.cab.old
c:\program files\Crawler\Toolbar\Languages\TBR5_DE.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_EN.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_ES.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_FR.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_IT.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_NL.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_PL.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_PT-BR.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_PT.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_RU.cab
c:\program files\Crawler\Toolbar\lookfor.dat
c:\program files\Crawler\Toolbar\majorse.dat
c:\program files\Crawler\Toolbar\rootmenu.dat
c:\program files\Crawler\Toolbar\services.dat
c:\program files\Crawler\Toolbar\stwsg_ff.dat
c:\program files\Crawler\Toolbar\STWSGLanguageAct\info.ini
c:\program files\Crawler\Toolbar\STWSGLanguageAct\language.ini
c:\program files\Crawler\Toolbar\TBR5LanguageAct\info.ini
c:\program files\Crawler\Toolbar\TBR5LanguageAct\language.ini
c:\program files\Crawler\Toolbar\Update\domains.cab
c:\program files\Crawler\Toolbar\Update\domains_021.cab
c:\program files\Crawler\Toolbar\WebSecurityGuard.dll
c:\program files\Crawler\Toolbar\WSGData\domains\domains_000.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_000_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_001.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_001_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_002.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_002_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_003.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_003_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_004.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_004_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_005.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_005_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_006.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_006_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_007.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_007_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_008.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_008_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_009.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_009_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_010.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_010_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_011.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_011_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_012.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_012_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_013.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_013_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_014.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_014_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_015.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_015_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_016.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_016_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_017.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_017_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_018.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_018_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_019.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_019_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_020.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_020_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_021.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_021_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_022.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_022_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_023.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_023_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_024.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_024_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_025.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_025_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_026.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_026_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_027.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_027_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_028.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_028_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_029.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_029_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_030.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_030_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_031.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_031_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_032.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_032_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_033.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_033_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_034.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_034_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_035.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_035_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_036.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_036_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_037.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_037_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\index.dat
c:\program files\Crawler\Toolbar\WSGData\domains\TopList.dat
c:\program files\Crawler\Toolbar\WSGData\g_S-1-5-21-2000478354-261478967-725345543-1003.dat
c:\program files\Crawler\Toolbar\WSGData\ud_S-1-5-21-2000478354-261478967-725345543-1003.dat
c:\program files\Crawler\Toolbar\WSGData\w_S-1-5-21-2000478354-261478967-725345543-1003.dat
c:\program files\Crawler\Toolbar\WSGData\wfilter.dat
c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\DTToolbar.dll
c:\program files\DAEMON Tools Toolbar\Resources\about.ico
c:\program files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
c:\program files\DAEMON Tools Toolbar\Resources\accept.ico
c:\program files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
c:\program files\DAEMON Tools Toolbar\Resources\as.ico
c:\program files\DAEMON Tools Toolbar\Resources\as.png
c:\program files\DAEMON Tools Toolbar\Resources\astro.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_buy.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_download.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_feedback.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_forum.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_home.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_lite.ico
c:\program files\DAEMON Tools Toolbar\Resources\astroburn_site.ico
c:\program files\DAEMON Tools Toolbar\Resources\astroLite_16.ico
c:\program files\DAEMON Tools Toolbar\Resources\az.ico
c:\program files\DAEMON Tools Toolbar\Resources\b1.png
c:\program files\DAEMON Tools Toolbar\Resources\burn_files.ico
c:\program files\DAEMON Tools Toolbar\Resources\burn_image.ico
c:\program files\DAEMON Tools Toolbar\Resources\burn_imgs.ico
c:\program files\DAEMON Tools Toolbar\Resources\BurnImage.ico
c:\program files\DAEMON Tools Toolbar\Resources\buy.ico
c:\program files\DAEMON Tools Toolbar\Resources\Config.ico
c:\program files\DAEMON Tools Toolbar\Resources\d.ico
c:\program files\DAEMON Tools Toolbar\Resources\d2.ico
c:\program files\DAEMON Tools Toolbar\Resources\daemon.ico
c:\program files\DAEMON Tools Toolbar\Resources\daemon_search.ico
c:\program files\DAEMON Tools Toolbar\Resources\daemon_search_site.ico
c:\program files\DAEMON Tools Toolbar\Resources\dot_disabled.bmp
c:\program files\DAEMON Tools Toolbar\Resources\dot_enabled.bmp
c:\program files\DAEMON Tools Toolbar\Resources\dot_on_over.bmp
c:\program files\DAEMON Tools Toolbar\Resources\download.ico
c:\program files\DAEMON Tools Toolbar\Resources\ds.ico
c:\program files\DAEMON Tools Toolbar\Resources\dsearch.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt-home.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_about.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_buy.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_download.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_faq.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_feedback.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_forum.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_line.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_lite.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_manual.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_pro.ico
c:\program files\DAEMON Tools Toolbar\Resources\DTPro.ico
c:\program files\DAEMON Tools Toolbar\Resources\dtt16.ico
c:\program files\DAEMON Tools Toolbar\Resources\dtt32.ico
c:\program files\DAEMON Tools Toolbar\Resources\Dwnl.ico
c:\program files\DAEMON Tools Toolbar\Resources\emulation.ico
c:\program files\DAEMON Tools Toolbar\Resources\favicon.ico
c:\program files\DAEMON Tools Toolbar\Resources\features.ico
c:\program files\DAEMON Tools Toolbar\Resources\feedback.ico
c:\program files\DAEMON Tools Toolbar\Resources\forum.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrix.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrixCristals.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrixDownload.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrixPlayOnline.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrixTop.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameS.ico
c:\program files\DAEMON Tools Toolbar\Resources\games_search.ico
c:\program files\DAEMON Tools Toolbar\Resources\games_search_SA.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameSA.ico
c:\program files\DAEMON Tools Toolbar\Resources\gct16.ico
c:\program files\DAEMON Tools Toolbar\Resources\gd.ico
c:\program files\DAEMON Tools Toolbar\Resources\genre.xml
c:\program files\DAEMON Tools Toolbar\Resources\globe.ico
c:\program files\DAEMON Tools Toolbar\Resources\GrabImage.ico
c:\program files\DAEMON Tools Toolbar\Resources\hb.bmp
c:\program files\DAEMON Tools Toolbar\Resources\hb.ico
c:\program files\DAEMON Tools Toolbar\Resources\help.ico
c:\program files\DAEMON Tools Toolbar\Resources\hide.ico
c:\program files\DAEMON Tools Toolbar\Resources\home.ico
c:\program files\DAEMON Tools Toolbar\Resources\image_search.ico
c:\program files\DAEMON Tools Toolbar\Resources\image_search_SA.ico
c:\program files\DAEMON Tools Toolbar\Resources\ImageS.ico
c:\program files\DAEMON Tools Toolbar\Resources\ImageSA.ico
c:\program files\DAEMON Tools Toolbar\Resources\ip.ico
c:\program files\DAEMON Tools Toolbar\Resources\lang.xml
c:\program files\DAEMON Tools Toolbar\Resources\lingvo.ico
c:\program files\DAEMON Tools Toolbar\Resources\m.ico
c:\program files\DAEMON Tools Toolbar\Resources\mail.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuTr.ico
c:\program files\DAEMON Tools Toolbar\Resources\mount.ico
c:\program files\DAEMON Tools Toolbar\Resources\mount_n_drive.ico
c:\program files\DAEMON Tools Toolbar\Resources\next.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\none.bmp
c:\program files\DAEMON Tools Toolbar\Resources\none_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\op.ico
c:\program files\DAEMON Tools Toolbar\Resources\play.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play.ico
c:\program files\DAEMON Tools Toolbar\Resources\play_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\pragma.ico
c:\program files\DAEMON Tools Toolbar\Resources\prev.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prod.ico
c:\program files\DAEMON Tools Toolbar\Resources\Radio.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioBg.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioE.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioG.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioL.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLM.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioM.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioN.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioR.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioR.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioRM.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioRU.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioW.bmp
c:\program files\DAEMON Tools Toolbar\Resources\rbcheck.ico
c:\program files\DAEMON Tools Toolbar\Resources\rbtxt.ico
c:\program files\DAEMON Tools Toolbar\Resources\refresh.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Rss.ico
c:\program files\DAEMON Tools Toolbar\Resources\Rss1.ico
c:\program files\DAEMON Tools Toolbar\Resources\RssA.ico
c:\program files\DAEMON Tools Toolbar\Resources\RssA1.ico
c:\program files\DAEMON Tools Toolbar\Resources\rssClose.ico
c:\program files\DAEMON Tools Toolbar\Resources\rssL.bmp
c:\program files\DAEMON Tools Toolbar\Resources\rssOpen.ico
c:\program files\DAEMON Tools Toolbar\Resources\RssRefresh.ico
c:\program files\DAEMON Tools Toolbar\Resources\s2.ico
c:\program files\DAEMON Tools Toolbar\Resources\show.ico
c:\program files\DAEMON Tools Toolbar\Resources\size.bmp
c:\program files\DAEMON Tools Toolbar\Resources\size_lr.ico
c:\program files\DAEMON Tools Toolbar\Resources\size_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\size_rl.ico
c:\program files\DAEMON Tools Toolbar\Resources\skins.ico
c:\program files\DAEMON Tools Toolbar\Resources\spt.ico
c:\program files\DAEMON Tools Toolbar\Resources\stop.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop.ico
c:\program files\DAEMON Tools Toolbar\Resources\stop_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\style.ico
c:\program files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
c:\program files\DAEMON Tools Toolbar\Resources\timer.ico
c:\program files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
c:\program files\DAEMON Tools Toolbar\Resources\toolbar.xml
c:\program files\DAEMON Tools Toolbar\Resources\trans.ico
c:\program files\DAEMON Tools Toolbar\Resources\Trash.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\u.ico
c:\program files\DAEMON Tools Toolbar\Resources\unmount-all.ico
c:\program files\DAEMON Tools Toolbar\Resources\vol.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol.ico
c:\program files\DAEMON Tools Toolbar\Resources\vol_back.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_mute.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_mute_check.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\web_resources.ico
c:\program files\DAEMON Tools Toolbar\Resources\web_search.ico
c:\program files\DAEMON Tools Toolbar\Resources\web_search_SA.ico
c:\program files\DAEMON Tools Toolbar\Resources\WebS.ico
c:\program files\DAEMON Tools Toolbar\Resources\WebSa.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi0.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi1.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi10.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi11.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi12.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi13.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi14.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi2.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi3.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi4.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi5.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi6.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi7.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi8.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi9.ico
c:\program files\DAEMON Tools Toolbar\uninst.exe
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\SweetIM\Toolbars
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
c:\program files\Yahoo!
c:\program files\Yahoo!\Companion\Data\dlg_as.html
c:\program files\Yahoo!\Companion\Data\dlg_cnf.html
c:\program files\Yahoo!\Companion\Data\dlg_opt.html
c:\program files\Yahoo!\Companion\Data\dlg_pub.html
c:\program files\Yahoo!\Companion\Data\feed4.data
c:\program files\Yahoo!\Companion\Icons\1.ico
c:\program files\Yahoo!\Companion\Icons\3.ico
c:\program files\Yahoo!\Companion\Icons\4.ico
c:\program files\Yahoo!\Companion\Icons\ybangpurple3.bmp
c:\program files\Yahoo!\Companion\Installs\cpn\INSTALL.LOG
c:\program files\Yahoo!\Companion\Installs\cpn\pubmod.dll
c:\program files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
c:\program files\Yahoo!\Companion\Installs\cpn\ypubc.dll
c:\windows\tasks\Scheduled Update for Ask Toolbar.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Legacy_JAVAQUICKSTARTERSERVICE
-------\Service_ICQ Service
-------\Service_JavaQuickStarterService


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-13 do 2010-01-13 )))))))))))))))))))))))))))))))
.

2010-01-11 14:00 . 2010-01-11 14:00 -------- d-----w- c:\program files\trend micro
2010-01-11 14:00 . 2010-01-11 14:00 -------- d-----w- C:\rsit
2010-01-08 07:13 . 2010-01-08 07:13 336 ----a-w- C:\01.reg
2010-01-04 10:22 . 2009-09-02 09:20 652 ----a-w- c:\windows\FIX.reg
2010-01-04 10:22 . 2008-11-01 12:23 280 ----a-w- c:\windows\reset.reg
2010-01-03 14:17 . 2006-07-31 03:12 950272 ----a-w- c:\windows\system32\contfilt.dll
2010-01-03 14:17 . 2006-07-31 02:48 118784 ----a-w- c:\windows\system32\mwnsp.dll
2010-01-03 14:17 . 1997-09-18 05:12 9488 ----a-w- c:\windows\sporder.dll
2010-01-03 14:17 . 1997-09-18 05:12 7680 ----a-w- c:\windows\sporder.exe
2010-01-03 14:17 . 2005-10-09 17:53 125440 ----a-w- c:\windows\system32\UNZDLL.DLL
2010-01-03 14:17 . 2000-04-03 21:00 130560 ----a-w- c:\windows\system32\ZIPDLL.DLL
2010-01-03 14:17 . 2006-07-31 02:52 339968 ----a-w- c:\windows\system32\mwtsp.dll
2010-01-03 14:17 . 2006-07-31 02:52 40448 ----a-w- c:\windows\inst_tsp.exe
2010-01-03 14:16 . 2010-01-03 14:16 -------- d-----w- c:\windows\system32\FLCSS.EXE
2010-01-01 14:09 . 2010-01-01 14:09 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-01 14:09 . 2010-01-01 14:09 -------- d---a-w- c:\windows\system32\runouce.exe
2010-01-01 14:09 . 2010-01-01 14:09 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-01-01 14:09 . 2010-01-01 14:09 -------- d---a-w- c:\windows\logo_1.exe
2010-01-01 13:30 . 2009-12-31 20:30 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-01-01 13:30 . 2009-12-31 20:30 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-01-01 13:30 . 2009-12-31 20:30 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-01-01 13:30 . 2010-01-03 15:07 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-01 13:30 . 2008-04-14 07:52 137216 ----a-w- c:\windows\system32\T.COM
2010-01-01 13:30 . 2008-04-14 07:52 147968 ----a-w- c:\windows\R.COM
2010-01-01 13:02 . 2010-01-01 13:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-01 12:54 . 2001-10-25 14:00 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2010-01-01 12:54 . 2001-10-25 14:00 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2010-01-01 12:54 . 2001-10-25 14:00 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2010-01-01 12:54 . 2001-10-25 14:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2010-01-01 12:54 . 2001-10-25 14:00 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll
2010-01-01 12:54 . 2001-10-25 14:00 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2010-01-01 12:54 . 2001-10-25 14:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2010-01-01 10:54 . 2010-01-01 10:54 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-01 10:47 . 2010-01-01 10:47 -------- d-----w- c:\program files\Microsoft Works
2010-01-01 10:47 . 2010-01-01 10:47 -------- d-----w- c:\program files\Microsoft.NET
2010-01-01 10:46 . 2010-01-01 10:46 -------- d-----w- c:\program files\Norton Security Scan
2010-01-01 10:46 . 2010-01-01 10:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-01 10:44 . 2010-01-06 15:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-01 10:44 . 2010-01-01 10:50 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-01 10:44 . 2010-01-01 10:44 -------- d-----w- c:\windows\Sun
2010-01-01 00:23 . 2010-01-01 10:27 -------- d-----w- c:\windows\system32\KB905474
2009-12-31 10:43 . 2009-12-31 10:43 -------- d-----w- c:\program files\Interactive Studios
2009-12-30 12:13 . 2010-01-01 10:50 -------- d-----w- c:\program files\WinClamAVShield
2009-12-30 12:10 . 2009-12-30 12:10 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-12-30 11:44 . 2010-01-01 10:50 -------- d-----w- c:\program files\Driver Robot
2009-12-30 11:09 . 2005-12-05 18:25 177152 ----a-w- c:\windows\system32\dbexpsyb.dll
2009-12-26 11:11 . 2009-12-26 11:11 -------- d-----w- c:\program files\Scorpions WinCheater
2009-12-25 10:47 . 2009-12-10 17:00 358944 ----a-w- c:\windows\vncutil.exe
2009-12-25 10:47 . 2009-12-10 17:00 50208 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-12-25 10:47 . 2009-12-10 17:00 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-12-25 10:47 . 2009-11-18 06:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2009-12-25 10:47 . 2009-11-18 06:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2009-12-25 10:44 . 2009-06-17 08:55 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2009-12-25 10:36 . 2009-01-16 21:45 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-12-25 08:53 . 2009-12-14 11:33 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-12-19 17:04 . 2009-12-19 17:04 -------- d-----w- c:\program files\TeamViewer
2009-12-19 16:03 . 2009-12-19 16:03 -------- d-----w- c:\program files\Fighters
2009-12-18 14:15 . 2009-12-18 14:15 -------- d-----w- c:\documents and settings\KoYený
2009-12-18 13:59 . 2009-12-18 13:59 -------- d-----w- c:\program files\Ubisoft
2009-12-14 17:07 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-14 17:07 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-12-14 17:06 . 2009-12-14 17:06 -------- d-----w- c:\program files\MSBuild
2009-12-14 17:03 . 2010-01-01 10:34 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-14 17:01 . 2009-12-14 17:01 -------- d-----r- C:\MSOCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 13:33 . 2010-01-04 13:40 312920 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1029.dat
2010-01-01 10:46 . 2008-04-20 13:09 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-01-01 10:45 . 2008-04-09 14:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-01 10:44 . 2008-09-14 08:56 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-01 10:36 . 2009-11-29 18:38 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-01 10:31 . 2008-04-10 06:36 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-01-01 10:31 . 2008-04-09 14:10 -------- d-----w- c:\program files\Realtek
2010-01-01 08:22 . 2001-10-25 10:00 74426 ----a-w- c:\windows\system32\perfc005.dat
2010-01-01 08:22 . 2001-10-25 10:00 401726 ----a-w- c:\windows\system32\perfh005.dat
2009-12-25 10:43 . 2009-12-25 10:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-12-25 10:43 . 2008-04-10 06:34 -------- d-----w- c:\program files\Logitech
2009-12-18 14:04 . 2009-12-04 20:54 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-12-18 14:04 . 2009-12-04 20:54 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-12-12 18:47 . 2009-12-12 18:47 -------- d-----w- c:\program files\Skyline
2009-12-10 19:11 . 2009-12-10 19:11 -------- d-----w- c:\program files\SweetIM
2009-12-10 17:00 . 2008-04-09 14:10 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-12-10 17:00 . 2008-04-09 14:10 1833504 ----a-w- c:\windows\SkyTel.exe
2009-12-10 17:00 . 2008-04-09 14:10 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-12-10 17:00 . 2008-04-09 14:10 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-12-10 17:00 . 2008-04-09 14:10 18789920 ----a-w- c:\windows\RTHDCPL.EXE
2009-12-10 17:00 . 2008-04-09 14:10 2177568 ----a-w- c:\windows\MicCal.exe
2009-12-10 17:00 . 2008-04-09 14:10 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-12-10 17:00 . 2008-04-09 14:10 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-12-10 16:23 . 2008-04-09 14:10 6017568 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-30 17:43 . 2009-11-30 17:43 -------- d-----w- c:\program files\DsNET Corp
2009-11-29 00:45 . 2009-11-29 00:45 2678 ----a-w- c:\windows\java\Packages\Data\Y3HJJ73N.DAT
2009-11-29 00:45 . 2009-11-29 00:45 558142 ----a-w- c:\windows\java\Packages\YU7TFN1B.ZIP
2009-11-29 00:45 . 2009-11-29 00:45 2678 ----a-w- c:\windows\java\Packages\Data\2FPRLZVN.DAT
2009-11-29 00:45 . 2009-11-29 00:45 155995 ----a-w- c:\windows\java\Packages\AV9ZDZLR.ZIP
2009-11-29 00:45 . 2009-11-29 00:45 2678 ----a-w- c:\windows\java\Packages\Data\OPVNXJ5N.DAT
2009-11-29 00:45 . 2009-11-29 00:45 2678 ----a-w- c:\windows\java\Packages\Data\IMNPNN39.DAT
2009-11-29 00:45 . 2009-11-29 00:45 2678 ----a-w- c:\windows\java\Packages\Data\EAFHFVVT.DAT
2009-11-29 00:43 . 2008-04-09 13:42 23544 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-28 20:44 . 2008-07-21 19:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys.15622871
2009-11-28 20:44 . 2008-07-21 19:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys.12395010
2009-11-28 17:30 . 2008-04-09 13:52 15600 ----a-w- c:\windows\gdrv.sys
2009-11-28 17:25 . 2009-11-28 17:25 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-11-28 17:03 . 2008-04-09 13:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-28 17:03 . 2008-04-09 13:44 3038 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-11-28 16:29 . 2008-04-10 06:44 -------- d-----w- c:\program files\ESET
2009-11-28 16:00 . 2009-11-28 16:00 -------- d-----w- c:\program files\GIGABYTE
2009-11-28 09:17 . 2009-11-28 09:17 0 ----a-w- c:\windows\nsreg.dat
2009-11-25 14:48 . 2009-01-10 16:51 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-24 16:40 . 2008-04-09 14:10 838176 ----a-w- c:\windows\RtlExUpd.dll
2009-11-20 19:32 . 2009-11-20 19:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-20 19:32 . 2009-11-20 19:32 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2009-11-20 19:32 . 2009-11-20 19:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 19:32 . 2009-11-20 19:32 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-20 19:32 . 2009-11-20 19:32 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-11-19 20:42 . 2008-04-09 14:37 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-03 16:50 . 2009-11-03 16:50 411368 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-12_07.19.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-13 07:16 . 2010-01-13 07:16 16384 c:\windows\temp\Perflib_Perfdata_30c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech Desktop Messenger.lnk]
backupExtension=.CommonStartup
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech SetPoint.lnk]
backupExtension=.CommonStartup
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^SetPointII.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\SetPointII.lnk
backup=c:\windows\pss\SetPointII.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-01-09 14:54 2262352 ----a-w- d:\programy\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 07:52 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- d:\programy\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
2007-12-16 15:34 45056 ----a-w- d:\programy\VistaIcons\VistaIcons.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2009-05-14 14:47 2029640 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 15:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-01-23 13:44 101136 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-01-23 13:44 101136 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-01-12 01:09 488984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2007-01-12 01:12 244512 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-11-20 19:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-11-20 19:32 110184 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-04 17:41 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 10:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-12-10 17:00 18789920 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
2009-01-06 10:42 202064 ----a-w- d:\programy\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 14:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2009-12-30 12:10 2166784 ----a-w- d:\programy\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2009-12-30 12:10 3037696 ----a-w- d:\programy\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2009-10-20 12:59 111928 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-01-15 22:54 37376 ----a-w- d:\programy\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Hry\\Starship Troopers\\STGame.exe"=
"d:\\Hry\\Counter-Strike1.6\\hl.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"d:\\Hry\\Sierra\\FEAR\\FEAR.exe"=
"d:\\Hry\\Counter-Strike1.6\\hltv.exe"=
"d:\\Hry\\OpenArena\\ioquake3.x86.exe"=
"d:\\Hry\\Ascaron Entertainment\\Sacred Gold\\gameserver.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programy\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Benchmark.exe"=
"d:\\Programy\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"=

R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [12.2.2009 14:37 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [12.2.2009 14:37 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [30.12.2009 13:10 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25.12.2009 11:44 10384]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25.12.2009 11:47 1691480]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [28.11.2009 18:25 23600]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-13 c:\windows\Tasks\AWC AutoSweep.job
- d:\programy\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-12-28 10:32]

2009-12-31 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2009-12-30 16:29]

2010-01-13 c:\windows\Tasks\SLOW-PCfighter.job
- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2009-10-21 16:00]
.
.
------- Doplňkový sken -------
.
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Kořený\Data aplikací\Mozilla\Firefox\Profiles\8li8e1st.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Kořený\Data aplikací\Mozilla\Firefox\Profiles\8li8e1st.default\extensions\{f92547c0-4afd-4836-80c9-06fa0f86ff11}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Kořený\Data aplikací\Mozilla\Firefox\Profiles\8li8e1st.default\extensions\{f92547c0-4afd-4836-80c9-06fa0f86ff11}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Kořený\Data aplikací\Mozilla\Firefox\Profiles\8li8e1st.default\extensions\thepiratebay@toolbar\components\toolbarhomewmp.dll
FF - plugin: d:\programy\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: d:\programy\VideoLAN\VLC\npvlc.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-Digital Patrol Update 5 - d:\programy\NictaTech Software\Digital Patrol 5\dpatrolu.exe
AddRemove-CToolbar_UNINSTALL - c:\progra~1\Crawler\Toolbar\CToolbar.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 08:18
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8998E790]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb811cf28
\Driver\ACPI -> ACPI.sys @ 0xb7f7fcb8
\Driver\atapi -> 0x8998e790
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb7ddebb0
PacketIndicateHandler -> NDIS.sys @ 0xb7deba21
SendHandler -> NDIS.sys @ 0xb7dc987b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2888)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Altap Salamander 2.5\plugins\salamext.dll
d:\programy\Zoner\Callisto 4\PROGRAM\fshex40.dll
d:\programy\Zoner\Callisto 4\PROGRAM\FShEx40Res.CZ
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\progra~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
c:\windows\system32\PnkBstrA.exe
c:\progra~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
d:\programy\Spyware Terminator\sp_rsser.exe
d:\programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
.
**************************************************************************
.
Celkový čas: 2010-01-13 08:21:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-13 07:21
ComboFix2.txt 2010-01-12 07:21

Před spuštěním: Volných bajtů: 99 901 054 976
Po spuštění: Volných bajtů: 99 839 229 952

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E8A32286BCE7CF2357889D0932AFEDD4

[korda]

http://www.virustotal.com/cs/analisis/b ... 1263367635

http://www.virustotal.com/cs/analisis/b ... 1263368185

[Unlimited_Killer]

Něco je možná v MBR.

~~~

Odinstalujte všechny virtuální mechaniky (Daemon, Alcohol atp.)

~~~

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC

~~~

Stáhněte MBR.exe
Uložte tuto utilitu na Plochu.
Stiskněte Start -> Spustit [Win+R] -> zadejte / vkopírujte následující:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

a stiskněte Enter.
Na ploše se vytvoří textový soubor s názvem mbr.log, jehož obsah mi sem vkopírujete.

~~~

Stáhněte GMER a dvojklikem spusťte.
Několik sekund bude skenovat. Poté klikněte na 'Save' v pravém dolním rohu a uložte první log - ten vložte sem do fóra.
Poté vytvořte druhý log, přičemž se budete řídit tímto návodem. Tento log sem také vložte.

[korda]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89EF3128]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x89ef3128
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

[Unlimited_Killer]

Co ten GMER?

[korda]

Ten GMER mi nějak nefunguje.
Spustím ho, on začne zřejmně něco testovat a pak se sám po chvilce vypne.

Díky moc za ochotu pomoci mi s tímto problémem, ale ten PC není můj. Je to od známého a už by ten PC potřeboval, takže je smířen s tím, že se bude vše instalovat na čisto.

Ještě jednou moc děkuji za snahu.

[Unlimited_Killer]

Snad to již bude hotové...

~~~

Otevřete si Poznámkový blok a zkopírujte do něj

Kód: Vybrat vše

KillAll::

MBR::

uložte to na Plochu jako CFScript.txt Pak jej myší přetáhněte nad ComboFix (!musí být na Ploše!) a pusťte.



ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem dejte log, který na Vás po dočistění vybafne.

~~~

Poté nový RSIT log (ComboFix, co vypadne také).

[korda]

ComboFix 10-01-14.06 - Kořený 15.01.2010 14:24:34.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1652 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kořený\Plocha\potvora.exe
Použité ovládací přepínače :: c:\documents and settings\Kořený\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-15 do 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-14 09:39 . 2010-01-14 09:39 -------- d-----w- c:\program files\Alwil Software
2010-01-11 14:00 . 2010-01-11 14:00 -------- d-----w- c:\program files\trend micro
2010-01-11 14:00 . 2010-01-11 14:00 -------- d-----w- C:\rsit
2010-01-08 07:13 . 2010-01-08 07:13 336 ----a-w- C:\01.reg
2010-01-04 10:22 . 2009-09-02 09:20 652 ----a-w- c:\windows\FIX.reg
2010-01-04 10:22 . 2008-11-01 12:23 280 ----a-w- c:\windows\reset.reg
2010-01-03 14:17 . 2006-07-31 03:12 950272 ----a-w- c:\windows\system32\contfilt.dll
2010-01-03 14:17 . 2006-07-31 02:48 118784 ----a-w- c:\windows\system32\mwnsp.dll
2010-01-03 14:17 . 1997-09-18 05:12 9488 ----a-w- c:\windows\sporder.dll
2010-01-03 14:17 . 1997-09-18 05:12 7680 ----a-w- c:\windows\sporder.exe
2010-01-03 14:17 . 2005-10-09 17:53 125440 ----a-w- c:\windows\system32\UNZDLL.DLL
2010-01-03 14:17 . 2000-04-03 21:00 130560 ----a-w- c:\windows\system32\ZIPDLL.DLL
2010-01-03 14:17 . 2006-07-31 02:52 339968 ----a-w- c:\windows\system32\mwtsp.dll
2010-01-03 14:17 . 2006-07-31 02:52 40448 ----a-w- c:\windows\inst_tsp.exe
2010-01-03 14:16 . 2010-01-03 14:16 -------- d-----w- c:\windows\system32\FLCSS.EXE
2010-01-01 14:09 . 2010-01-01 14:09 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-01 14:09 . 2010-01-01 14:09 -------- d---a-w- c:\windows\system32\runouce.exe
2010-01-01 14:09 . 2010-01-01 14:09 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-01-01 14:09 . 2010-01-01 14:09 -------- d---a-w- c:\windows\logo_1.exe
2010-01-01 13:30 . 2009-12-31 20:30 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-01-01 13:30 . 2009-12-31 20:30 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-01-01 13:30 . 2009-12-31 20:30 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-01-01 13:30 . 2010-01-03 15:07 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-01 13:30 . 2008-04-14 07:52 137216 ----a-w- c:\windows\system32\T.COM
2010-01-01 13:30 . 2008-04-14 07:52 147968 ----a-w- c:\windows\R.COM
2010-01-01 13:02 . 2010-01-01 13:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-01 12:54 . 2001-10-25 14:00 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2010-01-01 12:54 . 2001-10-25 14:00 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2010-01-01 12:54 . 2001-10-25 14:00 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2010-01-01 12:54 . 2001-10-25 14:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2010-01-01 12:54 . 2001-10-25 14:00 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll
2010-01-01 12:54 . 2001-10-25 14:00 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2010-01-01 12:54 . 2001-10-25 14:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2010-01-01 10:54 . 2010-01-01 10:54 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-01 10:47 . 2010-01-01 10:47 -------- d-----w- c:\program files\Microsoft Works
2010-01-01 10:47 . 2010-01-01 10:47 -------- d-----w- c:\program files\Microsoft.NET
2010-01-01 10:46 . 2010-01-01 10:46 -------- d-----w- c:\program files\Norton Security Scan
2010-01-01 10:46 . 2010-01-01 10:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-01 10:44 . 2010-01-06 15:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-01 10:44 . 2010-01-01 10:50 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-01 10:44 . 2010-01-01 10:44 -------- d-----w- c:\windows\Sun
2010-01-01 00:23 . 2010-01-01 10:27 -------- d-----w- c:\windows\system32\KB905474
2009-12-31 10:43 . 2009-12-31 10:43 -------- d-----w- c:\program files\Interactive Studios
2009-12-30 12:13 . 2010-01-01 10:50 -------- d-----w- c:\program files\WinClamAVShield
2009-12-30 12:10 . 2009-12-30 12:10 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-12-30 11:44 . 2010-01-01 10:50 -------- d-----w- c:\program files\Driver Robot
2009-12-30 11:09 . 2005-12-05 18:25 177152 ----a-w- c:\windows\system32\dbexpsyb.dll
2009-12-26 11:11 . 2009-12-26 11:11 -------- d-----w- c:\program files\Scorpions WinCheater
2009-12-25 10:47 . 2009-12-10 17:00 358944 ----a-w- c:\windows\vncutil.exe
2009-12-25 10:47 . 2009-12-10 17:00 50208 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-12-25 10:47 . 2009-12-10 17:00 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-12-25 10:47 . 2009-11-18 06:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2009-12-25 10:47 . 2009-11-18 06:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2009-12-25 10:44 . 2009-06-17 08:55 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2009-12-25 10:36 . 2009-01-16 21:45 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-12-25 08:53 . 2009-12-14 11:33 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-12-19 17:04 . 2009-12-19 17:04 -------- d-----w- c:\program files\TeamViewer
2009-12-19 16:03 . 2009-12-19 16:03 -------- d-----w- c:\program files\Fighters
2009-12-18 14:15 . 2009-12-18 14:15 -------- d-----w- c:\documents and settings\KoYený
2009-12-18 13:59 . 2009-12-18 13:59 -------- d-----w- c:\program files\Ubisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 13:33 . 2010-01-04 13:40 312920 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1029.dat
2010-01-01 10:46 . 2008-04-20 13:09 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-01-01 10:45 . 2008-04-09 14:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-01 10:44 . 2008-09-14 08:56 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-01 10:36 . 2009-11-29 18:38 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-01 10:34 . 2009-12-14 17:03 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-01-01 10:31 . 2008-04-10 06:36 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-01-01 10:31 . 2008-04-09 14:10 -------- d-----w- c:\program files\Realtek
2010-01-01 08:22 . 2001-10-25 10:00 74426 ----a-w- c:\windows\system32\perfc005.dat
2010-01-01 08:22 . 2001-10-25 10:00 401726 ----a-w- c:\windows\system32\perfh005.dat
2009-12-25 10:43 . 2009-12-25 10:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-12-25 10:43 . 2008-04-10 06:34 -------- d-----w- c:\program files\Logitech
2009-12-18 14:04 . 2009-12-04 20:54 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-12-18 14:04 . 2009-12-04 20:54 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-12-14 17:06 . 2009-12-14 17:06 -------- d-----w- c:\program files\MSBuild
2009-12-12 18:47 . 2009-12-12 18:47 -------- d-----w- c:\program files\Skyline
2009-12-10 19:11 . 2009-12-10 19:11 -------- d-----w- c:\program files\SweetIM
2009-12-10 17:00 . 2008-04-09 14:10 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-12-10 17:00 . 2008-04-09 14:10 1833504 ----a-w- c:\windows\SkyTel.exe
2009-12-10 17:00 . 2008-04-09 14:10 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-12-10 17:00 . 2008-04-09 14:10 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-12-10 17:00 . 2008-04-09 14:10 18789920 ----a-w- c:\windows\RTHDCPL.EXE
2009-12-10 17:00 . 2008-04-09 14:10 2177568 ----a-w- c:\windows\MicCal.exe
2009-12-10 17:00 . 2008-04-09 14:10 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-12-10 17:00 . 2008-04-09 14:10 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-12-10 16:23 . 2008-04-09 14:10 6017568 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-30 17:43 . 2009-11-30 17:43 -------- d-----w- c:\program files\DsNET Corp
2009-11-29 00:45 . 2009-11-29 00:45 2678 ----a-w- c:\windows\java\Packages\Data\Y3HJJ73N.DAT
2009-11-29 00:45 . 2009-11-29 00:45 558142 ----a-w- c:\windows\java\Packages\YU7TFN1B.ZIP
2009-11-29 00:45 . 2009-11-29 00:45 2678 ----a-w- c:\windows\java\Packages\Data\2FPRLZVN.DAT
2009-11-29 00:45 . 2009-11-29 00:45 155995 ----a-w- c:\windows\java\Packages\AV9ZDZLR.ZIP
2009-11-29 00:45 . 2009-11-29 00:45 2678 ----a-w- c:\windows\java\Packages\Data\OPVNXJ5N.DAT
2009-11-29 00:45 . 2009-11-29 00:45 2678 ----a-w- c:\windows\java\Packages\Data\IMNPNN39.DAT
2009-11-29 00:45 . 2009-11-29 00:45 2678 ----a-w- c:\windows\java\Packages\Data\EAFHFVVT.DAT
2009-11-29 00:43 . 2008-04-09 13:42 23544 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-28 20:44 . 2008-07-21 19:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys.15622871
2009-11-28 20:44 . 2008-07-21 19:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys.12395010
2009-11-28 17:30 . 2008-04-09 13:52 15600 ----a-w- c:\windows\gdrv.sys
2009-11-28 17:25 . 2009-11-28 17:25 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-11-28 17:03 . 2008-04-09 13:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-28 17:03 . 2008-04-09 13:44 3038 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-11-28 16:29 . 2008-04-10 06:44 -------- d-----w- c:\program files\ESET
2009-11-28 16:00 . 2009-11-28 16:00 -------- d-----w- c:\program files\GIGABYTE
2009-11-28 09:17 . 2009-11-28 09:17 0 ----a-w- c:\windows\nsreg.dat
2009-11-25 14:48 . 2009-01-10 16:51 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-24 16:40 . 2008-04-09 14:10 838176 ----a-w- c:\windows\RtlExUpd.dll
2009-11-20 19:32 . 2009-11-20 19:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-20 19:32 . 2009-11-20 19:32 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2009-11-20 19:32 . 2009-11-20 19:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 19:32 . 2009-11-20 19:32 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-20 19:32 . 2009-11-20 19:32 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-11-19 20:42 . 2008-04-09 14:37 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-03 16:50 . 2009-11-03 16:50 411368 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-12_07.19.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-15 13:29 . 2010-01-15 13:29 16384 c:\windows\temp\Perflib_Perfdata_114.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech Desktop Messenger.lnk]
backupExtension=.CommonStartup
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech SetPoint.lnk]
backupExtension=.CommonStartup
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^SetPointII.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\SetPointII.lnk
backup=c:\windows\pss\SetPointII.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-01-09 14:54 2262352 ----a-w- d:\programy\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 07:52 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
2007-12-16 15:34 45056 ----a-w- d:\programy\VistaIcons\VistaIcons.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2009-05-14 14:47 2029640 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 15:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-01-23 13:44 101136 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-01-23 13:44 101136 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-01-12 01:09 488984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2007-01-12 01:12 244512 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-11-20 19:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-11-20 19:32 110184 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-04 17:41 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 10:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-12-10 17:00 18789920 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
2009-01-06 10:42 202064 ----a-w- d:\programy\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 14:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2009-12-30 12:10 2166784 ----a-w- d:\programy\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2009-12-30 12:10 3037696 ----a-w- d:\programy\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2009-10-20 12:59 111928 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-01-15 22:54 37376 ----a-w- d:\programy\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Hry\\Starship Troopers\\STGame.exe"=
"d:\\Hry\\Counter-Strike1.6\\hl.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"d:\\Hry\\Sierra\\FEAR\\FEAR.exe"=
"d:\\Hry\\Counter-Strike1.6\\hltv.exe"=
"d:\\Hry\\OpenArena\\ioquake3.x86.exe"=
"d:\\Hry\\Ascaron Entertainment\\Sacred Gold\\gameserver.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programy\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Benchmark.exe"=
"d:\\Programy\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"=

R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [12.2.2009 14:37 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [12.2.2009 14:37 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [30.12.2009 13:10 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25.12.2009 11:44 10384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25.12.2009 11:47 1691480]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [28.11.2009 18:25 23600]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-15 c:\windows\Tasks\AWC AutoSweep.job
- d:\programy\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-12-28 10:32]

2009-12-31 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2009-12-30 16:29]

2010-01-15 c:\windows\Tasks\SLOW-PCfighter.job
- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2009-10-21 16:00]
.
.
------- Doplňkový sken -------
.
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Kořený\Data aplikací\Mozilla\Firefox\Profiles\8li8e1st.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://thepiratebay.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Kořený\Data aplikací\Mozilla\Firefox\Profiles\8li8e1st.default\extensions\{f92547c0-4afd-4836-80c9-06fa0f86ff11}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Kořený\Data aplikací\Mozilla\Firefox\Profiles\8li8e1st.default\extensions\{f92547c0-4afd-4836-80c9-06fa0f86ff11}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Kořený\Data aplikací\Mozilla\Firefox\Profiles\8li8e1st.default\extensions\thepiratebay@toolbar\components\toolbarhomewmp.dll
FF - plugin: d:\programy\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: d:\programy\VideoLAN\VLC\npvlc.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-DAEMON Tools Lite - d:\programy\DAEMON Tools Lite\DTLite.exe



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(904)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Altap Salamander 2.5\plugins\salamext.dll
d:\programy\Zoner\Callisto 4\PROGRAM\fshex40.dll
d:\programy\Zoner\Callisto 4\PROGRAM\FShEx40Res.CZ
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\progra~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
c:\windows\system32\PnkBstrA.exe
c:\progra~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
d:\programy\Spyware Terminator\sp_rsser.exe
.
**************************************************************************
.
Celkový čas: 2010-01-15 14:31:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-15 13:31
ComboFix2.txt 2010-01-13 07:21
ComboFix3.txt 2010-01-12 07:21

Před spuštěním: Volných bajtů: 99 588 595 712
Po spuštění: Volných bajtů: 99 549 863 936

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 21B807C35DDBDDFF575C95DA1A0485D9

[korda]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kořený at 2010-01-15 14:42:35
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 95 GB (62%) free of 153 GB
Total RAM: 2046 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42:36, on 15.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
D:\Programy\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Kořený\Plocha\RSIT.exe
C:\Program Files\trend micro\Kořený.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Programy\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/KOEN~1/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/KOEN~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 4427 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\Driver Robot.job
C:\WINDOWS\tasks\SLOW-PCfighter.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
D:\Programy\IObit\Advanced SystemCare 3\AWC.exe [2009-01-09 2262352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
D:\Programy\VistaIcons\VistaIcons.exe [2007-12-16 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-01-12 488984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe [2007-01-12 244512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2009-12-10 18789920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
D:\Programy\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe [2009-01-06 202064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
D:\Programy\Spyware Terminator\SpywareTerminatorShield.exe [2009-12-30 2166784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-12-30 3037696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-10-20 111928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
D:\Programy\Winamp\winampa.exe [2008-01-15 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech Desktop Messenger.lnk]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-12-03 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech SetPoint.lnk]
C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-01-30 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^SetPointII.lnk]
C:\PROGRA~1\Logitech\SETPOI~1\SETPOI~1.EXE [2009-07-21 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Hry\Starship Troopers\STGame.exe"="D:\Hry\Starship Troopers\STGame.exe:*:Enabled:Starship Troopers E1"
"D:\Hry\Counter-Strike1.6\hl.exe"="D:\Hry\Counter-Strike1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"D:\Hry\Sierra\FEAR\FEAR.exe"="D:\Hry\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR"
"D:\Hry\Counter-Strike1.6\hltv.exe"="D:\Hry\Counter-Strike1.6\hltv.exe:*:Enabled:HLTV Launcher"
"D:\Hry\OpenArena\ioquake3.x86.exe"="D:\Hry\OpenArena\ioquake3.x86.exe:*:Enabled:ioquake3.x86"
"D:\Hry\Ascaron Entertainment\Sacred Gold\gameserver.exe"="D:\Hry\Ascaron Entertainment\Sacred Gold\gameserver.exe:*:Enabled:Sacred Gameserver"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Programy\ICQ6.5\ICQ.exe"="D:\Programy\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe"="C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404"
"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe"="C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Web ANNO 1404"
"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Benchmark.exe"="C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Benchmark.exe:*:Enabled:Anno 1404 Setup Benchmark"
"D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe"="D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"

======List of files/folders created in the last 1 months======

2010-01-15 14:31:39 ----A---- C:\ComboFix.txt
2010-01-15 14:28:16 ----D---- C:\WINDOWS\temp
2010-01-15 14:20:12 ----D---- C:\potvora
2010-01-14 10:39:05 ----D---- C:\Program Files\Alwil Software
2010-01-12 08:05:34 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-12 08:05:34 ----A---- C:\WINDOWS\MBR.exe
2010-01-12 08:05:32 ----A---- C:\WINDOWS\zip.exe
2010-01-12 08:05:32 ----A---- C:\WINDOWS\SWREG.exe
2010-01-12 08:05:32 ----A---- C:\WINDOWS\sed.exe
2010-01-12 08:05:32 ----A---- C:\WINDOWS\PEV.exe
2010-01-12 08:05:32 ----A---- C:\WINDOWS\grep.exe
2010-01-12 08:05:31 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-12 08:05:31 ----A---- C:\WINDOWS\SWSC.exe
2010-01-12 08:05:26 ----D---- C:\WINDOWS\ERDNT
2010-01-12 08:04:54 ----AD---- C:\Qoobox
2010-01-11 15:00:29 ----D---- C:\Program Files\trend micro
2010-01-11 15:00:28 ----D---- C:\rsit
2010-01-06 16:43:00 ----D---- C:\Documents and Settings\Kořený\Data aplikací\ZipGenius
2010-01-04 11:19:47 ----D---- C:\WINDOWS\Prefetch
2010-01-03 15:18:25 ----A---- C:\WINDOWS\killproc.exe
2010-01-03 15:17:50 ----A---- C:\WINDOWS\system32\mwnsp.dll
2010-01-03 15:17:50 ----A---- C:\WINDOWS\system32\contfilt.dll
2010-01-03 15:17:31 ----A---- C:\WINDOWS\sporder.dll
2010-01-03 15:17:30 ----A---- C:\WINDOWS\sporder.exe
2010-01-03 15:17:23 ----A---- C:\WINDOWS\system32\UNZDLL.DLL
2010-01-03 15:17:22 ----A---- C:\WINDOWS\system32\ZIPDLL.DLL
2010-01-03 15:17:07 ----A---- C:\WINDOWS\system32\mwtsp.dll
2010-01-03 15:17:06 ----A---- C:\WINDOWS\inst_tsp.exe
2010-01-03 15:16:21 ----D---- C:\WINDOWS\system32\FLCSS.EXE
2010-01-02 12:26:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-01-01 15:09:04 ----AD---- C:\WINDOWS\VDLL.DLL
2010-01-01 15:09:04 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-01-01 15:09:04 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-01-01 15:09:04 ----AD---- C:\WINDOWS\logo_1.exe
2010-01-01 14:30:39 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-01-01 14:30:39 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-01-01 14:30:39 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-01-01 14:30:35 ----D---- C:\Program Files\Common Files\MicroWorld
2010-01-01 14:30:35 ----A---- C:\WINDOWS\system32\T.COM
2010-01-01 14:30:35 ----A---- C:\WINDOWS\R.COM
2010-01-01 13:54:49 ----A---- C:\WINDOWS\system32\simptcp.dll
2010-01-01 13:02:52 ----A---- C:\WINDOWS\ModemLog_Standardní modem 9 600 bitů za sekundu.txt
2010-01-01 11:49:23 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-01 11:47:57 ----D---- C:\Program Files\Microsoft Works
2010-01-01 11:47:04 ----D---- C:\Program Files\Microsoft.NET
2010-01-01 11:46:36 ----D---- C:\Program Files\Norton Security Scan
2010-01-01 11:46:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skyline
2010-01-01 11:46:00 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-01-01 11:45:09 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Desktopicon
2010-01-01 11:44:48 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-01 11:44:26 ----D---- C:\Program Files\SystemRequirementsLab
2010-01-01 11:44:21 ----D---- C:\WINDOWS\Sun
2010-01-01 01:23:45 ----D---- C:\WINDOWS\system32\KB905474
2010-01-01 01:05:02 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Download Manager
2009-12-31 21:29:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2009-12-31 11:44:38 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Interactive Studios
2009-12-31 11:43:54 ----D---- C:\Program Files\Interactive Studios
2009-12-30 13:13:58 ----D---- C:\Program Files\WinClamAVShield
2009-12-30 13:10:40 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Spyware Terminator
2009-12-30 13:10:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2009-12-30 12:44:47 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Blitware
2009-12-30 12:44:39 ----D---- C:\Program Files\Driver Robot
2009-12-30 12:09:35 ----A---- C:\WINDOWS\system32\dbexpsyb.dll
2009-12-28 19:53:45 ----D---- C:\WINDOWS\pss
2009-12-26 12:11:36 ----D---- C:\Program Files\Scorpions WinCheater
2009-12-25 12:33:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\DriverScanner
2009-12-25 12:33:02 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-12-25 11:47:24 ----A---- C:\WINDOWS\vncutil.exe
2009-12-25 11:47:22 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2009-12-25 11:47:22 ----A---- C:\WINDOWS\RtkAudioService.exe
2009-12-25 11:42:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\LogiShrd
2009-12-25 11:36:51 ----A---- C:\WINDOWS\system32\RtNicProp32.dll
2009-12-25 10:51:48 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Glj4cb
2009-12-25 10:36:25 ----A---- C:\WINDOWS\ProductKeyExplorer.INI
2009-12-25 09:53:54 ----A---- C:\WINDOWS\system32\CSVer.dll
2009-12-19 18:04:20 ----D---- C:\Program Files\TeamViewer
2009-12-19 17:03:31 ----D---- C:\Program Files\Fighters
2009-12-19 17:00:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Fighters
2009-12-18 15:14:58 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Ubisoft
2009-12-18 15:04:24 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-12-18 15:04:24 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-12-18 15:04:23 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-12-18 15:04:22 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-12-18 15:04:21 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-12-18 15:04:21 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-12-18 15:04:20 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-12-18 15:04:19 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-12-18 15:04:19 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-12-18 15:04:18 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-12-18 15:04:17 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-12-18 15:04:17 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-12-18 15:04:16 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-12-18 15:04:15 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-12-18 15:04:14 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-12-18 15:04:14 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-12-18 15:04:13 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-12-18 15:04:12 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-12-18 15:04:12 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-12-18 15:04:11 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-12-18 14:59:41 ----D---- C:\Program Files\Ubisoft
2009-12-17 16:40:25 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Thinstall
2009-12-17 15:52:55 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Uniblue

======List of files/folders modified in the last 1 months======

2010-01-15 14:39:43 ----D---- C:\Program Files\Mozilla Firefox
2010-01-15 14:31:41 ----D---- C:\WINDOWS\system32\drivers
2010-01-15 14:30:41 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-15 14:29:51 ----D---- C:\WINDOWS
2010-01-15 14:29:51 ----A---- C:\WINDOWS\system.ini
2010-01-15 14:27:33 ----D---- C:\WINDOWS\system32
2010-01-15 14:27:33 ----D---- C:\WINDOWS\AppPatch
2010-01-15 14:27:31 ----D---- C:\Program Files\Common Files
2010-01-15 14:24:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-15 14:24:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-15 14:21:31 ----D---- C:\WINDOWS\system32\config
2010-01-14 10:39:05 ----RD---- C:\Program Files
2010-01-14 08:43:00 ----SHD---- C:\WINDOWS\Installer
2010-01-14 08:42:42 ----D---- C:\Config.Msi
2010-01-13 08:15:03 ----SD---- C:\WINDOWS\Tasks
2010-01-12 08:02:18 ----A---- C:\WINDOWS\win.ini
2010-01-11 14:52:32 ----SHD---- C:\System Volume Information
2010-01-11 14:52:32 ----D---- C:\WINDOWS\system32\Restore
2010-01-07 13:52:45 ----HD---- C:\WINDOWS\inf
2010-01-03 15:18:56 ----D---- C:\Documents and Settings
2010-01-03 14:18:08 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-01 19:20:17 ----A---- C:\WINDOWS\wg2000.ini
2010-01-01 19:20:15 ----A---- C:\WINDOWS\wk2000.ini
2010-01-01 19:20:15 ----A---- C:\WINDOWS\winklav.ini
2010-01-01 14:04:23 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-01 14:00:03 ----D---- C:\WINDOWS\security
2010-01-01 13:54:48 ----D---- C:\WINDOWS\system32\wbem
2010-01-01 12:56:49 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-01-01 11:57:05 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-01 11:54:31 ----D---- C:\WINDOWS\Registration
2010-01-01 11:51:02 ----D---- C:\Program Files\Outlook Express
2010-01-01 11:50:41 ----D---- C:\Program Files\Messenger
2010-01-01 11:49:48 ----D---- C:\WINDOWS\system32\RTCOM
2010-01-01 11:49:10 ----D---- C:\WINDOWS\system32\DirectX
2010-01-01 11:48:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-01-01 11:47:21 ----RSD---- C:\WINDOWS\Fonts
2010-01-01 11:47:04 ----D---- C:\WINDOWS\Media
2010-01-01 11:46:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-01-01 11:46:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2010-01-01 11:46:11 ----D---- C:\Program Files\Common Files\Teleca Shared
2010-01-01 11:46:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
2010-01-01 11:45:58 ----D---- C:\WINDOWS\system32\Adobe
2010-01-01 11:45:31 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-01 11:45:06 ----D---- C:\WINDOWS\Help
2010-01-01 11:44:49 ----D---- C:\Program Files\AGEIA Technologies
2010-01-01 11:36:50 ----D---- C:\Program Files\NVIDIA Corporation
2010-01-01 11:34:25 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-01-01 11:32:00 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-01 11:31:53 ----D---- C:\Program Files\Common Files\LogiShrd
2010-01-01 11:31:49 ----D---- C:\Program Files\Realtek
2010-01-01 01:24:17 ----A---- C:\WINDOWS\imsins.BAK
2010-01-01 01:23:49 ----D---- C:\WINDOWS\WinSxS
2010-01-01 00:39:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-01 00:39:01 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-28 20:27:27 ----D---- C:\Documents and Settings\Kořený\Data aplikací\IObit
2009-12-25 11:43:19 ----D---- C:\Program Files\Logitech
2009-12-23 14:34:13 ----D---- C:\Documents and Settings\Kořený\Data aplikací\Canon
2009-12-18 15:03:39 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [2009-05-14 55768]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2003-10-10 52128]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 StarOpen;StarBurn StarOpen Driver; \??\C:\WINDOWS\system32\drivers\StarOpen.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-12-18 281760]
R2 eamon;eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfw;epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [2009-05-14 133000]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-12-18 25888]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 catchme;catchme; \??\C:\potvora\catchme.sys []
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-12-10 6017568]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-01-23 20496]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-01-23 62992]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-01-23 78864]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-21 10235968]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-01-22 120064]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 CrystalSysInfo;CrystalSysInfo; \??\D:\Programy\MediaCoder\SysInfo.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-06-03 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-06-03 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-06-03 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-06-03 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-06-03 79488]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
S3 mbr;mbr; \??\C:\DOCUME~1\KOEN~1\LOCALS~1\Temp\mbr.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
S3 WmHidLo;Logitech WingMan USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2004-04-14 14432]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 MWAgent;MWAgent; C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE [2006-03-31 414208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-01-16 66872]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\System32\tcpsvcs.exe [2001-10-25 19456]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; D:\Programy\Spyware Terminator\sp_rsser.exe [2009-12-30 488960]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[Unlimited_Killer]

Vypadá to čistě, ale potřebuju si něco ověřit...

~~~

Odinstalujte všechny virtuální mechaniky (Daemon, Alcohol atp.)

~~~

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC

~~~

Stáhněte MBR.exe
Uložte tuto utilitu na Plochu.
Stiskněte Start -> Spustit [Win+R] -> zadejte / vkopírujte následující:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

a stiskněte Enter.
Na ploše se vytvoří textový soubor s názvem mbr.log, jehož obsah mi sem vkopírujete.

~~~

Stáhněte GMER a dvojklikem spusťte.
Několik sekund bude skenovat. Poté klikněte na 'Save' v pravém dolním rohu a uložte první log - ten vložte sem do fóra.
Poté vytvořte druhý log, přičemž se budete řídit tímto návodem. Tento log sem také vložte.

[korda]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89FDFB08]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x89fdfb08
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !