Resetovani pc

[LauncelotBeauPre]

Caute,

mam problem , když spustim pc nabehne windows a pak plocha tak se zachvili restartuje...nevite cim to je ?

[Unlimited_Killer]

V Nouzovém režimu to nedělá? Pokud, vložte z něj RSIT log.

~~~

Stáhněte a uložte na Plochu RSIT.
Spusťte, nechte v rolovacím menu '1 month' a klikněte na 'Continue'.
Vyčkejte několik vteřin, než se vygeneruje log se jménem log.txt
(pokud nebude log vygenerován, naleznete jej v C:\rsit\log.txt).
Obsah tohoto logu vložte do svého příspěvku.

[LauncelotBeauPre]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Tomáš a Kristýna at 2010-01-11 21:10:27
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 12 GB (16%) free of 76 GB
Total RAM: 511 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:28, on 11.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tomáš a Kristýna\Plocha\RSIT.exe
C:\Program Files\trend micro\Tomáš a Kristýna.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMari.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMari.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
O3 - Toolbar: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMari.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TQGR Agent] C:\WINDOWS\system32\28463\TQGR.exe
O4 - HKLM\..\Run: [SystemKey] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\All Users\Data aplikací\SystemKey\SystemKey.dll" rdl
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [AMTDeviceService] "C:\Program Files\AMT Media Manager\AMTDeviceService.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Myweather] "C:\Program Files\MyFreeWeather\MyWeather.exe" /autorun
O4 - HKCU\..\Run: [qilac] "C:\Documents and Settings\Tomáš a Kristýna\Plocha\qilac.exe"
O4 - HKCU\..\Run: [Hidden Administrator Server] C:\Program Files\Hidden Administrator\ha_server\ha_server.exe
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10204 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{707db484-2428-402d-afb5-d85b387544c7}]
Mario Forever Toolbar - C:\Program Files\Mario_Forever\tbMari.dll [2009-10-27 2325528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-01 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio - C:\WINDOWS\system32\Msdxm6.ocx [2000-04-21 844048]
{707db484-2428-402d-afb5-d85b387544c7} - Mario Forever Toolbar - C:\Program Files\Mario_Forever\tbMari.dll [2009-10-27 2325528]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-28 16248320]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CAMTRAY.EXE [2003-06-26 184320]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-01 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"TQGR Agent"=C:\WINDOWS\system32\28463\TQGR.exe []
"SystemKey"=C:\Documents and Settings\All Users\Data aplikací\SystemKey\SystemKey.dll rdl []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"UVS12 Preload"=C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe [2008-06-09 397456]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]
"UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-07-23 341232]
"AMTDeviceService"=C:\Program Files\AMT Media Manager\AMTDeviceService.exe [2009-01-21 184320]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe [2006-07-11 3144800]
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe [2004-03-11 406016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Myweather"=C:\Program Files\MyFreeWeather\MyWeather.exe /autorun []
"qilac"=C:\Documents and Settings\Tomáš a Kristýna\Plocha\qilac.exe []
"Hidden Administrator Server"=C:\Program Files\Hidden Administrator\ha_server\ha_server.exe []
"FreeCall"=C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe [2009-12-25 9168176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe [2006-07-11 3144800]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Tomáš a Kristýna\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
CamTrack.lnk - C:\Program Files\DigitalPeers\CamTrack\camtrack.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-17 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\QIP Infium JadrisPack\infium.exe"="C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Valve\hlds.exe"="C:\Program Files\Valve\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Program Files\WinPcap\rpcapd.exe"="C:\Program Files\WinPcap\rpcapd.exe:*:Enabled:Remote Packet Capture Daemon"
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Hidden Administrator\ha_server\ha_server.exe"="C:\Program Files\Hidden Administrator\ha_server\ha_server.exe:*:Enabled:Hidden Administrator Server"
"C:\Program Files\Hidden Administrator\ha_client\ha_client.exe"="C:\Program Files\Hidden Administrator\ha_client\ha_client.exe:*:Enabled:Hidden Administrator Client"
"C:\Program Files\Empire of Sports\NetworkDiagnostic.exe"="C:\Program Files\Empire of Sports\NetworkDiagnostic.exe:*:Enabled:Empire of Sports Network Diagnostic"
"C:\Program Files\Empire of Sports\EmpireOfSports.exe"="C:\Program Files\Empire of Sports\EmpireOfSports.exe:*:Enabled:Empire of Sports"
"C:\Python25\python.exe"="C:\Python25\python.exe:*:Enabled:python"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Tomáš a Kristýna\Plocha\lidegw_pythoncore\lidegw.exe"="C:\Documents and Settings\Tomáš a Kristýna\Plocha\lidegw_pythoncore\lidegw.exe:*:Enabled:lidegw"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Documents and Settings\Tomáš a Kristýna\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\Tomáš a Kristýna\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall"
"C:\Documents and Settings\Tomáš a Kristýna\Plocha\keylogger douglas-sasukedll7170\keylogger douglas\Douglas.exe"="C:\Documents and Settings\Tomáš a Kristýna\Plocha\keylogger douglas-sasukedll7170\keylogger douglas\Douglas.exe:*:Enabled:Aplicación MFC GUI"
"C:\Program Files\Call of Duty\CoDMP.exe"="C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program Files\Activision\Thps3\Skate3.exe"="C:\Program Files\Activision\Thps3\Skate3.exe:*:Enabled:THPS3PC"
"C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe"="C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe:*:Enabled:SAMBC"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-01-11 21:07:42 ----D---- C:\Program Files\trend micro
2010-01-11 21:07:41 ----D---- C:\rsit
2010-01-11 21:00:40 ----SHD---- C:\RECYCLER
2010-01-11 20:49:03 ----D---- C:\WINDOWS\temp
2010-01-11 20:37:35 ----A---- C:\WINDOWS\MBR.exe
2010-01-11 20:37:28 ----SD---- C:\ComboFix
2010-01-11 19:26:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-11 16:34:31 ----A---- C:\gpdotdx.exe
2010-01-11 16:29:20 ----A---- C:\WINDOWS\system32\icxuw.exe
2010-01-10 22:28:46 ----D---- C:\Documents and Settings\Tomáš a Kristýna\Data aplikací\proDAD
2010-01-10 22:28:41 ----D---- C:\Program Files\proDAD
2010-01-10 22:28:39 ----A---- C:\WINDOWS\unvise32.exe
2010-01-10 22:28:36 ----D---- C:\Program Files\LooksBuilderSE
2010-01-10 22:28:14 ----RA---- C:\WINDOWS\system32\qtmlClient.dll
2010-01-10 22:28:14 ----A---- C:\WINDOWS\system32\MtxPreview.dll
2010-01-10 22:28:14 ----A---- C:\WINDOWS\system32\MtxParhBFXPreview.dll
2010-01-10 22:28:14 ----A---- C:\WINDOWS\system32\CvoAPI.dll
2010-01-10 22:28:14 ----A---- C:\WINDOWS\Graffiti5.2Pin.ini
2010-01-10 22:27:14 ----D---- C:\Program Files\Boris FX, Inc
2010-01-10 22:03:47 ----D---- C:\Program Files\Common Files\Pinnacle
2010-01-10 22:03:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Ultimate
2010-01-10 21:53:03 ----D---- C:\Program Files\Common Files\Yahoo!
2010-01-10 21:53:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Studio 12
2010-01-10 21:53:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Plus
2010-01-09 10:31:58 ----D---- C:\Program Files\Easy YouTube Downloader
2010-01-07 15:40:46 ----A---- C:\WINDOWS\system32\pvmjpg30.dll
2010-01-07 15:40:46 ----A---- C:\WINDOWS\system32\DiskIO.dll
2010-01-07 15:40:45 ----A---- C:\WINDOWS\system32\LTRPR13n.DLL
2010-01-07 15:40:45 ----A---- C:\WINDOWS\system32\LTRIO13N.DLL
2010-01-07 15:40:45 ----A---- C:\WINDOWS\system32\LTRFD13n.DLL
2010-01-07 15:40:44 ----A---- C:\WINDOWS\system32\ltr13n.dll
2010-01-07 15:40:38 ----A---- C:\WINDOWS\system32\MMAviAx.dll
2010-01-07 15:40:38 ----A---- C:\WINDOWS\system32\Aviprax.dll
2010-01-07 15:40:37 ----A---- C:\WINDOWS\system32\MLPagAx.dll
2010-01-07 15:40:34 ----A---- C:\WINDOWS\system32\LTCLR13s.dll
2010-01-07 15:40:34 ----A---- C:\WINDOWS\system32\lfwmf13s.dll
2010-01-07 15:40:34 ----A---- C:\WINDOWS\system32\lftif13s.dll
2010-01-07 15:40:34 ----A---- C:\WINDOWS\system32\lftga13s.dll
2010-01-07 15:40:34 ----A---- C:\WINDOWS\system32\lfpsd13s.dll
2010-01-07 15:40:34 ----A---- C:\WINDOWS\system32\lfpng13s.dll
2010-01-07 15:40:34 ----A---- C:\WINDOWS\system32\lfpcx13s.dll
2010-01-07 15:40:34 ----A---- C:\WINDOWS\system32\lfpct13s.dll
2010-01-07 15:40:33 ----A---- C:\WINDOWS\system32\lfpcd13s.dll
2010-01-07 15:40:33 ----A---- C:\WINDOWS\system32\LFJ2K13s.dll
2010-01-07 15:40:33 ----A---- C:\WINDOWS\system32\lfgif13s.dll
2010-01-07 15:40:33 ----A---- C:\WINDOWS\system32\lffax13s.dll
2010-01-07 15:40:33 ----A---- C:\WINDOWS\system32\lfeps13s.dll
2010-01-07 15:40:33 ----A---- C:\WINDOWS\system32\LFCMP13s.DLL
2010-01-07 15:40:33 ----A---- C:\WINDOWS\system32\lfbmp13s.dll
2010-01-07 15:39:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\SmartSound Software Inc
2010-01-07 15:39:15 ----D---- C:\Program Files\SmartSound Software
2010-01-07 15:38:20 ----A---- C:\WINDOWS\system32\ATL70.DLL
2010-01-07 15:38:18 ----A---- C:\WINDOWS\VFO.INI
2010-01-07 15:38:11 ----A---- C:\WINDOWS\system32\mase32.dll
2010-01-07 15:38:11 ----A---- C:\WINDOWS\system32\masd32.dll
2010-01-07 15:38:11 ----A---- C:\WINDOWS\system32\mamc32.dll
2010-01-07 15:38:10 ----A---- C:\WINDOWS\system32\macd32.dll
2010-01-07 15:38:10 ----A---- C:\WINDOWS\system32\ma32.dll
2010-01-07 15:37:23 ----A---- C:\WINDOWS\system32\MSVCI70.DLL
2010-01-07 15:37:21 ----A---- C:\WINDOWS\system32\MFC70U.DLL
2010-01-07 15:37:20 ----A---- C:\WINDOWS\system32\PCLEGetGuid.dll
2010-01-07 15:37:20 ----A---- C:\WINDOWS\system32\MFC70.DLL
2010-01-07 15:36:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio
2010-01-07 15:36:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
2010-01-07 15:36:08 ----D---- C:\Program Files\Pinnacle
2010-01-05 20:55:29 ----D---- C:\Program Files\SpacialAudio
2010-01-01 13:36:05 ----A---- C:\WINDOWS\MusicEditor.INI
2009-12-31 12:42:21 ----A---- C:\WINDOWS\Robota.INI
2009-12-31 12:41:38 ----D---- C:\Documents and Settings\Tomáš a Kristýna\Data aplikací\MAGIX
2009-12-31 12:41:22 ----A---- C:\WINDOWS\system32\wmv8dmod.dll
2009-12-31 12:41:22 ----A---- C:\WINDOWS\system32\mpg4c32.dll
2009-12-31 12:39:38 ----A---- C:\WINDOWS\system32\msxml4a.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\TTIC32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\TTI32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\STRING32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\MXRestore.exe
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\mgxcdr.txt
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\mgxasio2.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\DLLTPO32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\DLLRES32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\DLLRD32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\DLLPTL32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\DLLPRJ32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\DLLPRF32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\DLLPNT32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\DLLMSC32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\DLLIX.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\DLLISO32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\DLLIO32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\DLLIMG32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\DLLDRV32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\DLLDIR32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\DLLDEV32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\DLLCPY32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\DLLCDF32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\DLLCDA32.dll
2009-12-31 12:39:35 ----A---- C:\WINDOWS\system32\DLLAV32.dll
2009-12-31 12:38:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\MAGIX
2009-12-31 12:38:27 ----D---- C:\Program Files\MAGIX
2009-12-31 12:38:27 ----A---- C:\WINDOWS\system32\DLLDEV32i.dll
2009-12-31 12:37:59 ----D---- C:\WINDOWS\system32\MAGIX
2009-12-31 12:37:59 ----A---- C:\WINDOWS\system32\mgxoschk.dll
2009-12-31 12:37:59 ----A---- C:\WINDOWS\mgxoschk.ini
2009-12-28 13:33:09 ----D---- C:\WINDOWS\system32\DGL
2009-12-25 21:50:28 ----D---- C:\Program Files\FreeCall.com
2009-12-24 16:45:27 ----A---- C:\WINDOWS\pslabeler3.ini
2009-12-24 16:43:49 ----D---- C:\Program Files\Popisovač CD-DVD
2009-12-23 16:04:54 ----A---- C:\WINDOWS\THPS3.INI
2009-12-23 15:58:15 ----D---- C:\Program Files\Activision
2009-12-23 13:54:53 ----D---- C:\Temp
2009-12-23 12:44:57 ----D---- C:\Program Files\ICQ Update Patch
2009-12-23 12:41:42 ----D---- C:\Documents and Settings\Tomáš a Kristýna\Data aplikací\ICQLite
2009-12-23 12:41:41 ----D---- C:\Program Files\ICQLite
2009-12-13 18:05:14 ----D---- C:\Program Files\Call of Duty
2009-12-13 18:04:12 ----A---- C:\WINDOWS\CoD.INI
2009-12-13 10:58:40 ----D---- C:\Program Files\Movie Player
2009-12-12 11:54:26 ----D---- C:\Program Files\Free Offers from Freeze.com

======List of files/folders modified in the last 1 months======

2010-01-11 21:07:42 ----RD---- C:\Program Files
2010-01-11 21:05:23 ----D---- C:\Program Files\Mozilla Firefox
2010-01-11 21:04:17 ----D---- C:\WINDOWS\system32
2010-01-11 21:04:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-11 21:00:15 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-11 20:58:28 ----D---- C:\WINDOWS
2010-01-11 20:50:59 ----D---- C:\WINDOWS\system32\drivers
2010-01-11 20:50:04 ----D---- C:\WINDOWS\system32\config
2010-01-11 20:49:44 ----D---- C:\WINDOWS\ERDNT
2010-01-11 20:48:40 ----D---- C:\Program Files\Cheat Engine
2010-01-11 20:43:34 ----D---- C:\WINDOWS\AppPatch
2010-01-11 20:43:33 ----D---- C:\Program Files\Common Files
2010-01-11 20:37:58 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-11 20:37:39 ----D---- C:\Qoobox
2010-01-11 20:36:07 ----D---- C:\Documents and Settings
2010-01-11 20:18:51 ----D---- C:\WINDOWS\Minidump
2010-01-11 20:15:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-11 19:54:39 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-01-11 19:47:33 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-11 16:34:35 ----D---- C:\WINDOWS\Prefetch
2010-01-11 01:04:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-10 22:29:36 ----SHD---- C:\WINDOWS\Installer
2010-01-10 22:29:36 ----HD---- C:\Config.Msi
2010-01-10 22:27:14 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-10 22:04:08 ----HD---- C:\WINDOWS\inf
2010-01-10 22:04:07 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-10 22:01:29 ----RSD---- C:\WINDOWS\Fonts
2010-01-10 15:01:08 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-10 01:30:15 ----D---- C:\Documents and Settings\Tomáš a Kristýna\Data aplikací\Skype
2010-01-10 00:09:27 ----D---- C:\Documents and Settings\Tomáš a Kristýna\Data aplikací\skypePM
2010-01-09 21:19:38 ----D---- C:\Media
2010-01-07 20:51:42 ----A---- C:\WINDOWS\wincmd.ini
2010-01-07 15:38:18 ----A---- C:\AUTOEXEC.BAT
2010-01-07 15:37:37 ----D---- C:\WINDOWS\Downloaded Installations
2010-01-03 17:22:48 ----D---- C:\Documents and Settings\Tomáš a Kristýna\Data aplikací\ICQ
2010-01-03 16:56:47 ----D---- C:\Program Files\ICQ6.5
2010-01-02 16:47:50 ----D---- C:\QIP Infium JadrisPack
2010-01-01 13:33:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-31 12:42:45 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-31 12:41:28 ----D---- C:\WINDOWS\Help
2009-12-28 13:35:42 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-12-22 18:00:17 ----D---- C:\Program Files\Warcraft III
2009-12-21 21:56:09 ----D---- C:\Documents and Settings\Tomáš a Kristýna\Data aplikací\TeamViewer
2009-12-21 21:37:48 ----D---- C:\Program Files\TeamViewer
2009-12-21 18:43:21 ----D---- C:\totalcmd
2009-12-15 17:08:39 ----SD---- C:\WINDOWS\Tasks
2009-12-12 11:58:04 ----D---- C:\Documents and Settings\Tomáš a Kristýna\Data aplikací\vlc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-01-10 11264]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
S1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
S1 bbcap;bbcap; C:\WINDOWS\system32\DRIVERS\bbcap.sys [2009-08-21 2944]
S1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
S1 KGootkit;KGootkit; C:\WINDOWS\System32\drivers\KGootkit.sys [2010-01-11 34048]
S1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
S2 bzsodv;bzsodv; \??\C:\WINDOWS\system32\drivers\ucybhxybiiqb.sys []
S2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
S2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-17 1520640]
S3 catchme;catchme; \??\C:\DOCUME~1\TOMAKR~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 dptrackerd;CamTrack Driver; C:\WINDOWS\system32\drivers\dptrackerd.sys [2006-08-24 110080]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-11 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 P1110VID;Creative WebCam NX; C:\WINDOWS\system32\DRIVERS\P1110VID.sys [2003-05-14 90357]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-17 405504]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
S2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-01 152984]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-07-06 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-18 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Unlimited_Killer]

Prosím o log z ComboFixu, který jste očividně dělal.

[LauncelotBeauPre]

ComboFix 10-01-11.01 - Tomáš a Kristýna 11.01.2010 22:15:33.3.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.319 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tomáš a Kristýna\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091018-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\program files\Cheat Engine\dbk32.sys
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\windows\d.ini
c:\windows\explorer.exe.tmp
c:\windows\KB8888239.log
c:\windows\system32\regedit.exe
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ILVMONEYDRIVER53
-------\Service_IlvMoneyDRIVER53
-------\Legacy_DBKDRVR54
-------\Service_DBKDRVR54


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-11 do 2010-01-11 )))))))))))))))))))))))))))))))
.

2010-01-11 21:13 . 2010-01-11 21:13 513024 ----a-w- c:\windows\system32\CF28525.exe
2010-01-11 20:07 . 2010-01-11 20:10 -------- d-----w- c:\program files\trend micro
2010-01-11 20:07 . 2010-01-11 20:08 -------- d-----w- C:\rsit
2010-01-11 18:26 . 2010-01-11 20:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 15:34 . 2010-01-11 15:34 82048 ----a-w- c:\windows\system32\drivers\ucybhxybiiqb.sys
2010-01-11 15:34 . 2010-01-11 15:34 4 ----a-w- c:\program files\2460234.dat
2010-01-11 15:34 . 2010-01-11 15:34 4 ----a-w- c:\program files\2460156.dat
2010-01-11 15:34 . 2010-01-11 15:34 39936 ----a-w- C:\gpdotdx.exe
2010-01-11 15:34 . 2010-01-11 15:34 34048 ----a-w- c:\windows\system32\drivers\KGootkit.sys
2010-01-11 15:29 . 2010-01-11 15:29 7168 ----a-w- c:\windows\system32\icxuw.exe
2010-01-10 21:28 . 2010-01-10 21:28 -------- d-----w- c:\program files\proDAD
2010-01-10 21:28 . 2004-03-29 15:23 90112 ----a-w- c:\windows\unvise32.exe
2010-01-10 21:28 . 2010-01-10 21:28 -------- d-----w- c:\program files\LooksBuilderSE
2010-01-10 21:28 . 2003-07-01 15:49 69632 ----a-w- c:\windows\system32\MtxPreview.dll
2010-01-10 21:28 . 2003-07-01 15:49 49152 ----a-w- c:\windows\system32\MtxParhBFXPreview.dll
2010-01-10 21:28 . 2003-06-26 09:04 237568 ----a-r- c:\windows\system32\qtmlClient.dll
2010-01-10 21:28 . 2003-01-20 08:08 49152 ----a-w- c:\windows\system32\CvoAPI.dll
2010-01-10 21:27 . 2010-01-10 21:28 -------- d-----w- c:\program files\Boris FX, Inc
2010-01-10 21:03 . 2005-09-23 22:18 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2010-01-10 21:03 . 2010-01-10 21:03 -------- d-----w- c:\program files\Common Files\Pinnacle
2010-01-10 20:53 . 2010-01-10 20:53 -------- d-----w- c:\program files\Common Files\Yahoo!
2010-01-09 09:31 . 2010-01-09 09:32 -------- d-----w- c:\program files\Easy YouTube Downloader
2010-01-07 14:43 . 2010-01-10 21:31 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2010-01-07 14:39 . 2010-01-07 14:39 -------- d-----w- c:\program files\SmartSound Software
2010-01-07 14:38 . 2004-07-02 15:28 84992 ----a-w- c:\windows\system32\ATL70.DLL
2010-01-07 14:38 . 2003-11-25 04:02 57856 ----a-w- c:\windows\system32\masd32.dll
2010-01-07 14:38 . 2003-11-25 04:02 138752 ----a-w- c:\windows\system32\mase32.dll
2010-01-07 14:38 . 2003-11-25 04:02 136192 ----a-w- c:\windows\system32\mamc32.dll
2010-01-07 14:38 . 2003-11-25 04:02 27648 ----a-w- c:\windows\system32\ma32.dll
2010-01-07 14:38 . 2003-11-25 04:02 196096 ----a-w- c:\windows\system32\macd32.dll
2010-01-07 14:37 . 2002-01-05 01:38 54784 ----a-w- c:\windows\system32\MSVCI70.DLL
2010-01-07 14:37 . 2002-01-05 02:36 964608 ----a-w- c:\windows\system32\MFC70U.DLL
2010-01-07 14:37 . 2004-01-23 15:44 49152 ----a-w- c:\windows\system32\PCLEGetGuid.dll
2010-01-07 14:37 . 2002-01-05 02:48 974848 ----a-w- c:\windows\system32\MFC70.DLL
2010-01-07 14:36 . 2010-01-10 21:25 -------- d-----w- c:\program files\Pinnacle
2010-01-07 14:35 . 2005-02-09 10:59 14165 ----a-w- c:\windows\system32\drivers\Pclepci.sys
2010-01-05 19:55 . 2010-01-05 19:55 -------- d-----w- c:\program files\SpacialAudio
2009-12-31 11:41 . 2001-05-16 16:54 309616 ----a-w- c:\windows\system32\wmv8dmod.dll
2009-12-31 11:41 . 2001-05-11 12:18 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2009-12-31 11:38 . 2009-12-31 11:40 -------- d-----w- c:\program files\MAGIX
2009-12-31 11:38 . 2007-04-27 08:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2009-12-31 11:37 . 2009-12-31 11:40 -------- d-----w- c:\windows\system32\MAGIX
2009-12-31 11:37 . 2008-04-15 14:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2009-12-28 12:33 . 2010-01-11 19:14 -------- d-----w- c:\windows\system32\DGL
2009-12-25 20:50 . 2009-12-25 20:50 -------- d-----w- c:\program files\FreeCall.com
2009-12-24 15:43 . 2009-12-26 15:02 -------- d-----w- c:\program files\Popisovač CD-DVD
2009-12-23 14:58 . 2009-12-23 14:58 -------- d-----w- c:\program files\Activision
2009-12-23 12:54 . 2009-12-23 12:54 -------- d-----w- C:\Temp
2009-12-23 11:44 . 2009-12-23 11:44 -------- d-----w- c:\program files\ICQ Update Patch
2009-12-23 11:41 . 2010-01-03 15:58 -------- d-----w- c:\program files\ICQLite
2009-12-13 17:05 . 2009-12-29 12:09 -------- d-----w- c:\program files\Call of Duty
2009-12-13 09:58 . 2009-12-13 09:59 -------- d-----w- c:\program files\Movie Player

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 20:19 . 2009-07-19 12:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-11 20:04 . 2008-04-14 12:00 91360 ----a-w- c:\windows\system32\perfc005.dat
2010-01-11 20:04 . 2008-04-14 12:00 452550 ----a-w- c:\windows\system32\perfh005.dat
2010-01-11 19:48 . 2009-08-13 18:59 -------- d-----w- c:\program files\Cheat Engine
2010-01-11 19:14 . 2009-12-12 10:54 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-01-10 21:27 . 2009-06-22 16:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 15:56 . 2009-06-29 18:05 -------- d-----w- c:\program files\ICQ6.5
2009-12-22 17:00 . 2009-08-12 14:23 -------- d-----w- c:\program files\Warcraft III
2009-12-21 20:37 . 2009-07-14 13:21 -------- d-----w- c:\program files\TeamViewer
2009-12-05 13:43 . 2009-12-05 13:43 -------- d-----w- c:\program files\AMT Media Manager
2009-11-27 12:38 . 2009-06-28 18:01 -------- d-----r- c:\program files\Skype
2009-11-27 12:38 . 2009-11-27 12:38 -------- d-----w- c:\program files\Common Files\Skype
2009-11-21 18:10 . 2009-11-21 18:08 -------- d-----w- c:\program files\AMR Player
2009-11-17 18:50 . 2009-10-25 16:23 -------- d-----w- c:\program files\softendo.com
2009-11-06 13:26 . 2009-11-06 13:27 737280 ----a-w- c:\windows\iun6002.exe
2009-10-17 10:02 . 2009-10-17 10:02 118784 ----a-w- c:\windows\dsdxirmv.exe
2009-08-31 15:55 . 2009-10-05 22:05 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2009-08-03 . 9467686B82BA152BCA92E7B4848B43B5 . 30208 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{707db484-2428-402d-afb5-d85b387544c7}"= "c:\program files\Mario_Forever\tbMari.dll" [2009-10-27 2325528]

[HKEY_CLASSES_ROOT\clsid\{707db484-2428-402d-afb5-d85b387544c7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{707db484-2428-402d-afb5-d85b387544c7}]
2009-10-27 10:45 2325528 ----a-w- c:\program files\Mario_Forever\tbMari.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{707db484-2428-402d-afb5-d85b387544c7}"= "c:\program files\Mario_Forever\tbMari.dll" [2009-10-27 2325528]

[HKEY_CLASSES_ROOT\clsid\{707db484-2428-402d-afb5-d85b387544c7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{707DB484-2428-402D-AFB5-D85B387544C7}"= "c:\program files\Mario_Forever\tbMari.dll" [2009-10-27 2325528]

[HKEY_CLASSES_ROOT\clsid\{707db484-2428-402d-afb5-d85b387544c7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"FreeCall"="c:\program files\FreeCall.com\FreeCall\FreeCall.exe" [2009-12-25 9168176]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="c:\program files\ICQLite\ICQLite.exe" [2006-07-11 3144800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 184320]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-01 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 341232]
"AMTDeviceService"="c:\program files\AMT Media Manager\AMTDeviceService.exe" [2009-01-21 184320]
"ICQ Lite"="c:\program files\ICQLite\ICQLite.exe" [2006-07-11 3144800]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-08-03 30208]

c:\documents and settings\Tom ç a Kristěna\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2009-10-29 376832]

c:\documents and settings\Default User\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2009-10-29 376832]

c:\documents and settings\Tom ç a Kristěna\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2009-10-29 376832]

c:\documents and settings\Tom ç a Kristěna\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2009-10-29 376832]

c:\documents and settings\Administrator.POCITAC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2009-10-29 376832]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

c:\documents and settings\Tom ç a Kristěna\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2009-10-29 376832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\QIP Infium JadrisPack\\infium.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Empire of Sports\\NetworkDiagnostic.exe"=
"c:\\Program Files\\Empire of Sports\\EmpireOfSports.exe"=
"c:\\Python25\\python.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\Tomáš a Kristýna\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\Activision\\Thps3\\Skate3.exe"=
"c:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=

S0 fqofx;fqofx;c:\windows\system32\drivers\frssdigv.sys --> c:\windows\system32\drivers\frssdigv.sys [?]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20.8.2009 6:45 114768]
S1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [21.8.2009 10:14 2944]
S1 KGootkit;KGootkit;c:\windows\system32\drivers\KGootkit.sys [11.1.2010 16:34 34048]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.8.2009 6:45 20560]
S2 bzsodv;bzsodv;c:\windows\system32\drivers\ucybhxybiiqb.sys [11.1.2010 16:34 82048]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [29.6.2009 19:05 222456]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [31.12.2009 12:40 1527900]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
FF - ProfilePath - c:\documents and settings\Tomáš a Kristýna\Data aplikací\Mozilla\Firefox\Profiles\4h5vhgo1.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp? ... searchfor=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Tomáš a Kristýna\Data aplikací\Mozilla\Firefox\Profiles\4h5vhgo1.default\extensions\capturefoxmovie@advancity.net\components\capturefoxxpi_win32.dll
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
HKCU-Run-Myweather - c:\program files\MyFreeWeather\MyWeather.exe
HKCU-Run-qilac - c:\documents and settings\Tomáš a Kristýna\Plocha\qilac.exe
HKCU-Run-Hidden Administrator Server - c:\program files\Hidden Administrator\ha_server\ha_server.exe
HKLM-Run-TQGR Agent - c:\windows\system32\28463\TQGR.exe
HKLM-Run-SystemKey - c:\documents and settings\All Users\Data aplikací\SystemKey\SystemKey.dll
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
AddRemove-AnolisBackup xpize-2009-08-03 11-40 - c:\program files\Anolis\Installer\Backup xpize-2009-08-03 11-40\Uninstall.exe
AddRemove-L0phtCrack 2.5 - c:\program files\L0phtCrack 2.5\DeIsL1.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 22:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1935655697-796845957-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0D46C05-7ED6-168B-11B2-D98A9821AC22}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaehpjbocjhhomenom"=hex:69,61,68,6f,69,6a,61,66,6b,6d,6a,6c,6b,65,68,65,70,63,
00,00
"haoejkmbcoinghbf"=hex:69,61,68,6f,69,6a,61,66,6b,6d,6a,6c,6b,65,68,65,70,63,
00,00
"iaafplopmhipfcbbcl"=hex:63,61,68,6f,64,6b,00,7c
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\SETUPAPI.dll

- - - - - - - > 'explorer.exe'(956)
c:\windows\system32\SHDOCVW.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\msi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Celkový čas: 2010-01-11 22:31:18
ComboFix-quarantined-files.txt 2010-01-11 21:30

Před spuštěním: Volných bajtů: 12 902 346 752
Po spuštění: Volných bajtů: 12 863 684 608

- - End Of File - - 1F63D4BBD5C543629087BCD9351F1C99

[LauncelotBeauPre]

Tak nevite nekdo co s tim je

[Unlimited_Killer]

Omlouvám se, jdu na to - mám toho dost

[Unlimited_Killer]

Jdeme na to.

~~~

Otevřete si Poznámkový blok a zkopírujte do něj

Kód: Vybrat vše

KillAll::

Collect::
c:\windows\system32\icxuw.exe
c:\windows\system32\drivers\KGootkit.sys
C:\gpdotdx.exe
c:\program files\2460156.dat
c:\program files\2460234.dat
c:\windows\system32\drivers\ucybhxybiiqb.sys

Folder::
C:\Program Files\ICQ6Toolbar
C:\WINDOWS\system32\28463
C:\Documents and Settings\All Users\Data aplikací\SystemKey

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA551C00-2AE5-11d3-8592-00A0C98E9EA4}"=-
"{855F3B16-6D32-4fe6-8A56-BBB695989046}=-
"{707db484-2428-402d-afb5-d85b387544c7}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{707db484-2428-402d-afb5-d85b387544c7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{707db484-2428-402d-afb5-d85b387544c7}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-
"HP Software Update"=-
"TQGR Agent"=-
"SystemKey"=-
"Malwarebytes Anti-Malware (reboot)"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=-
"MSMSGS"=-
"qilac"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"=-
[-HKEY_CLASSES_ROOT\clsid\{707db484-2428-402d-afb5-d85b387544c7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{707DB484-2428-402D-AFB5-D85B387544C7}"=-
[-HKEY_CLASSES_ROOT\clsid\{707db484-2428-402d-afb5-d85b387544c7}]

Extra::
DDS::
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
FireFox::
FF - ProfilePath - c:\documents and settings\Tomáš a Kristýna\Data aplikací\Mozilla\Firefox\Profiles\4h5vhgo1.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor=
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll

FCopy::
c:\windows\system32\dllcache\ctfmon.exe | c:\windows\system32\ctfmon.exe

Driver::
bzsodv
fqofx
KGootkit
ICQ Service

uložte to na Plochu jako CFScript.txt Pak jej myší přetáhněte nad ComboFix (!musí být na Ploše!) a pusťte.



ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem dejte log, který na Vás po dočistění vybafne.

[LauncelotBeauPre]

ComboFix 10-01-12.02 - Tomáš a Kristýna 12.01.2010 21:23:55.4.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.393 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tomáš a Kristýna\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tomáš a Kristýna\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091018-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: C:\gpdotdx.exe
file zipped: c:\program files\2460156.dat
file zipped: c:\program files\2460234.dat
file zipped: c:\windows\system32\drivers\KGootkit.sys
file zipped: c:\windows\system32\drivers\ucybhxybiiqb.sys
file zipped: c:\windows\system32\icxuw.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\SystemKey
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysAggregatedLog.xsl
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysAllDaySysApplications.xsl
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysAllDaySysClipboardMonitor.xsl
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysAllDaySysFileMonitor.xsl
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysAllDaySysKeyLogger.xsl
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysAllDaySysMessenger.xsl
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysAllDaySysPrinterMonitor.xsl
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysAllDaySysScreenShot.xsl
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysAllDaySysWeb.xsl
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysApplications.xsl
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysApplications_20090807.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysApplications_20090808.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysApplications_20090809.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysApplications_20090810.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysApplications_20090811.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysApplications_20090812.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysApplications_20090813.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysClipboardMonitor.xsl
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysClipboardMonitor_20090807.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysClipboardMonitor_20090808.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysClipboardMonitor_20090809.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysClipboardMonitor_20090810.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysClipboardMonitor_20090811.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysClipboardMonitor_20090812.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysClipboardMonitor_20090813.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysErrors.txt
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysFileMonitor.xsl
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysFileMonitor_20090807.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysFileMonitor_20090808.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysFileMonitor_20090809.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysFileMonitor_20090810.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysFileMonitor_20090811.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysFileMonitor_20090812.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysFileMonitor_20090813.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysGlobalLog.xsl
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysKeyLogger.xsl
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysKeyLogger_20090807.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysKeyLogger_20090808.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysKeyLogger_20090809.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysKeyLogger_20090810.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysKeyLogger_20090811.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysKeyLogger_20090812.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysKeyLogger_20090813.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysMessenger.xsl
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_000120090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_000220090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_001120090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_001320090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_001820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_002620090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_002820090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_003320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_004120090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_004320090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_004820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_005620090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_005820090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_010220090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_011120090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_011320090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_011720090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_012620090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_012820090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_012920090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_013220090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_014120090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_014420090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_014720090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_015620090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_015920090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_020220090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_020320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_021120090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_021420090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_021820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_022620090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_022920090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_023320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_024420090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_024820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_025920090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_030320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_031420090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_031820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_032920090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_033320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_034420090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_034820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_035920090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_040320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_041420090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_041820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_042920090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_043320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_044420090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_044820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_045920090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_050320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_051420090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_051820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_052920090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_053320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_054420090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_054820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_055920090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_060320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_061420090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_061820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_062920090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_063020090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_063320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_064520090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_064820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_070020090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_070320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_070420090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_071520090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_071920090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_073420090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_085820090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_090720090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_091320090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_092220090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_092820090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_093720090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_094320090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_095220090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_095820090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_100720090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_101320090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_102220090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_102820090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_102920090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_103720090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_104320090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_104420090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_105220090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_105820090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_105920090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_105920090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_110720090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_111420090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_111420090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_112320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_112920090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_112920090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_113820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_114420090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_114420090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_115320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_115920090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_115920090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_120820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_121420090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_121420090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_122320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_122920090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_122920090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_123820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_124420090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_124420090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_125320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_125920090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_125920090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_130820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_131420090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_131420090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_132320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_132920090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_133820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_134420090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_135320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_135920090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_140820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_141420090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_142320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_142920090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_143820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_144420090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_145320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_145920090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_150820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_151420090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_152320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_152920090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_153820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_154420090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_155320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_155920090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_160020090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_160820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_161520090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_162320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_163020090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_163820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_164520090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_165320090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_170020090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_170820090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_170920090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_171520090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_172420090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_173020090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_173920090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_174520090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_175420090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_180020090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_180920090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_181520090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_182420090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_183020090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_183920090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_184520090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_185420090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_190020090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_190920090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_191520090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_192420090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_193020090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_193920090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_194520090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_195420090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_200020090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_200920090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_201520090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_202420090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_203020090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_203920090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_204520090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_205420090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_210020090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_210120090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_210920090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_211020090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_211620090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_212520090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_212720090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_213120090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_214120090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_214220090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_214420090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_214620090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_214620090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_215620090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_220120090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_220120090813.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_221120090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_221620090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_222620090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_223120090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_224120090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_224620090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_225620090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_230120090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_231120090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_231620090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_232620090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_233120090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_234120090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_234620090812.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\Syspict_235620090811.jpg
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysPrinterMonitor.xsl
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysScreenShot.xsl
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysScreenShot_20090807.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysScreenShot_20090808.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysScreenShot_20090809.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysScreenShot_20090810.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysScreenShot_20090811.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysScreenShot_20090812.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysScreenShot_20090813.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SystemKeybk.bmp
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysWeb.xsl
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\SysWeb_20090813.xmm
c:\documents and settings\All Users\Data aplikací\SystemKey\Logs\TestEmail.xml
c:\documents and settings\All Users\Data aplikací\SystemKey\SysSMTPSender.exe
c:\documents and settings\All Users\Data aplikací\SystemKey\SystemKeyHelp.chm
c:\documents and settings\All Users\Data aplikací\SystemKey\SystemKeyUninstaller.exe
c:\documents and settings\All Users\Data aplikací\SystemKey\xcacls.exe
C:\gpdotdx.exe
c:\program files\2460156.dat
c:\program files\2460234.dat
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\Mozilla Firefox\components\qippipe.dll
c:\windows\system32\drivers\KGootkit.sys
c:\windows\system32\drivers\ucybhxybiiqb.sys
c:\windows\system32\icxuw.exe

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\ctfmon.exe --> c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BZSODV
-------\Legacy_ICQ_SERVICE
-------\Legacy_KGOOTKIT
-------\Service_bzsodv
-------\Service_fqofx
-------\Service_ICQ Service
-------\Service_KGootkit


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-12 do 2010-01-12 )))))))))))))))))))))))))))))))
.

2010-01-12 20:21 . 2010-01-12 20:21 513024 ----a-w- c:\windows\system32\CF5525.exe
2010-01-11 21:13 . 2010-01-11 21:13 513024 ----a-w- c:\windows\system32\CF28525.exe
2010-01-11 20:07 . 2010-01-11 20:10 -------- d-----w- c:\program files\trend micro
2010-01-11 20:07 . 2010-01-11 20:08 -------- d-----w- C:\rsit
2010-01-11 18:26 . 2010-01-11 20:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 21:28 . 2010-01-10 21:28 -------- d-----w- c:\program files\proDAD
2010-01-10 21:28 . 2004-03-29 15:23 90112 ----a-w- c:\windows\unvise32.exe
2010-01-10 21:28 . 2010-01-10 21:28 -------- d-----w- c:\program files\LooksBuilderSE
2010-01-10 21:28 . 2003-07-01 15:49 69632 ----a-w- c:\windows\system32\MtxPreview.dll
2010-01-10 21:28 . 2003-07-01 15:49 49152 ----a-w- c:\windows\system32\MtxParhBFXPreview.dll
2010-01-10 21:28 . 2003-06-26 09:04 237568 ----a-r- c:\windows\system32\qtmlClient.dll
2010-01-10 21:28 . 2003-01-20 08:08 49152 ----a-w- c:\windows\system32\CvoAPI.dll
2010-01-10 21:27 . 2010-01-10 21:28 -------- d-----w- c:\program files\Boris FX, Inc
2010-01-10 21:03 . 2005-09-23 22:18 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2010-01-10 21:03 . 2010-01-10 21:03 -------- d-----w- c:\program files\Common Files\Pinnacle
2010-01-10 20:53 . 2010-01-10 20:53 -------- d-----w- c:\program files\Common Files\Yahoo!
2010-01-09 09:31 . 2010-01-09 09:32 -------- d-----w- c:\program files\Easy YouTube Downloader
2010-01-07 14:43 . 2010-01-10 21:31 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2010-01-07 14:39 . 2010-01-07 14:39 -------- d-----w- c:\program files\SmartSound Software
2010-01-07 14:38 . 2004-07-02 15:28 84992 ----a-w- c:\windows\system32\ATL70.DLL
2010-01-07 14:38 . 2003-11-25 04:02 57856 ----a-w- c:\windows\system32\masd32.dll
2010-01-07 14:38 . 2003-11-25 04:02 138752 ----a-w- c:\windows\system32\mase32.dll
2010-01-07 14:38 . 2003-11-25 04:02 136192 ----a-w- c:\windows\system32\mamc32.dll
2010-01-07 14:38 . 2003-11-25 04:02 27648 ----a-w- c:\windows\system32\ma32.dll
2010-01-07 14:38 . 2003-11-25 04:02 196096 ----a-w- c:\windows\system32\macd32.dll
2010-01-07 14:37 . 2002-01-05 01:38 54784 ----a-w- c:\windows\system32\MSVCI70.DLL
2010-01-07 14:37 . 2002-01-05 02:36 964608 ----a-w- c:\windows\system32\MFC70U.DLL
2010-01-07 14:37 . 2004-01-23 15:44 49152 ----a-w- c:\windows\system32\PCLEGetGuid.dll
2010-01-07 14:37 . 2002-01-05 02:48 974848 ----a-w- c:\windows\system32\MFC70.DLL
2010-01-07 14:36 . 2010-01-10 21:25 -------- d-----w- c:\program files\Pinnacle
2010-01-07 14:35 . 2005-02-09 10:59 14165 ----a-w- c:\windows\system32\drivers\Pclepci.sys
2010-01-05 19:55 . 2010-01-05 19:55 -------- d-----w- c:\program files\SpacialAudio
2009-12-31 11:41 . 2001-05-16 16:54 309616 ----a-w- c:\windows\system32\wmv8dmod.dll
2009-12-31 11:41 . 2001-05-11 12:18 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2009-12-31 11:38 . 2009-12-31 11:40 -------- d-----w- c:\program files\MAGIX
2009-12-31 11:38 . 2007-04-27 08:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2009-12-31 11:37 . 2009-12-31 11:40 -------- d-----w- c:\windows\system32\MAGIX
2009-12-31 11:37 . 2008-04-15 14:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2009-12-28 12:33 . 2010-01-11 19:14 -------- d-----w- c:\windows\system32\DGL
2009-12-25 20:50 . 2009-12-25 20:50 -------- d-----w- c:\program files\FreeCall.com
2009-12-24 15:43 . 2009-12-26 15:02 -------- d-----w- c:\program files\Popisovač CD-DVD
2009-12-23 14:58 . 2009-12-23 14:58 -------- d-----w- c:\program files\Activision
2009-12-23 12:54 . 2009-12-23 12:54 -------- d-----w- C:\Temp
2009-12-23 11:44 . 2009-12-23 11:44 -------- d-----w- c:\program files\ICQ Update Patch
2009-12-23 11:41 . 2010-01-03 15:58 -------- d-----w- c:\program files\ICQLite

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 19:29 . 2008-04-14 12:00 91360 ----a-w- c:\windows\system32\perfc005.dat
2010-01-12 19:29 . 2008-04-14 12:00 452550 ----a-w- c:\windows\system32\perfh005.dat
2010-01-11 20:19 . 2009-07-19 12:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-11 19:48 . 2009-08-13 18:59 -------- d-----w- c:\program files\Cheat Engine
2010-01-11 19:14 . 2009-12-12 10:54 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-01-10 21:27 . 2009-06-22 16:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 15:56 . 2009-06-29 18:05 -------- d-----w- c:\program files\ICQ6.5
2009-12-29 12:09 . 2009-12-13 17:05 -------- d-----w- c:\program files\Call of Duty
2009-12-22 17:00 . 2009-08-12 14:23 -------- d-----w- c:\program files\Warcraft III
2009-12-21 20:37 . 2009-07-14 13:21 -------- d-----w- c:\program files\TeamViewer
2009-12-13 09:59 . 2009-12-13 09:58 -------- d-----w- c:\program files\Movie Player
2009-12-05 13:43 . 2009-12-05 13:43 -------- d-----w- c:\program files\AMT Media Manager
2009-11-27 12:38 . 2009-06-28 18:01 -------- d-----r- c:\program files\Skype
2009-11-27 12:38 . 2009-11-27 12:38 -------- d-----w- c:\program files\Common Files\Skype
2009-11-21 18:10 . 2009-11-21 18:08 -------- d-----w- c:\program files\AMR Player
2009-11-17 18:50 . 2009-10-25 16:23 -------- d-----w- c:\program files\softendo.com
2009-11-06 13:26 . 2009-11-06 13:27 737280 ----a-w- c:\windows\iun6002.exe
2009-10-17 10:02 . 2009-10-17 10:02 118784 ----a-w- c:\windows\dsdxirmv.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-11_21.25.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 12:00 . 2010-01-11 20:04 78244 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2010-01-12 19:29 78244 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2010-01-12 19:29 457228 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2010-01-11 20:04 457228 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeCall"="c:\program files\FreeCall.com\FreeCall\FreeCall.exe" [2009-12-25 9168176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 184320]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 341232]
"AMTDeviceService"="c:\program files\AMT Media Manager\AMTDeviceService.exe" [2009-01-21 184320]
"ICQ Lite"="c:\program files\ICQLite\ICQLite.exe" [2006-07-11 3144800]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Tom ç a Kristěna\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2009-10-29 376832]

c:\documents and settings\Administrator.POCITAC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2009-10-29 376832]

c:\documents and settings\Default User\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2009-10-29 376832]

c:\documents and settings\Tom ç a Kristěna\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2009-10-29 376832]

c:\documents and settings\Tom ç a Kristěna\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2009-10-29 376832]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

c:\documents and settings\Tom ç a Kristěna\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2009-10-29 376832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\QIP Infium JadrisPack\\infium.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Empire of Sports\\NetworkDiagnostic.exe"=
"c:\\Program Files\\Empire of Sports\\EmpireOfSports.exe"=
"c:\\Python25\\python.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\Tomáš a Kristýna\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\Activision\\Thps3\\Skate3.exe"=
"c:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=

S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20.8.2009 6:45 114768]
S1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [21.8.2009 10:14 2944]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.8.2009 6:45 20560]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [31.12.2009 12:40 1527900]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
FF - ProfilePath - c:\documents and settings\Tomáš a Kristýna\Data aplikací\Mozilla\Firefox\Profiles\4h5vhgo1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Tomáš a Kristýna\Data aplikací\Mozilla\Firefox\Profiles\4h5vhgo1.default\extensions\capturefoxmovie@advancity.net\components\capturefoxxpi_win32.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 21:36
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1935655697-796845957-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0D46C05-7ED6-168B-11B2-D98A9821AC22}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaehpjbocjhhomenom"=hex:69,61,68,6f,69,6a,61,66,6b,6d,6a,6c,6b,65,68,65,70,63,
00,00
"haoejkmbcoinghbf"=hex:69,61,68,6f,69,6a,61,66,6b,6d,6a,6c,6b,65,68,65,70,63,
00,00
"iaafplopmhipfcbbcl"=hex:63,61,68,6f,64,6b,00,7c
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(532)
c:\windows\system32\SHDOCVW.dll
c:\windows\System32\cscui.dll
.
Celkový čas: 2010-01-12 21:48:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-12 20:48
ComboFix2.txt 2010-01-11 21:31

Před spuštěním: Volných bajtů: 12 624 273 408
Po spuštění: Volných bajtů: 12 825 341 952

- - End Of File - - 69417BD9C71BD379A822A646369A645D

[Unlimited_Killer]

Jak se chová PC? Zkuste normální režim.

[LauncelotBeauPre]

tak uz to bezi normalne bez resetovani. Diky

[Unlimited_Killer]

Tak rychle si mě 'od těla' nedostanete
Ještě douklízíme

[Unlimited_Killer]

Zatím poprosím o nový RSIT log.

[Unlimited_Killer]

A ještě jeden skipt ComboFixu.

~~~

Otevřete si Poznámkový blok a zkopírujte do něj

Kód: Vybrat vše

regnull::
[HKEY_USERS\S-1-5-21-1935655697-796845957-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0D46C05-7ED6-168B-11B2-D98A9821AC22}*]

uložte to na Plochu jako CFScript.txt Pak jej myší přetáhněte nad ComboFix (!musí být na Ploše!) a pusťte.



ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem dejte log, který na Vás po dočistění vybafne.