Pinit virus v souboru USER32.dll

[hajos_t]

zdravim mam problem s pinit virem, ktery je v souboru USER32.dll

prikladam log z RSIT jak sem se docetl v jinem foru

Logfile of random's system information tool 1.06 (written by random/random)
Run by uživatel at 2010-01-21 13:08:15
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 293 GB (61%) free of 477 GB
Total RAM: 3006 MB (80% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1214440339-1417001333-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1214440339-1417001333-1004UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Programy\SPYBOT~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll [2009-01-30 1114112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-01-08 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-01-08 81920]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"ToolBoxFX"=C:\Programy\HP LaserJet 2605\ToolBoxFX\bin\HPTLBXFX.exe [2007-08-22 53248]
"HPUsageTracking"=C:\Programy\HP LaserJet 2605\HP UT\bin\hppusg.exe [2007-10-15 36864]
"HP Software Update"=C:\Programy\HP LaserJet 2605\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"C-Media Mixer"=Mixer.exe /startup []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"QuickTime Task"=C:\Programy\QuickTime\qttask.exe [2008-09-06 413696]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2009-01-30 992256]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-09-29 2054360]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-11-18 1243088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0"=C:\WINDOWS\system32\advpack.dll [2008-04-14 100352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SpybotSD TeaTimer"=C:\Programy\Spybot Search and Destroy\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Google Update"=C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2008-10-30 133104]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Programy\HP LaserJet 2605\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programy\HP LaserJet 2605\setup\hppniprint01.exe"="C:\Programy\HP LaserJet 2605\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe"
"C:\Programy\HP LaserJet 2605\setup\hppniprint64.exe"="C:\Programy\HP LaserJet 2605\setup\hppniprint64.exe:*:Enabled:hppniprint64.exe"
"C:\Programy\HP LaserJet 2605\setup\hppnicifs01.exe"="C:\Programy\HP LaserJet 2605\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe"
"C:\Programy\HP LaserJet 2605\setup\hpntwkexe.exe"="C:\Programy\HP LaserJet 2605\setup\hpntwkexe.exe:*:Enabled:hpntwkexe.exe"
"C:\Programy\Office\Office12\ONENOTE.EXE"="C:\Programy\Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Outlook Express\msimn.exe"="C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programy\Total Commander\totalcmd\TOTALCMD.EXE"="C:\Programy\Total Commander\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Programy\Opera 9\opera.exe"="C:\Programy\Opera 9\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e23fd99-3953-11de-9af4-001617e8ed61}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn


======File associations======

.js - open - "C:\Programy\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.txt - open -

======List of files/folders created in the last 1 months======

2010-01-21 13:08:16 ----D---- C:\Program Files\trend micro
2010-01-21 13:08:15 ----D---- C:\rsit
2010-01-19 14:03:45 ----A---- C:\WINDOWS\BDTSupport.dll
2010-01-19 14:03:44 ----A---- C:\WINDOWS\SGDetectionTool.dll
2010-01-19 14:03:44 ----A---- C:\WINDOWS\PCTBDRes.dll
2010-01-19 14:03:44 ----A---- C:\WINDOWS\PCTBDCore.dll
2010-01-19 14:01:36 ----D---- C:\Program Files\Spyware Doctor
2010-01-19 14:01:36 ----D---- C:\Program Files\Common Files\PC Tools
2010-01-19 14:01:36 ----D---- C:\Documents and Settings\uživatel\Data aplikací\PC Tools
2010-01-19 14:01:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2010-01-19 14:01:16 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-19 13:59:34 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Malwarebytes
2010-01-19 13:59:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-01-19 13:59:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-19 13:26:14 ----D---- C:\Program Files\ESET
2010-01-19 13:26:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-01-15 14:53:15 ----D---- C:\Program Files\Alwil Software
2010-01-15 13:56:57 ----D---- C:\public enemy
2010-01-15 12:00:49 ----D---- C:\Documents and Settings\uživatel\Data aplikací\ESTsoft
2010-01-15 12:00:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESTsoft
2010-01-15 12:00:41 ----D---- C:\Program Files\ESTsoft
2010-01-13 12:31:37 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 12:31:31 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 12:20:41 ----D---- C:\Documents and Settings\uživatel\Data aplikací\inkscape
2010-01-13 12:15:21 ----D---- C:\Program Files\Inkscape
2010-01-13 12:13:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Macromedia
2010-01-13 12:13:18 ----D---- C:\Program Files\Macromedia
2010-01-13 12:13:18 ----D---- C:\Program Files\Common Files\Macromedia
2010-01-13 12:12:49 ----D---- C:\WINDOWS\Downloaded Installations
2010-01-05 18:43:33 ----D---- C:\Program Files\Ask.com
2010-01-05 18:43:11 ----D---- C:\Program Files\The KMPlayer

======List of files/folders modified in the last 1 months======

2010-01-21 13:08:16 ----RD---- C:\Program Files
2010-01-21 13:08:16 ----D---- C:\WINDOWS\Temp
2010-01-21 13:07:32 ----D---- C:\WINDOWS\Prefetch
2010-01-21 12:58:27 ----HD---- C:\WINDOWS\inf
2010-01-21 12:57:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-21 12:56:32 ----D---- C:\WINDOWS
2010-01-21 12:32:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-20 09:05:06 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-19 16:28:10 ----D---- C:\WINDOWS\system32
2010-01-19 16:28:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-19 14:14:47 ----D---- C:\Documents and Settings
2010-01-19 14:02:05 ----D---- C:\WINDOWS\system32\drivers
2010-01-19 14:01:43 ----SHD---- C:\WINDOWS\Installer
2010-01-19 14:01:43 ----HD---- C:\Config.Msi
2010-01-19 14:01:42 ----D---- C:\WINDOWS\WinSxS
2010-01-19 14:01:36 ----D---- C:\Program Files\Common Files
2010-01-19 13:25:12 ----SD---- C:\Documents and Settings\uživatel\Data aplikací\Microsoft
2010-01-19 13:16:42 ----A---- C:\WINDOWS\wincmd.ini
2010-01-19 09:26:48 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-01-18 09:25:15 ----D---- C:\WINDOWS\system32\config
2010-01-15 15:54:32 ----SHD---- C:\System Volume Information
2010-01-15 15:54:32 ----D---- C:\WINDOWS\system32\Restore
2010-01-15 15:31:13 ----D---- C:\Program Files\Movie Maker
2010-01-15 14:54:04 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-14 13:29:21 ----D---- C:\WINDOWS\AppPatch
2010-01-13 12:31:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-13 12:31:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-13 12:31:35 ----A---- C:\WINDOWS\imsins.BAK
2010-01-13 12:14:49 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Macromedia
2010-01-06 14:13:00 ----A---- C:\WINDOWS\system32\ssprs.dll
2010-01-06 14:13:00 ----A---- C:\WINDOWS\system32\lsprst7.dll
2010-01-05 18:43:35 ----SD---- C:\WINDOWS\Tasks
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-09-29 96408]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-09-29 116008]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-01-08 7434336]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 Fdcfrar4;Fdcfrar4; C:\WINDOWS\system32\drivers\acpiec.sys [2008-04-14 11776]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Programy\Ad-Aware\aawservice.exe [2008-10-14 611664]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-01-08 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-08-31 68096]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-09-29 20680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Strpsxy;Strpsxy; C:\WINDOWS\system32\drivers\swmidi.sys [2008-04-13 56576]

-----------------EOF-----------------


Predem dekuji za Vasi pomoc

S pozdravem Tomas

[hajos_t]

Dekuji postupoval jsem podle pokynu...tady je log z combofix Dekuji!

ComboFix 10-01-20.05 - uživatel 21.01.2010 15:19:45.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3006.2374 [GMT 1:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\uživatel\Dokumenty\Hudba\Martas\AVENGER\Desktop_.ini
c:\program files\Java\jre6\bin\jucheck.exe
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-21 do 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 12:08 . 2010-01-21 12:08 -------- d-----w- c:\program files\trend micro
2010-01-21 12:08 . 2010-01-21 12:08 -------- d-----w- C:\rsit
2010-01-19 13:03 . 2009-11-10 09:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-19 13:03 . 2009-11-10 09:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-19 13:03 . 2009-11-10 09:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-19 13:03 . 2009-11-10 09:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-01-19 13:03 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-01-19 13:03 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-01-19 13:02 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-19 13:01 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-19 13:01 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-19 13:01 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-19 13:01 . 2010-01-21 14:20 -------- d-----w- c:\program files\Spyware Doctor
2010-01-19 13:01 . 2010-01-19 13:03 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-19 12:59 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 12:59 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 12:59 . 2010-01-19 12:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 12:26 . 2010-01-19 12:26 -------- d-----w- c:\program files\ESET
2010-01-15 13:53 . 2010-01-15 13:53 -------- d-----w- c:\program files\Alwil Software
2010-01-15 12:56 . 2010-01-15 12:59 -------- d-----w- C:\public enemy
2010-01-15 11:00 . 2010-01-15 11:00 -------- d-----w- c:\program files\ESTsoft
2010-01-13 11:15 . 2010-01-13 11:19 -------- d-----w- c:\program files\Inkscape
2010-01-13 11:13 . 2010-01-13 11:13 -------- d-----w- c:\program files\Macromedia
2010-01-13 11:13 . 2010-01-13 11:13 -------- d-----w- c:\program files\Common Files\Macromedia
2010-01-13 11:12 . 2010-01-13 11:12 -------- d-----w- c:\windows\Downloaded Installations
2010-01-05 17:43 . 2010-01-05 17:43 -------- d-----w- c:\program files\Ask.com
2010-01-05 17:43 . 2010-01-05 17:43 -------- d-----w- c:\program files\The KMPlayer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 14:30 . 2009-02-10 07:19 -------- d-----w- c:\program files\pdfforge Toolbar
2010-01-21 14:23 . 2008-04-14 12:00 578560 ----a-w- c:\windows\system32\user32.dll
2010-01-19 15:28 . 2008-04-14 12:00 62138 ----a-w- c:\windows\system32\perfc005.dat
2010-01-19 15:28 . 2008-04-14 12:00 379568 ----a-w- c:\windows\system32\perfh005.dat
2009-12-07 13:19 . 2009-12-07 13:18 -------- d-----w- c:\program files\DVD Shrink
2009-12-03 14:07 . 2009-05-11 07:57 -------- d-----w- c:\program files\Java
2009-12-02 10:18 . 2009-12-02 10:11 -------- d-----w- c:\program files\MediaCoder
2009-12-02 10:17 . 2009-12-02 10:17 -------- d-----w- c:\program files\DVD Flick
2009-12-02 09:56 . 2009-12-02 09:56 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-12-02 09:56 . 2009-12-02 09:56 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-12-02 09:56 . 2009-12-02 09:56 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-11-30 09:30 . 2009-11-30 09:28 8 ----a-w- c:\windows\system32\nvModes.dat
2009-11-21 16:03 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 05:26 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2009-09-01 07:49 . 2009-09-01 07:49 4926536 ----a-w- c:\program files\flv-non-hd-encoderV3.0.exe
.
Infected c:\windows\system32\user32.dll hex repaired


(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-01-30 14:12 650752 ----a-w- c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 16:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\programy\Spybot Search and Destroy\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-10-30 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
"nwiz"="nwiz.exe" [2008-01-08 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ToolBoxFX"="c:\programy\HP LaserJet 2605\ToolBoxFX\bin\HPTLBXFX.exe" [2007-08-22 53248]
"HPUsageTracking"="c:\programy\HP LaserJet 2605\HP UT\bin\hppusg.exe" [2007-10-15 36864]
"HP Software Update"="c:\programy\HP LaserJet 2605\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"QuickTime Task"="c:\programy\QuickTime\qttask.exe" [2008-09-06 413696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0"="c:\windows\system32\advpack.dll" [2008-04-14 100352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\programy\HP LaserJet 2605\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programy\\HP LaserJet 2605\\setup\\hppniprint01.exe"=
"c:\\Programy\\HP LaserJet 2605\\setup\\hppniprint64.exe"=
"c:\\Programy\\HP LaserJet 2605\\setup\\hppnicifs01.exe"=
"c:\\Programy\\HP LaserJet 2605\\setup\\hpntwkexe.exe"=
"c:\\Programy\\Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Programy\\Total Commander\\totalcmd\\TOTALCMD.EXE"=
"c:\\Programy\\Opera 9\\opera.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [19.1.2010 14:01 207792]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [29.8.2008 14:21 11264]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.9.2009 13:02 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29.9.2009 13:05 96408]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [19.1.2010 14:03 112592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29.9.2009 13:03 735960]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19.1.2010 14:01 359624]
S2 ojviy;Shell Time;c:\windows\system32\svchost.exe -k netsvcs [14.4.2008 13:00 14336]
S2 vduwpmod;System Installer;c:\windows\system32\svchost.exe -k netsvcs [14.4.2008 13:00 14336]
S2 vmpqxteat;Universal Installer;c:\windows\system32\svchost.exe -k netsvcs [14.4.2008 13:00 14336]
S2 zjkbhmifv;Monitor Center;c:\windows\system32\svchost.exe -k netsvcs [14.4.2008 13:00 14336]
S3 Fdcfrar4;Fdcfrar4;c:\windows\system32\drivers\acpiec.sys [14.4.2008 13:00 11776]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vduwpmod
ojviy
zjkbhmifv
vmpqxteat
.
Obsah adresáře 'Naplánované úlohy'

2010-01-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 16:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ask.com?o=15187&l=dis
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\programy\Office\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\ws7oxec1.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.prvnizpravy.cz/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&q=
FF - component: c:\programy\Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\programy\Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\programy\Opera 9\program\plugins\npdsplay.dll
FF - plugin: c:\programy\Opera 9\program\plugins\NPOFF12.DLL
FF - plugin: c:\programy\Opera 9\program\plugins\NPSWF32.dll
FF - plugin: c:\programy\Opera 9\program\plugins\npwmsdrm.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin7.dll

---- NASTAVENÍ FIREFOXU ----
c:\programy\Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\pdfforge Toolbar\SearchSettings.dll
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\pdfforge Toolbar\SearchSettings.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 15:41
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ojviy]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vduwpmod]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vmpqxteat]
"ServiceDll"="c:\program files\Movie Maker\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zjkbhmifv]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:58,d9,cb,d2,a7,07,a6,22,1b,c1,78,8b,cc,1d,03,f8,6f,d9,c1,e8,8f,
11,22,1a,4b,d6,e1,de,5e,c7,5a,19,aa,cc,69,51,b6,31,11,1c,d9,da,38,90,61,c8,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:58,d9,cb,d2,a7,07,a6,22,1b,c1,78,8b,cc,1d,03,f8,6f,d9,c1,e8,8f,
11,22,1a,4b,d6,e1,de,5e,c7,5a,19,aa,cc,69,51,b6,31,11,1c,d9,da,38,90,61,c8,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
Celkový čas: 2010-01-21 15:44:33
ComboFix-quarantined-files.txt 2010-01-21 14:44

Před spuštěním: Volných bajtů: 307 022 798 848
Po spuštění: Volných bajtů: 307 941 302 272

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 2AC8755464E2865FE15A4B7AEADB779C

[hajos_t]

tady je log ze sysprotu, jeste bych chtel dodat ze program se radne neukoncil, musel sem ho killnout ve spravci procesu...

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 644
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 716
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 740
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\system32\services.exe
PID: 784
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 800
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 960
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1024
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1064
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1152
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1180
Hidden: No
Window Visible: No

Name: C:\Programy\Ad-Aware\aawservice.exe
PID: 1260
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PID: 1552
Hidden: No
Window Visible: No

Name: C:\Programy\HP LaserJet 2605\ToolboxFX\bin\HPTLBXFX.exe
PID: 1560
Hidden: No
Window Visible: No

Name: C:\Programy\HP LaserJet 2605\HP UT\bin\hppusg.exe
PID: 1572
Hidden: No
Window Visible: No

Name: C:\Programy\HP LaserJet 2605\HP Software Update\hpwuSchd2.exe
PID: 1580
Hidden: No
Window Visible: No

Name: C:\WINDOWS\mixer.exe
PID: 1596
Hidden: No
Window Visible: No

Name: C:\WINDOWS\RTHDCPL.EXE
PID: 1612
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 1684
Hidden: No
Window Visible: No

Name: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PID: 1696
Hidden: No
Window Visible: Yes

Name: C:\Program Files\Spyware Doctor\pctsTray.exe
PID: 1712
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 1740
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1840
Hidden: No
Window Visible: No

Name: C:\Programy\HP LaserJet 2605\Digital Imaging\bin\hpqtra08.exe
PID: 1920
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2016
Hidden: No
Window Visible: No

Name: C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PID: 364
Hidden: No
Window Visible: No

Name: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PID: 456
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 500
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 528
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 760
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\nvsvc32.exe
PID: 1116
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1272
Hidden: No
Window Visible: No

Name: C:\Program Files\Spyware Doctor\pctsAuxs.exe
PID: 1296
Hidden: No
Window Visible: No

Name: C:\Program Files\Spyware Doctor\pctsSvc.exe
PID: 1508
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2108
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\wmiapsrv.exe
PID: 3408
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 3676
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wscntfy.exe
PID: 1944
Hidden: No
Window Visible: No

Name: C:\Programy\Spybot Search and Destroy\Spybot - Search & Destroy\TeaTimer.exe
PID: 2944
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1412
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\uživatel\Plocha\SysProt.exe
PID: 132
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\uživatel\Plocha\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: B4FF5000
Module End: B5000000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E4000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E4000
Module End: 80704D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: BADA8000
Module End: BADAA000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: BACB8000
Module End: BACBB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: BA779000
Module End: BA7A7000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: BADAA000
Module End: BADAC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: BA768000
Module End: BA779000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: BA8A8000
Module End: BA8B2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: BA748000
Module End: BA768000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: BA8B8000
Module End: BA8C8000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: BA8C8000
Module End: BA8D6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: BAE70000
Module End: BAE71000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: BAB28000
Module End: BAB2F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\viaide.sys
Service Name: ViaIde
Module Base: BADAC000
Module End: BADAE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: BA8D8000
Module End: BA8E3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: BA729000
Module End: BA748000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: BAB30000
Module End: BAB35000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\videX32.sys
Service Name: videX32
Module Base: BAB38000
Module End: BAB40000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: BA8E8000
Module End: BA8F5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: BA711000
Module End: BA729000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: BA8F8000
Module End: BA901000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: BA908000
Module End: BA915000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: BA6FF000
Module End: BA711000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PCTCore.sys
Service Name: PCTCore
Module Base: BA6C8000
Module End: BA6FF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: BAB40000
Module End: BAB45000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\xfilt.sys
Service Name: xfilt
Module Base: BAB48000
Module End: BAB50000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: BA6B1000
Module End: BA6C8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: BA624000
Module End: BA6B1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: BA5F7000
Module End: BA624000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: BA5DD000
Module End: BA5F7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Service Name: NIC1394
Module Base: BA938000
Module End: BA948000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: BA9D8000
Module End: BA9E2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: B9BAC000
Module End: BA2C4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: B9B98000
Module End: B9BAC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cmaudio.sys
Service Name: cmpci
Module Base: B9B3B000
Module End: B9B98000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: B9B17000
Module End: B9B3B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: BA9E8000
Module End: BA9F7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ks.sys
Service Name: ---
Module Base: B9AF4000
Module End: B9B17000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: BA9F8000
Module End: BAA03000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: BAA08000
Module End: BAA18000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: BAA18000
Module End: BAA27000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: BAC60000
Module End: BAC66000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: B9AD0000
Module End: B9AF4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: BAC68000
Module End: BAC70000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fetnd5.sys
Service Name: FETNDIS
Module Base: BAC70000
Module End: BAC77000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: BAA28000
Module End: BAA35000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: BAC78000
Module End: BAC7E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: BAC80000
Module End: BAC86000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: B9AA8000
Module End: B9AD0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: BAE92000
Module End: BAE93000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: BAA38000
Module End: BAA45000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: BA2D8000
Module End: BA2DB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: B9A91000
Module End: B9AA8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: BAA48000
Module End: BAA53000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: BAA58000
Module End: BAA64000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: BAB88000
Module End: BAB8D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: B9A80000
Module End: B9A91000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: BAA68000
Module End: BAA71000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: BAB90000
Module End: BAB95000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: BAB98000
Module End: BAB9D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: BAA78000
Module End: BAA82000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: BADFC000
Module End: BADFE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: B9982000
Module End: B99E0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: BA2C4000
Module End: BA2C8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: AFC85000
Module End: B00D9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: B0139000
Module End: B0143000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\gameenum.sys
Service Name: gameenum
Module Base: B2980000
Module End: B2983000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: B0119000
Module End: B0128000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: BADDA000
Module End: BADDC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: BADE0000
Module End: BADE2000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: BAECA000
Module End: BAECB000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: BADE2000
Module End: BADE4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ehdrv.sys
Service Name: ehdrv
Module Base: ADB68000
Module End: ADB85000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: B4C6B000
Module End: B4C72000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: B4C63000
Module End: B4C69000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: usbstor
Module Base: BACB0000
Module End: BACB7000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: BADE8000
Module End: BADEA000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: BADEE000
Module End: BADF0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: BACA8000
Module End: BACAD000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: BABE0000
Module End: BABE8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: B2960000
Module End: B2963000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: ADB35000
Module End: ADB48000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: ADADC000
Module End: ADB35000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: ADAB6000
Module End: ADADC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: ADA8E000
Module End: ADAB6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: B0109000
Module End: B0112000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
Service Name: epfwtdir
Module Base: ADA75000
Module End: ADA8E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Service Name: Arp1394
Module Base: B00F9000
Module End: B0108000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: ADA53000
Module End: ADA75000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: B00E9000
Module End: B00F2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: ADA28000
Module End: ADA53000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: AD9B8000
Module End: ADA28000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: B00D9000
Module End: B00E4000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: B9146000
Module End: B9156000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: AD9A0000
Module End: AD9B8000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BAE46000
Module End: BAE48000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: BAD9C000
Module End: BAD9F000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: B4C3B000
Module End: B4C40000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: BAED3000
Module End: BAED4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\eamon.sys
Service Name: eamon
Module Base: AD88C000
Module End: AD958000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: B2E01000
Module End: B2E05000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: AD3F1000
Module End: AD41E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: AD33C000
Module End: AD351000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: B8A04000
Module End: B8A13000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: ACFEC000
Module End: AD03E000
Hidden: No

Module Name: \??\C:\Program Files\Spyware Doctor\PCTSDInj32.sys
Service Name: ---
Module Base: BAC00000
Module End: BAC07000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\TDTCP.SYS
Service Name: TDTCP
Module Base: BABF0000
Module End: BABF6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\RDPWD.SYS
Service Name: RDPWD
Module Base: AC980000
Module End: AC9A3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: AC93F000
Module End: AC980000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: AC878000
Module End: AC89C000
Hidden: No

Module Name: \??\C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\catchme.sys
Service Name: catchme
Module Base: BABA0000
Module End: BABA8000
Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: BADEA000
Module End: BADEC000
Hidden: Yes

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: ABDAB000
Module End: ABDD6000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAssignProcessToJobObject
Address: 89AB38A0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateKey
Address: BA6F0E52
Driver Base: BA6C8000
Driver End: BA6FF000
Driver Name: PCTCore.sys

Function Name: ZwCreateProcess
Address: BA6D1CDE
Driver Base: BA6C8000
Driver End: BA6FF000
Driver Name: PCTCore.sys

Function Name: ZwCreateProcessEx
Address: BA6D1ED0
Driver Base: BA6C8000
Driver End: BA6FF000
Driver Name: PCTCore.sys

Function Name: ZwDeleteKey
Address: BA6F1640
Driver Base: BA6C8000
Driver End: BA6FF000
Driver Name: PCTCore.sys

Function Name: ZwDeleteValueKey
Address: BA6F18F4
Driver Base: BA6C8000
Driver End: BA6FF000
Driver Name: PCTCore.sys

Function Name: ZwOpenKey
Address: BA6EFB44
Driver Base: BA6C8000
Driver End: BA6FF000
Driver Name: PCTCore.sys

Function Name: ZwOpenProcess
Address: 89AB2CB0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: 89AB30D0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRenameKey
Address: BA6F1D60
Driver Base: BA6C8000
Driver End: BA6FF000
Driver Name: PCTCore.sys

Function Name: ZwSetValueKey
Address: BA6F1112
Driver Base: BA6C8000
Driver End: BA6FF000
Driver Name: PCTCore.sys

Function Name: ZwSuspendProcess
Address: 89AB36D0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendThread
Address: 89AB34F0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: BA6D1984
Driver Base: BA6C8000
Driver End: BA6FF000
Driver Name: PCTCore.sys

Function Name: ZwTerminateThread
Address: 89AB3310
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: PC:30606
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: LISTENING

Local Address: PC:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: PC:1042
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: PC:3389
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: PC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: PC:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: PC:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: PC:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: PC:1025
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\spoolsv.exe
State: NA

Local Address: PC:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: PC:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{FF367373-A8C4-4741-B6E4-A7B5A6039B44}
Status: Access denied

[hajos_t]

log z combofixu...dekuji

ComboFix 10-01-20.05 - uživatel 21.01.2010 16:27:28.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3006.2356 [GMT 1:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: I:\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\pdfforge Toolbar
c:\program files\pdfforge Toolbar\config.ini
c:\program files\pdfforge Toolbar\Res\icon_settings.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif
c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\Res\search-button-hover.gif
c:\program files\pdfforge Toolbar\Res\search-button.gif
c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\Res\search-chevron.gif
c:\program files\pdfforge Toolbar\Res\search_amazon.gif
c:\program files\pdfforge Toolbar\Res\search_ebay.gif
c:\program files\pdfforge Toolbar\Res\search_yahoo.gif
c:\program files\pdfforge Toolbar\Res\separator.gif
c:\program files\pdfforge Toolbar\Res\widgets.xml
c:\program files\pdfforge Toolbar\SearchSettings.exe
c:\program files\pdfforge Toolbar\SearchSettingsRes409.dll
c:\program files\pdfforge Toolbar\sscfg.ini
c:\program files\pdfforge Toolbar\WidgiHelper.exe
c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll
c:\programy\Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
c:\programy\Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OJVIY
-------\Legacy_VDUWPMOD
-------\Legacy_VMPQXTEAT
-------\Legacy_ZJKBHMIFV
-------\Service_ojviy
-------\Service_vduwpmod
-------\Service_vmpqxteat
-------\Service_zjkbhmifv


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-21 do 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 12:08 . 2010-01-21 12:08 -------- d-----w- c:\program files\trend micro
2010-01-21 12:08 . 2010-01-21 12:08 -------- d-----w- C:\rsit
2010-01-19 13:03 . 2009-11-10 09:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-19 13:03 . 2009-11-10 09:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-19 13:03 . 2009-11-10 09:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-19 13:03 . 2009-11-10 09:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-01-19 13:03 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-01-19 13:03 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-01-19 13:02 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-19 13:01 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-19 13:01 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-19 13:01 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-19 13:01 . 2010-01-21 15:38 -------- d-----w- c:\program files\Spyware Doctor
2010-01-19 13:01 . 2010-01-19 13:03 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-19 12:59 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 12:59 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 12:59 . 2010-01-19 12:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 12:26 . 2010-01-19 12:26 -------- d-----w- c:\program files\ESET
2010-01-15 13:53 . 2010-01-15 13:53 -------- d-----w- c:\program files\Alwil Software
2010-01-15 12:56 . 2010-01-15 12:59 -------- d-----w- C:\public enemy
2010-01-15 11:00 . 2010-01-15 11:00 -------- d-----w- c:\program files\ESTsoft
2010-01-13 11:15 . 2010-01-13 11:19 -------- d-----w- c:\program files\Inkscape
2010-01-13 11:13 . 2010-01-13 11:13 -------- d-----w- c:\program files\Macromedia
2010-01-13 11:13 . 2010-01-13 11:13 -------- d-----w- c:\program files\Common Files\Macromedia
2010-01-13 11:12 . 2010-01-13 11:12 -------- d-----w- c:\windows\Downloaded Installations
2010-01-05 17:43 . 2010-01-21 15:31 -------- d-----w- c:\program files\Ask.com
2010-01-05 17:43 . 2010-01-05 17:43 -------- d-----w- c:\program files\The KMPlayer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 15:32 . 2009-02-10 07:19 -------- d-----w- c:\program files\pdfforge Toolbar
2010-01-21 14:23 . 2008-04-14 12:00 578560 ------w- c:\windows\system32\user32.dll
2010-01-19 15:28 . 2008-04-14 12:00 62138 ----a-w- c:\windows\system32\perfc005.dat
2010-01-19 15:28 . 2008-04-14 12:00 379568 ----a-w- c:\windows\system32\perfh005.dat
2009-12-07 13:19 . 2009-12-07 13:18 -------- d-----w- c:\program files\DVD Shrink
2009-12-03 14:07 . 2009-05-11 07:57 -------- d-----w- c:\program files\Java
2009-12-02 10:18 . 2009-12-02 10:11 -------- d-----w- c:\program files\MediaCoder
2009-12-02 10:17 . 2009-12-02 10:17 -------- d-----w- c:\program files\DVD Flick
2009-12-02 09:56 . 2009-12-02 09:56 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-12-02 09:56 . 2009-12-02 09:56 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-12-02 09:56 . 2009-12-02 09:56 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-11-30 09:30 . 2009-11-30 09:28 8 ----a-w- c:\windows\system32\nvModes.dat
2009-11-21 16:03 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 05:26 . 2008-04-14 12:00 668160 ------w- c:\windows\system32\wininet.dll
2009-09-01 07:49 . 2009-09-01 07:49 4926536 ----a-w- c:\program files\flv-non-hd-encoderV3.0.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-01-21_14.41.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-21 15:38 . 2010-01-21 15:38 16384 c:\windows\Temp\Perflib_Perfdata_d80.dat
+ 2010-01-21 15:37 . 2010-01-21 15:37 16384 c:\windows\Temp\Perflib_Perfdata_78c.dat
+ 2010-01-21 15:37 . 2010-01-21 15:37 16384 c:\windows\Temp\Perflib_Perfdata_148.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\programy\Spybot Search and Destroy\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-10-30 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
"nwiz"="nwiz.exe" [2008-01-08 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ToolBoxFX"="c:\programy\HP LaserJet 2605\ToolBoxFX\bin\HPTLBXFX.exe" [2007-08-22 53248]
"HPUsageTracking"="c:\programy\HP LaserJet 2605\HP UT\bin\hppusg.exe" [2007-10-15 36864]
"HP Software Update"="c:\programy\HP LaserJet 2605\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"QuickTime Task"="c:\programy\QuickTime\qttask.exe" [2008-09-06 413696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0"="c:\windows\system32\advpack.dll" [2008-04-14 100352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\programy\HP LaserJet 2605\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programy\\HP LaserJet 2605\\setup\\hppniprint01.exe"=
"c:\\Programy\\HP LaserJet 2605\\setup\\hppniprint64.exe"=
"c:\\Programy\\HP LaserJet 2605\\setup\\hppnicifs01.exe"=
"c:\\Programy\\HP LaserJet 2605\\setup\\hpntwkexe.exe"=
"c:\\Programy\\Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Programy\\Total Commander\\totalcmd\\TOTALCMD.EXE"=
"c:\\Programy\\Opera 9\\opera.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [19.1.2010 14:01 207792]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [29.8.2008 14:21 11264]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.9.2009 13:02 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29.9.2009 13:05 96408]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [19.1.2010 14:03 112592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29.9.2009 13:03 735960]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19.1.2010 14:01 359624]
S3 Fdcfrar4;Fdcfrar4;c:\windows\system32\drivers\acpiec.sys [14.4.2008 13:00 11776]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\documents and settings\uživatel\Plocha\SysProtDrv.sys [21.1.2010 15:59 44288]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\programy\Office\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\ws7oxec1.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.prvnizpravy.cz/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&q=

---- NASTAVENÍ FIREFOXU ----
c:\programy\Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
HKLM-Run-SearchSettings - c:\program files\pdfforge Toolbar\SearchSettings.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 16:40
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:58,d9,cb,d2,a7,07,a6,22,1b,c1,78,8b,cc,1d,03,f8,6f,d9,c1,e8,8f,
11,22,1a,4b,d6,e1,de,5e,c7,5a,19,aa,cc,69,51,b6,31,11,1c,d9,da,38,90,61,c8,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:58,d9,cb,d2,a7,07,a6,22,1b,c1,78,8b,cc,1d,03,f8,6f,d9,c1,e8,8f,
11,22,1a,4b,d6,e1,de,5e,c7,5a,19,aa,cc,69,51,b6,31,11,1c,d9,da,38,90,61,c8,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(788)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(3156)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\program files\Spyware Doctor\pctgmhk.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\programy\Ad-Aware\aawservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\Mixer.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-01-21 16:45:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-21 15:45
ComboFix2.txt 2010-01-21 14:44

Před spuštěním: Volných bajtů: 307 987 300 352
Po spuštění: Volných bajtů: 307 857 661 952

- - End Of File - - B0FC716E9752D958EAF77894BCA293AB

[hajos_t]

jjo pravda, chyba...delam to tady na druhem(kamarada) pocitaci, ktery neni na siti..
mam odebrat jeden ze spyware?
jinak spustil sem kontrolu v Malwarebytes, vysledek snad bude ASAP.)

[hajos_t]

odebral sem Ad-aware, prikladam log z Malwarebytes' Anti-Malware...infikovane soubory jsem odstranil
firewal by mel byt resen HW, ale na 100pro to nevim..

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3597
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

21.1.2010 18:09:14
mbam-log-2010-01-21 (18-09-14).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 190727
Uplynulý čas: 1 hour(s), 0 minute(s), 17 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\System Volume Information\_restore{FF367373-A8C4-4741-B6E4-A7B5A6039B44}\RP8\A0008313.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FF367373-A8C4-4741-B6E4-A7B5A6039B44}\RP8\A0008480.sys (Malware.Trace) -> Quarantined and deleted successfully.

[hajos_t]

jjo jasny, zitra se prosim mrkni na ten log...kazdopadne pro dnesek DIK

Logfile of random's system information tool 1.06 (written by random/random)
Run by uživatel at 2010-01-21 20:00:03
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 294 GB (62%) free of 477 GB
Total RAM: 3006 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:32, on 21.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\Programy\HP LaserJet 2605\ToolBoxFX\bin\HPTLBXFX.exe
C:\Programy\HP LaserJet 2605\HP UT\bin\hppusg.exe
C:\Programy\HP LaserJet 2605\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Programy\Spybot Search and Destroy\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programy\HP LaserJet 2605\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\uživatel\Plocha\RSIT.exe
C:\Program Files\trend micro\uživatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programy\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Programy\HP LaserJet 2605\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Programy\HP LaserJet 2605\HP UT\bin\hppusg.exe" "C:\Programy\HP LaserJet 2605\HP UT\"
O4 - HKLM\..\Run: [HP Software Update] C:\Programy\HP LaserJet 2605\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programy\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programy\Spybot Search and Destroy\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programy\HP LaserJet 2605\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Programy\Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/UIVATE~1/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg

--
End of file - 8749 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Programy\SPYBOT~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-01-08 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-01-08 81920]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"ToolBoxFX"=C:\Programy\HP LaserJet 2605\ToolBoxFX\bin\HPTLBXFX.exe [2007-08-22 53248]
"HPUsageTracking"=C:\Programy\HP LaserJet 2605\HP UT\bin\hppusg.exe [2007-10-15 36864]
"HP Software Update"=C:\Programy\HP LaserJet 2605\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"C-Media Mixer"=Mixer.exe /startup []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"QuickTime Task"=C:\Programy\QuickTime\qttask.exe [2008-09-06 413696]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-09-29 2054360]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-11-18 1243088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0"=C:\WINDOWS\system32\advpack.dll [2008-04-14 100352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SpybotSD TeaTimer"=C:\Programy\Spybot Search and Destroy\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Google Update"=C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2008-10-30 133104]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Programy\HP LaserJet 2605\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programy\HP LaserJet 2605\setup\hppniprint01.exe"="C:\Programy\HP LaserJet 2605\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe"
"C:\Programy\HP LaserJet 2605\setup\hppniprint64.exe"="C:\Programy\HP LaserJet 2605\setup\hppniprint64.exe:*:Enabled:hppniprint64.exe"
"C:\Programy\HP LaserJet 2605\setup\hppnicifs01.exe"="C:\Programy\HP LaserJet 2605\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe"
"C:\Programy\HP LaserJet 2605\setup\hpntwkexe.exe"="C:\Programy\HP LaserJet 2605\setup\hpntwkexe.exe:*:Enabled:hpntwkexe.exe"
"C:\Programy\Office\Office12\ONENOTE.EXE"="C:\Programy\Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Outlook Express\msimn.exe"="C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programy\Total Commander\totalcmd\TOTALCMD.EXE"="C:\Programy\Total Commander\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Programy\Opera 9\opera.exe"="C:\Programy\Opera 9\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.txt - open -

======List of files/folders created in the last 1 months======

2010-01-21 16:45:51 ----A---- C:\ComboFix.txt
2010-01-21 15:17:03 ----A---- C:\Boot.bak
2010-01-21 15:16:54 ----RASHD---- C:\cmdcons
2010-01-21 15:13:41 ----A---- C:\WINDOWS\zip.exe
2010-01-21 15:13:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-21 15:13:41 ----A---- C:\WINDOWS\SWSC.exe
2010-01-21 15:13:41 ----A---- C:\WINDOWS\SWREG.exe
2010-01-21 15:13:41 ----A---- C:\WINDOWS\sed.exe
2010-01-21 15:13:41 ----A---- C:\WINDOWS\PEV.exe
2010-01-21 15:13:41 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-21 15:13:41 ----A---- C:\WINDOWS\MBR.exe
2010-01-21 15:13:41 ----A---- C:\WINDOWS\grep.exe
2010-01-21 15:13:31 ----D---- C:\WINDOWS\ERDNT
2010-01-21 15:09:47 ----D---- C:\Qoobox
2010-01-21 13:08:16 ----D---- C:\Program Files\trend micro
2010-01-21 13:08:15 ----D---- C:\rsit
2010-01-19 14:03:45 ----A---- C:\WINDOWS\BDTSupport.dll
2010-01-19 14:03:44 ----A---- C:\WINDOWS\SGDetectionTool.dll
2010-01-19 14:03:44 ----A---- C:\WINDOWS\PCTBDRes.dll
2010-01-19 14:03:44 ----A---- C:\WINDOWS\PCTBDCore.dll
2010-01-19 14:01:36 ----D---- C:\Program Files\Spyware Doctor
2010-01-19 14:01:36 ----D---- C:\Program Files\Common Files\PC Tools
2010-01-19 14:01:36 ----D---- C:\Documents and Settings\uživatel\Data aplikací\PC Tools
2010-01-19 14:01:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2010-01-19 14:01:16 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-19 13:59:34 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Malwarebytes
2010-01-19 13:59:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-01-19 13:59:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-19 13:26:14 ----D---- C:\Program Files\ESET
2010-01-19 13:26:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-01-15 14:53:15 ----D---- C:\Program Files\Alwil Software
2010-01-15 13:56:57 ----D---- C:\public enemy
2010-01-15 12:00:49 ----D---- C:\Documents and Settings\uživatel\Data aplikací\ESTsoft
2010-01-15 12:00:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESTsoft
2010-01-15 12:00:41 ----D---- C:\Program Files\ESTsoft
2010-01-13 12:31:37 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 12:31:31 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 12:20:41 ----D---- C:\Documents and Settings\uživatel\Data aplikací\inkscape
2010-01-13 12:15:21 ----D---- C:\Program Files\Inkscape
2010-01-13 12:13:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Macromedia
2010-01-13 12:13:18 ----D---- C:\Program Files\Macromedia
2010-01-13 12:13:18 ----D---- C:\Program Files\Common Files\Macromedia
2010-01-13 12:12:49 ----D---- C:\WINDOWS\Downloaded Installations
2010-01-05 18:43:33 ----D---- C:\Program Files\Ask.com
2010-01-05 18:43:11 ----D---- C:\Program Files\The KMPlayer

======List of files/folders modified in the last 1 months======

2010-01-21 20:00:26 ----D---- C:\WINDOWS\Prefetch
2010-01-21 20:00:23 ----D---- C:\WINDOWS\Temp
2010-01-21 18:12:37 ----D---- C:\WINDOWS
2010-01-21 18:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-21 18:10:59 ----D---- C:\WINDOWS\system32\drivers
2010-01-21 18:10:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-21 18:10:08 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-21 17:21:07 ----SHD---- C:\WINDOWS\Installer
2010-01-21 17:21:07 ----D---- C:\Program Files\Common Files
2010-01-21 17:21:06 ----D---- C:\Config.Msi
2010-01-21 17:20:56 ----D---- C:\WINDOWS\system32
2010-01-21 16:43:53 ----SD---- C:\WINDOWS\Tasks
2010-01-21 16:37:58 ----A---- C:\WINDOWS\system.ini
2010-01-21 16:34:03 ----D---- C:\WINDOWS\system32\config
2010-01-21 16:32:11 ----D---- C:\Program Files\pdfforge Toolbar
2010-01-21 16:30:42 ----D---- C:\WINDOWS\AppPatch
2010-01-21 15:23:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-21 15:23:44 ----N---- C:\WINDOWS\system32\user32.dll
2010-01-21 15:17:04 ----RASH---- C:\boot.ini
2010-01-21 13:08:16 ----RD---- C:\Program Files
2010-01-21 12:58:27 ----HD---- C:\WINDOWS\inf
2010-01-20 09:05:06 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-19 16:28:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-19 14:14:47 ----D---- C:\Documents and Settings
2010-01-19 14:01:42 ----D---- C:\WINDOWS\WinSxS
2010-01-19 13:25:12 ----SD---- C:\Documents and Settings\uživatel\Data aplikací\Microsoft
2010-01-19 13:16:42 ----A---- C:\WINDOWS\wincmd.ini
2010-01-19 09:26:48 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-01-15 15:54:32 ----SHD---- C:\System Volume Information
2010-01-15 15:54:32 ----D---- C:\WINDOWS\system32\Restore
2010-01-15 15:31:13 ----D---- C:\Program Files\Movie Maker
2010-01-15 14:54:04 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-13 12:31:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-13 12:31:35 ----A---- C:\WINDOWS\imsins.BAK
2010-01-13 12:14:49 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Macromedia
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-09-29 96408]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-09-29 116008]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-01-08 7434336]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 Fdcfrar4;Fdcfrar4; C:\WINDOWS\system32\drivers\acpiec.sys [2008-04-14 11776]
S3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SysProtDrv.sys;SysProtDrv.sys; \??\C:\Documents and Settings\uživatel\Plocha\SysProtDrv.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-01-08 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-08-31 68096]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-09-29 20680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Strpsxy;Strpsxy; C:\WINDOWS\system32\drivers\swmidi.sys [2008-04-13 56576]

-----------------EOF-----------------

[hajos_t]

takze nakonec sem odebral i spyware doktora, chtel po me registraci a nainstaloval sem Spyware terminator...
virus total nic nanasel, poslilam ...
Rozšiřující informace
File size: 11776 bytes
MD5...: afdff022a01f0b11c776f0860c3b282f
SHA1..: 391e5e7f03d5806ba75a2bdbf9e06b9de806170c
SHA256: 135e5257b62d921b76271014301e9ea1e2383d5dbb04e475dc3a7effd2561f56
ssdeep: 192:nWlxS2tUZl301DjseUq1GBChRZEw6pCTO4IygTIChxKkWFbT:n32UHStUxaE
wjq4RCCkWFX
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1d00
timedatestamp.....: 0x3b7d8553 (Fri Aug 17 20:57:55 2001)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x10ba 0x1100 6.27 053b88d5142ea84e21c7c7cdda7f529b
.rdata 0x1400 0x18f 0x200 3.97 fdb813c8982741c7db89f5a52ee8bfcd
.data 0x1600 0xac 0x100 1.72 b55ca904f231528b722088e547c5f5e0
PAGE 0x1700 0x5af 0x600 6.02 f88d52da9e8d975d5e2a08682c5acb92
INIT 0x1d00 0x468 0x480 5.27 ad373d9eff7d28e92ea828bda8bf81ed
.rsrc 0x2180 0xa1c 0xa80 3.86 fb41711fd802ced9ecbabfb2ace94370
.reloc 0x2c00 0x192 0x200 4.58 5b8cfaf344879d93f42d44b031871964

( 3 imports )
> ntoskrnl.exe: IoBuildSynchronousFsdRequest, KeInitializeEvent, IoBuildDeviceIoControlRequest, KeSetEvent, KeInitializeSpinLock, IoCreateDevice, RtlInitUnicodeString, KeInitializeDpc, KeInitializeTimer, IofCallDriver, IoAllocateIrp, IoAttachDeviceToDeviceStack, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, KeCancelTimer, KeSetTimer, ExfInterlockedRemoveHeadList, ExAllocatePoolWithTag, PoStartNextPowerIrp, PoCallDriver, IofCompleteRequest, MmLockPagableDataSection, IoFreeIrp, KeWaitForSingleObject, ExFreePool, IoDeleteDevice, InterlockedExchange, MmUnlockPagableImageSection
> HAL.dll: KeStallExecutionProcessor, KfAcquireSpinLock, WRITE_PORT_UCHAR, KfReleaseSpinLock, READ_PORT_UCHAR, KeQueryPerformanceCounter
> OPRGHDLR.SYS: RegisterOpRegionHandler

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Opera_n_ syst_m Microsoft_ Windows_
description..: Ovlada_ vlo_en_ho _adi_e ACPI
original name: acpiec.sys
internal name: acpiec.sys
file version.: 5.1.2600.0 (xpclient.010817-1148)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

VAROVÁNÍ VAROVÁNÍ: VirusTotal je služba poskytovaná zdarma společnosti Hispasec Sistemas. Kvalita výsledků není nijak zaručena. Výsledky jsou závislé na tvůrci daného produktu. Vysledky testů nemusí být 100% správné. Tyto výsledky nemusí znamenat, že daný soubor je infikován, nebo čistý!

+pridavam log z RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by uživatel at 2010-01-22 11:36:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 294 GB (62%) free of 477 GB
Total RAM: 3006 MB (86% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:51, on 22.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Programy\HP LaserJet 2605\ToolBoxFX\bin\HPTLBXFX.exe
C:\Programy\HP LaserJet 2605\HP UT\bin\hppusg.exe
C:\Programy\HP LaserJet 2605\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Programy\HP LaserJet 2605\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\uživatel\Plocha\RSIT.exe
C:\Program Files\trend micro\uživatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60347
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Programy\HP LaserJet 2605\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Programy\HP LaserJet 2605\HP UT\bin\hppusg.exe" "C:\Programy\HP LaserJet 2605\HP UT\"
O4 - HKLM\..\Run: [HP Software Update] C:\Programy\HP LaserJet 2605\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programy\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programy\HP LaserJet 2605\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Programy\Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/UIVATE~1/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg

--
End of file - 8127 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-01-15 1230288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-01-15 1230288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-01-08 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-01-08 81920]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"ToolBoxFX"=C:\Programy\HP LaserJet 2605\ToolBoxFX\bin\HPTLBXFX.exe [2007-08-22 53248]
"HPUsageTracking"=C:\Programy\HP LaserJet 2605\HP UT\bin\hppusg.exe [2007-10-15 36864]
"HP Software Update"=C:\Programy\HP LaserJet 2605\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"C-Media Mixer"=Mixer.exe /startup []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"QuickTime Task"=C:\Programy\QuickTime\qttask.exe [2008-09-06 413696]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-09-29 2054360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Google Update"=C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2008-10-30 133104]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-01-22 3037696]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Programy\HP LaserJet 2605\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programy\HP LaserJet 2605\setup\hppniprint01.exe"="C:\Programy\HP LaserJet 2605\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe"
"C:\Programy\HP LaserJet 2605\setup\hppniprint64.exe"="C:\Programy\HP LaserJet 2605\setup\hppniprint64.exe:*:Enabled:hppniprint64.exe"
"C:\Programy\HP LaserJet 2605\setup\hppnicifs01.exe"="C:\Programy\HP LaserJet 2605\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe"
"C:\Programy\HP LaserJet 2605\setup\hpntwkexe.exe"="C:\Programy\HP LaserJet 2605\setup\hpntwkexe.exe:*:Enabled:hpntwkexe.exe"
"C:\Programy\Office\Office12\ONENOTE.EXE"="C:\Programy\Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Outlook Express\msimn.exe"="C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programy\Total Commander\totalcmd\TOTALCMD.EXE"="C:\Programy\Total Commander\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Programy\Opera 9\opera.exe"="C:\Programy\Opera 9\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.txt - open -

======List of files/folders created in the last 1 months======

2010-01-22 09:11:45 ----D---- C:\Program Files\Crawler
2010-01-22 09:11:27 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Spyware Terminator
2010-01-22 09:10:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-01-22 09:10:51 ----D---- C:\Program Files\Spyware Terminator
2010-01-21 16:45:51 ----A---- C:\ComboFix.txt
2010-01-21 15:17:03 ----A---- C:\Boot.bak
2010-01-21 15:16:54 ----RASHD---- C:\cmdcons
2010-01-21 15:13:41 ----A---- C:\WINDOWS\zip.exe
2010-01-21 15:13:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-21 15:13:41 ----A---- C:\WINDOWS\SWSC.exe
2010-01-21 15:13:41 ----A---- C:\WINDOWS\SWREG.exe
2010-01-21 15:13:41 ----A---- C:\WINDOWS\sed.exe
2010-01-21 15:13:41 ----A---- C:\WINDOWS\PEV.exe
2010-01-21 15:13:41 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-21 15:13:41 ----A---- C:\WINDOWS\MBR.exe
2010-01-21 15:13:41 ----A---- C:\WINDOWS\grep.exe
2010-01-21 15:13:31 ----D---- C:\WINDOWS\ERDNT
2010-01-21 15:09:47 ----D---- C:\Qoobox
2010-01-21 13:08:16 ----D---- C:\Program Files\trend micro
2010-01-21 13:08:15 ----D---- C:\rsit
2010-01-19 14:01:36 ----D---- C:\Program Files\Spyware Doctor
2010-01-19 14:01:16 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-19 13:59:34 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Malwarebytes
2010-01-19 13:59:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-01-19 13:59:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-19 13:26:14 ----D---- C:\Program Files\ESET
2010-01-19 13:26:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-01-15 14:53:15 ----D---- C:\Program Files\Alwil Software
2010-01-15 13:56:57 ----D---- C:\public enemy
2010-01-15 12:00:49 ----D---- C:\Documents and Settings\uživatel\Data aplikací\ESTsoft
2010-01-15 12:00:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESTsoft
2010-01-15 12:00:41 ----D---- C:\Program Files\ESTsoft
2010-01-13 12:31:37 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 12:31:31 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 12:20:41 ----D---- C:\Documents and Settings\uživatel\Data aplikací\inkscape
2010-01-13 12:15:21 ----D---- C:\Program Files\Inkscape
2010-01-13 12:13:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Macromedia
2010-01-13 12:13:18 ----D---- C:\Program Files\Macromedia
2010-01-13 12:13:18 ----D---- C:\Program Files\Common Files\Macromedia
2010-01-13 12:12:49 ----D---- C:\WINDOWS\Downloaded Installations
2010-01-05 18:43:33 ----D---- C:\Program Files\Ask.com
2010-01-05 18:43:11 ----D---- C:\Program Files\The KMPlayer

======List of files/folders modified in the last 1 months======

2010-01-22 11:32:22 ----D---- C:\WINDOWS\Temp
2010-01-22 11:26:33 ----D---- C:\WINDOWS\Prefetch
2010-01-22 09:50:26 ----D---- C:\WINDOWS
2010-01-22 09:49:32 ----D---- C:\Program Files\Common Files
2010-01-22 09:47:42 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-22 09:47:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-22 09:11:45 ----RD---- C:\Program Files
2010-01-22 09:11:37 ----D---- C:\WINDOWS\system32\drivers
2010-01-22 09:09:20 ----HD---- C:\WINDOWS\inf
2010-01-22 09:08:19 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-22 09:00:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-21 18:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-21 17:21:07 ----SHD---- C:\WINDOWS\Installer
2010-01-21 17:21:06 ----D---- C:\Config.Msi
2010-01-21 17:20:56 ----D---- C:\WINDOWS\system32
2010-01-21 16:43:53 ----SD---- C:\WINDOWS\Tasks
2010-01-21 16:37:58 ----A---- C:\WINDOWS\system.ini
2010-01-21 16:34:03 ----D---- C:\WINDOWS\system32\config
2010-01-21 16:32:11 ----D---- C:\Program Files\pdfforge Toolbar
2010-01-21 16:30:42 ----D---- C:\WINDOWS\AppPatch
2010-01-21 15:23:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-21 15:23:44 ----N---- C:\WINDOWS\system32\user32.dll
2010-01-21 15:17:04 ----RASH---- C:\boot.ini
2010-01-20 09:05:06 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-19 16:28:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-19 14:14:47 ----D---- C:\Documents and Settings
2010-01-19 14:01:42 ----D---- C:\WINDOWS\WinSxS
2010-01-19 13:25:12 ----SD---- C:\Documents and Settings\uživatel\Data aplikací\Microsoft
2010-01-19 13:16:42 ----A---- C:\WINDOWS\wincmd.ini
2010-01-19 09:26:48 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-01-15 15:54:32 ----SHD---- C:\System Volume Information
2010-01-15 15:54:32 ----D---- C:\WINDOWS\system32\Restore
2010-01-15 15:31:13 ----D---- C:\Program Files\Movie Maker
2010-01-15 14:54:04 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-13 12:31:35 ----A---- C:\WINDOWS\imsins.BAK
2010-01-13 12:14:49 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Macromedia
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-09-29 96408]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-09-29 116008]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-01-08 7434336]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 Fdcfrar4;Fdcfrar4; C:\WINDOWS\system32\drivers\acpiec.sys [2008-04-14 11776]
S3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SysProtDrv.sys;SysProtDrv.sys; \??\C:\Documents and Settings\uživatel\Plocha\SysProtDrv.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-01-08 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-01-22 488960]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-08-31 68096]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-09-29 20680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Strpsxy;Strpsxy; C:\WINDOWS\system32\drivers\swmidi.sys [2008-04-13 56576]

-----------------EOF-----------------

PC bzch rekl ye uy se chova celkem standartne, NOD32 uy infekci nehlasi, jak mam postupovat dal? DIK

[hajos_t]

dekuji!..

[hajos_t]

Tak tady to je, fna firewall sem se ptal ten je pry hw takye to nemusim resit..

ComboFix 10-01-20.05 - uživatel 22.01.2010 12:16:23.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3006.2562 [GMT 1:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\tomas\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-22 do 2010-01-22 )))))))))))))))))))))))))))))))
.

2010-01-22 08:11 . 2010-01-22 08:12 -------- d-----w- c:\program files\Crawler
2010-01-22 08:11 . 2010-01-22 08:11 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-22 08:10 . 2010-01-22 08:14 -------- d-----w- c:\program files\Spyware Terminator
2010-01-21 17:05 . 2010-01-21 17:05 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-01-21 12:08 . 2010-01-22 10:55 -------- d-----w- c:\program files\trend micro
2010-01-21 12:08 . 2010-01-21 12:08 -------- d-----w- C:\rsit
2010-01-19 13:01 . 2010-01-22 08:49 -------- d-----w- c:\program files\Spyware Doctor
2010-01-19 12:59 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 12:59 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 12:59 . 2010-01-19 12:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 12:26 . 2010-01-19 12:26 -------- d-----w- c:\program files\ESET
2010-01-15 13:53 . 2010-01-15 13:53 -------- d-----w- c:\program files\Alwil Software
2010-01-15 12:56 . 2010-01-15 12:59 -------- d-----w- C:\public enemy
2010-01-15 11:00 . 2010-01-15 11:00 -------- d-----w- c:\program files\ESTsoft
2010-01-13 11:15 . 2010-01-13 11:19 -------- d-----w- c:\program files\Inkscape
2010-01-13 11:13 . 2010-01-13 11:13 -------- d-----w- c:\program files\Macromedia
2010-01-13 11:13 . 2010-01-13 11:13 -------- d-----w- c:\program files\Common Files\Macromedia
2010-01-13 11:12 . 2010-01-13 11:12 -------- d-----w- c:\windows\Downloaded Installations
2010-01-05 17:43 . 2010-01-21 15:31 -------- d-----w- c:\program files\Ask.com
2010-01-05 17:43 . 2010-01-05 17:43 -------- d-----w- c:\program files\The KMPlayer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 15:32 . 2009-02-10 07:19 -------- d-----w- c:\program files\pdfforge Toolbar
2010-01-21 14:23 . 2008-04-14 12:00 578560 ------w- c:\windows\system32\user32.dll
2010-01-19 15:28 . 2008-04-14 12:00 62138 ----a-w- c:\windows\system32\perfc005.dat
2010-01-19 15:28 . 2008-04-14 12:00 379568 ----a-w- c:\windows\system32\perfh005.dat
2009-12-07 13:19 . 2009-12-07 13:18 -------- d-----w- c:\program files\DVD Shrink
2009-12-03 14:07 . 2009-05-11 07:57 -------- d-----w- c:\program files\Java
2009-12-02 10:18 . 2009-12-02 10:11 -------- d-----w- c:\program files\MediaCoder
2009-12-02 10:17 . 2009-12-02 10:17 -------- d-----w- c:\program files\DVD Flick
2009-12-02 09:56 . 2009-12-02 09:56 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-12-02 09:56 . 2009-12-02 09:56 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-12-02 09:56 . 2009-12-02 09:56 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-11-30 09:30 . 2009-11-30 09:28 8 ----a-w- c:\windows\system32\nvModes.dat
2009-11-21 16:03 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 05:26 . 2008-04-14 12:00 668160 ------w- c:\windows\system32\wininet.dll
2009-09-01 07:49 . 2009-09-01 07:49 4926536 ----a-w- c:\program files\flv-non-hd-encoderV3.0.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-01-21_14.41.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-22 08:50 . 2010-01-22 08:50 16384 c:\windows\Temp\Perflib_Perfdata_61c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-10-30 133104]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-22 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
"nwiz"="nwiz.exe" [2008-01-08 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ToolBoxFX"="c:\programy\HP LaserJet 2605\ToolBoxFX\bin\HPTLBXFX.exe" [2007-08-22 53248]
"HPUsageTracking"="c:\programy\HP LaserJet 2605\HP UT\bin\hppusg.exe" [2007-10-15 36864]
"HP Software Update"="c:\programy\HP LaserJet 2605\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"QuickTime Task"="c:\programy\QuickTime\qttask.exe" [2008-09-06 413696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\programy\HP LaserJet 2605\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programy\\HP LaserJet 2605\\setup\\hppniprint01.exe"=
"c:\\Programy\\HP LaserJet 2605\\setup\\hppniprint64.exe"=
"c:\\Programy\\HP LaserJet 2605\\setup\\hppnicifs01.exe"=
"c:\\Programy\\HP LaserJet 2605\\setup\\hpntwkexe.exe"=
"c:\\Programy\\Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Programy\\Total Commander\\totalcmd\\TOTALCMD.EXE"=
"c:\\Programy\\Opera 9\\opera.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [29.8.2008 14:21 11264]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.9.2009 13:02 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29.9.2009 13:05 96408]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [22.1.2010 9:11 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29.9.2009 13:03 735960]
S3 Fdcfrar4;Fdcfrar4;c:\windows\system32\drivers\acpiec.sys [14.4.2008 13:00 11776]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\documents and settings\uživatel\Plocha\SysProtDrv.sys [21.1.2010 15:59 44288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\programy\Office\Office12\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\ws7oxec1.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.prvnizpravy.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60347&qkw=
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\programy\Opera 9\program\plugins\npdsplay.dll
FF - plugin: c:\programy\Opera 9\program\plugins\NPOFF12.DLL
FF - plugin: c:\programy\Opera 9\program\plugins\NPSWF32.dll
FF - plugin: c:\programy\Opera 9\program\plugins\npwmsdrm.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin7.dll

---- NASTAVENÍ FIREFOXU ----
c:\programy\Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:58,d9,cb,d2,a7,07,a6,22,1b,c1,78,8b,cc,1d,03,f8,6f,d9,c1,e8,8f,
11,22,1a,4b,d6,e1,de,5e,c7,5a,19,aa,cc,69,51,b6,31,11,1c,d9,da,38,90,61,c8,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:58,d9,cb,d2,a7,07,a6,22,1b,c1,78,8b,cc,1d,03,f8,6f,d9,c1,e8,8f,
11,22,1a,4b,d6,e1,de,5e,c7,5a,19,aa,cc,69,51,b6,31,11,1c,d9,da,38,90,61,c8,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(2488)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Celkový čas: 2010-01-22 12:23:04
ComboFix-quarantined-files.txt 2010-01-22 11:23
ComboFix2.txt 2010-01-21 15:45
ComboFix3.txt 2010-01-21 14:44

Před spuštěním: Volných bajtů: 307 867 361 280
Po spuštění: Volných bajtů: 307 879 079 936

- - End Of File - - FACC197E0C5194E9BC3F0D935EDC1C66

[hajos_t]

uff pri podkusu smazat driver na SysProt pise OpenService FAILED 1060 ... co s tim?

[hajos_t]

prave ze ne, prikladam printscreen http://ulozto.cz/3746368/pntscr.jpg
jinak uploaduju qoobox.zip na ulozto.cz snad to bude co nevidet

[hajos_t]

ok..

[hajos_t]

a jeste teda ten zip, bohuzel to nemam kam jinam hodit nez na ulozto...(

http://ulozto.cz/3746593/qoobox.zip

[hajos_t]

.) aha...
takze hotovo, vse sem procistil dle navodu...vse se zda byt v poradku
Velky dik patri tobe i vasemu foru!

Posilam SMS! A jeste jednou, DEKUJU za pomoc!