VIRY.CZ

Dobrý den,avast mi hlásí nebezpečný vir v operační paměti!!!!Prosím o kontrolu logu.Děkuji!

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pajda at 2010-03-01 19:17:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (65%) free of 20 GB
Total RAM: 1023 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:17:31, on 1.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Stažené\RSIT.exe
C:\Program Files\trend micro\Pajda.exe
C:\WINDOWS\SoftwareDistribution\Download\36a403eae405ef97aa0ef64c1d6bb90c\update\update.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pegi.info/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

--
End of file - 3491 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-11-04 7307264]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-11-04 86016]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-03-29 79224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{800ccbf8-2521-11df-8a66-924316496927}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - F:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{800ccbf9-2521-11df-8a66-924316496927}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - H:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{800ccbfa-2521-11df-8a66-924316496927}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - F:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{800ccbfb-2521-11df-8a66-924316496927}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - H:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b2e4918-2471-11df-8a61-ddb285090627}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - F:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b96ecfb6-215e-11df-8a59-ec8ef7409126}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - Recycled\ctfmon.exe

======List of files/folders created in the last 1 months======

2010-03-01 19:17:16 ----D---- C:\Program Files\trend micro
2010-03-01 19:17:15 ----D---- C:\rsit
2010-03-01 19:17:08 ----D---- C:\WINDOWS\LastGood
2010-03-01 18:55:46 ----D---- C:\WINDOWS\system32\PreInstall
2010-03-01 18:55:43 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-03-01 18:55:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-01 18:42:53 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2010-03-01 18:42:53 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2010-03-01 18:42:53 ----A---- C:\WINDOWS\system32\MFC71.dll
2010-03-01 18:42:53 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-01 18:42:43 ----D---- C:\Program Files\Alwil Software
2010-03-01 15:49:37 ----D---- C:\Documents and Settings\Pajda\Data aplikací\Macromedia
2010-03-01 15:49:37 ----D---- C:\Documents and Settings\Pajda\Data aplikací\Adobe
2010-03-01 15:48:42 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-03-01 12:31:59 ----D---- C:\Documents and Settings\Pajda\Data aplikací\Apple Computer
2010-02-28 16:06:50 ----D---- C:\Program Files\Eidos
2010-02-28 15:58:36 ----D---- C:\Program Files\Common Files\EasyInfo
2010-02-28 15:33:42 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2010-02-28 15:33:31 ----D---- C:\WINDOWS\RegisteredPackages
2010-02-28 15:33:14 ----A---- C:\WINDOWS\system32\psisdecd.dll
2010-02-28 15:33:11 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2010-02-28 15:13:48 ----D---- C:\Program Files\QuickTime
2010-02-28 15:13:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-02-28 15:13:35 ----D---- C:\Program Files\Apple Software Update
2010-02-28 15:13:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2010-02-28 15:06:08 ----D---- C:\Program Files\Total video converter
2010-02-28 15:01:06 ----D---- C:\Program Files\DAEMON Tools Lite
2010-02-28 15:00:45 ----D---- C:\Documents and Settings\Pajda\Data aplikací\DAEMON Tools Lite
2010-02-28 15:00:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-02-28 15:00:18 ----RSHD---- C:\Recycled
2010-02-24 18:23:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2010-02-24 18:21:41 ----D---- C:\WINDOWS\pss
2010-02-24 17:37:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-24 17:37:54 ----A---- C:\WINDOWS\system32\CSVer.dll
2010-02-24 17:37:52 ----D---- C:\Program Files\Intel
2010-02-24 17:37:37 ----D---- C:\Intel
2010-02-24 17:36:35 ----D---- C:\WINDOWS\nview
2010-02-24 17:36:35 ----A---- C:\WINDOWS\system32\nvudisp.exe
2010-02-24 17:35:26 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-24 17:35:14 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2010-02-24 17:33:44 ----D---- C:\NVIDIA
2010-02-24 17:20:24 ----D---- C:\Program Files\Mozilla Firefox
2010-02-24 17:17:10 ----D---- C:\Program Files\Photodex Presenter
2010-02-24 17:17:10 ----D---- C:\Documents and Settings\Pajda\Data aplikací\Netscape
2010-02-24 17:17:10 ----D---- C:\Documents and Settings\Pajda\Data aplikací\Mozilla
2010-02-24 17:17:03 ----D---- C:\Program Files\Photodex
2010-02-24 17:16:42 ----D---- C:\Documents and Settings\Pajda\Data aplikací\Photodex
2010-02-24 17:14:03 ----A---- C:\WINDOWS\system32\ChCfg.exe
2010-02-24 17:13:38 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-02-24 17:13:26 ----D---- C:\Program Files\Realtek AC97
2010-02-24 17:13:26 ----A---- C:\WINDOWS\system32\RTLCPL.exe
2010-02-24 17:13:24 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2010-02-24 17:13:24 ----A---- C:\WINDOWS\soundman.exe
2010-02-24 17:13:23 ----A---- C:\WINDOWS\alcupd.exe
2010-02-24 17:13:23 ----A---- C:\WINDOWS\Alcrmv.exe
2010-02-24 17:10:32 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-02-24 17:10:29 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-02-24 17:10:17 ----D---- C:\Program Files\Windows Media Connect 2
2010-02-24 17:10:08 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-02-24 17:09:42 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-02-24 17:09:22 ----D---- C:\WINDOWS\system32\LogFiles
2010-02-24 17:09:18 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-02-24 17:09:16 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-02-24 17:09:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2010-02-23 20:43:04 ----D---- C:\Program Files\hry
2010-02-23 20:42:36 ----D---- C:\Documents and Settings\Pajda\Data aplikací\WinRAR
2010-02-23 20:42:23 ----D---- C:\Program Files\WinRAR
2010-02-23 20:27:39 ----SHD---- C:\RECYCLER
2010-02-23 20:24:58 ----A---- C:\WINDOWS\system32\wpa.bak
2010-02-23 20:11:19 ----D---- C:\Documents and Settings\Pajda\Data aplikací\Identities
2010-02-23 20:11:17 ----HD---- C:\Program Files\Uninstall Information
2010-02-23 20:11:10 ----ASH---- C:\Documents and Settings\Pajda\Data aplikací\desktop.ini
2010-02-23 20:11:09 ----SD---- C:\Documents and Settings\Pajda\Data aplikací\Microsoft
2010-02-23 20:10:03 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-23 20:10:02 ----SD---- C:\WINDOWS\system32\Microsoft
2010-02-23 20:10:02 ----D---- C:\WINDOWS\Prefetch
2010-02-23 20:10:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-23 20:05:55 ----D---- C:\WINDOWS\system32\xircom
2010-02-23 20:05:55 ----D---- C:\Program Files\xerox
2010-02-23 20:05:55 ----D---- C:\Program Files\microsoft frontpage
2010-02-23 20:05:29 ----A---- C:\WINDOWS\control.ini
2010-02-23 20:05:29 ----A---- C:\AUTOEXEC.BAT
2010-02-23 20:05:11 ----A---- C:\WINDOWS\OEWABLog.txt
2010-02-23 20:05:07 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-02-23 20:04:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-23 20:04:09 ----RD---- C:\WINDOWS\Offline Web Pages
2010-02-23 20:04:09 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-02-23 20:04:01 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-02-23 20:03:57 ----HD---- C:\Program Files\WindowsUpdate
2010-02-23 20:03:53 ----D---- C:\Program Files\Online Services
2010-02-23 20:03:38 ----D---- C:\WINDOWS\system32\DirectX
2010-02-23 20:03:33 ----A---- C:\WINDOWS\system32\atrace.dll
2010-02-23 20:03:31 ----A---- C:\WINDOWS\system32\desktop.ini
2010-02-23 20:03:31 ----A---- C:\WINDOWS\desktop.ini
2010-02-23 20:03:26 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-02-23 20:03:25 ----D---- C:\Program Files\Common Files\Services
2010-02-23 20:03:25 ----A---- C:\WINDOWS\system32\acctres.dll
2010-02-23 20:03:23 ----SD---- C:\WINDOWS\Tasks
2010-02-23 20:03:23 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-02-23 20:03:22 ----D---- C:\Program Files\Common Files\MSSoap
2010-02-23 20:03:19 ----D---- C:\WINDOWS\srchasst
2010-02-23 20:03:18 ----D---- C:\WINDOWS\system32\Macromed
2010-02-23 20:03:16 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-02-23 20:03:16 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-02-23 20:03:16 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-02-23 20:03:16 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-02-23 20:03:15 ----A---- C:\WINDOWS\system32\wups.dll
2010-02-23 20:03:15 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-02-23 20:03:15 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-02-23 20:03:15 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-02-23 20:03:15 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-02-23 20:03:15 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-02-23 20:03:15 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-02-23 20:03:15 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2010-02-23 20:03:15 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-02-23 20:03:15 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-02-23 20:03:12 ----D---- C:\Program Files\Movie Maker
2010-02-23 20:02:58 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-02-23 20:02:58 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-02-23 20:02:58 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-02-23 20:02:58 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-02-23 20:02:55 ----D---- C:\WINDOWS\system32\Restore
2010-02-23 20:02:55 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-02-23 20:02:55 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-02-23 20:02:55 ----A---- C:\WINDOWS\system32\srclient.dll
2010-02-23 20:02:55 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-02-23 20:02:55 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-02-23 20:02:54 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-02-23 20:02:54 ----A---- C:\WINDOWS\system32\msconf.dll
2010-02-23 20:02:54 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-02-23 20:02:54 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-02-23 20:02:54 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-02-23 20:02:54 ----A---- C:\WINDOWS\system32\ils.dll
2010-02-23 20:02:52 ----D---- C:\Program Files\NetMeeting
2010-02-23 20:02:52 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-02-23 20:02:51 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-02-23 20:02:51 ----A---- C:\WINDOWS\system32\inetres.dll
2010-02-23 20:02:50 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-02-23 20:02:49 ----D---- C:\Program Files\Outlook Express
2010-02-23 20:02:49 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-02-23 20:02:49 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-02-23 20:02:49 ----A---- C:\WINDOWS\system32\mstask.dll
2010-02-23 20:02:48 ----A---- C:\WINDOWS\system32\isign32.dll
2010-02-23 20:02:48 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-02-23 20:02:48 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-02-23 20:02:48 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-02-23 20:02:44 ----D---- C:\Program Files\Common Files\System
2010-02-23 20:02:43 ----D---- C:\Program Files\Internet Explorer
2010-02-23 20:01:59 ----D---- C:\Program Files\ComPlus Applications
2010-02-23 20:01:57 ----A---- C:\WINDOWS\vbaddin.ini
2010-02-23 20:01:57 ----A---- C:\WINDOWS\vb.ini
2010-02-23 20:01:52 ----D---- C:\WINDOWS\Registration
2010-02-23 20:01:43 ----D---- C:\Program Files\Windows Media Player
2010-02-23 20:01:37 ----D---- C:\Program Files\Messenger
2010-02-23 20:01:34 ----D---- C:\Program Files\MSN Gaming Zone
2010-02-23 20:01:34 ----A---- C:\WINDOWS\system32\write.exe
2010-02-23 20:01:27 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-02-23 20:01:27 ----A---- C:\WINDOWS\system32\hticons.dll
2010-02-23 20:01:27 ----A---- C:\WINDOWS\system32\avwav.dll
2010-02-23 20:01:27 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-02-23 20:01:27 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-02-23 20:01:26 ----A---- C:\WINDOWS\system32\winchat.exe
2010-02-23 20:01:22 ----A---- C:\WINDOWS\system32\getuname.dll
2010-02-23 20:01:21 ----A---- C:\WINDOWS\system32\winmine.exe
2010-02-23 20:01:21 ----A---- C:\WINDOWS\system32\sol.exe
2010-02-23 20:01:21 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-02-23 20:01:21 ----A---- C:\WINDOWS\system32\charmap.exe
2010-02-23 20:01:21 ----A---- C:\WINDOWS\system32\calc.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\tskill.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\tscon.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\shadow.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\reset.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\regini.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\msg.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\logoff.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\freecell.exe
2010-02-23 20:01:19 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-02-23 20:01:19 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-02-23 20:01:15 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-02-23 20:01:14 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-02-23 20:01:14 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-02-23 20:01:14 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-02-23 20:01:14 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-02-23 20:01:13 ----D---- C:\Program Files\Windows NT
2010-02-23 20:01:13 ----A---- C:\WINDOWS\system32\spider.exe
2010-02-23 20:01:13 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-02-23 20:01:13 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-02-23 20:01:12 ----A---- C:\WINDOWS\system32\tsgqec.dll
2010-02-23 20:01:12 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-02-23 20:01:12 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2010-02-23 20:01:12 ----A---- C:\WINDOWS\system32\aaclient.dll
2010-02-23 20:01:11 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-02-23 20:01:11 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-02-23 20:01:11 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-02-23 20:01:11 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-02-23 20:01:11 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-02-23 20:01:11 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-02-23 20:01:10 ----D---- C:\WINDOWS\system32\MsDtc
2010-02-23 20:01:10 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-02-23 20:01:10 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-02-23 20:01:10 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-02-23 20:01:10 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-02-23 20:01:10 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-02-23 20:01:10 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-02-23 20:01:10 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-02-23 20:01:10 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-02-23 20:01:10 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-02-23 20:01:10 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-02-23 20:01:09 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-02-23 20:01:09 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-02-23 20:01:09 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-02-23 20:01:09 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-02-23 20:01:09 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-02-23 20:01:08 ----D---- C:\WINDOWS\system32\Com
2010-02-23 20:01:08 ----A---- C:\WINDOWS\system32\stclient.dll
2010-02-23 20:01:08 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-02-23 20:01:08 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-02-23 20:01:08 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-02-23 20:01:08 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-02-23 20:01:08 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-02-23 20:01:08 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-02-23 20:01:08 ----A---- C:\WINDOWS\system32\colbact.dll
2010-02-23 20:01:08 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-02-23 20:01:07 ----A---- C:\WINDOWS\system32\comuid.dll
2010-02-23 20:01:07 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-02-23 20:01:07 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-02-23 20:01:07 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-02-23 20:01:07 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-02-23 20:01:06 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-02-23 20:01:06 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-02-23 20:01:01 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-02-23 20:01:01 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-02-23 20:01:01 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-02-23 20:01:01 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2010-03-01 19:17:32 ----D---- C:\WINDOWS
2010-03-01 19:17:28 ----HD---- C:\WINDOWS\inf
2010-03-01 19:17:16 ----RD---- C:\Program Files
2010-03-01 19:17:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-01 19:16:55 ----D---- C:\WINDOWS\Temp
2010-03-01 19:13:02 ----SH---- C:\boot.ini
2010-03-01 19:13:02 ----A---- C:\WINDOWS\win.ini
2010-03-01 19:13:02 ----A---- C:\WINDOWS\system.ini
2010-03-01 18:55:46 ----D---- C:\WINDOWS\system32
2010-03-01 18:53:25 ----D---- C:\WINDOWS\system32\config
2010-03-01 18:45:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-01 18:43:13 ----D---- C:\WINDOWS\system32\drivers
2010-03-01 18:41:08 ----D---- C:\WINDOWS\system
2010-03-01 15:48:49 ----D---- C:\WINDOWS\Help
2010-03-01 13:19:29 ----SHD---- C:\WINDOWS\Installer
2010-03-01 13:19:11 ----D---- C:\Documents and Settings
2010-02-28 15:58:36 ----D---- C:\Program Files\Common Files
2010-02-28 15:24:51 ----A---- C:\WINDOWS\imsins.BAK
2010-02-28 15:07:21 ----RSD---- C:\WINDOWS\Fonts
2010-02-24 17:13:23 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-23 20:25:07 ----A---- C:\WINDOWS\setuplog.txt
2010-02-23 20:11:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-23 20:11:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-23 20:10:04 ----SHD---- C:\System Volume Information
2010-02-23 20:05:55 ----D---- C:\WINDOWS\system32\wbem
2010-02-23 20:05:55 ----D---- C:\WINDOWS\security
2010-02-23 20:05:55 ----D---- C:\WINDOWS\repair
2010-02-23 20:05:55 ----D---- C:\WINDOWS\ime
2010-02-23 20:05:07 ----A---- C:\WINDOWS\ODBCINST.INI
2010-02-23 20:04:51 ----D---- C:\WINDOWS\system32\ias
2010-02-23 20:04:13 ----RD---- C:\WINDOWS\Web
2010-02-23 20:03:09 ----D---- C:\WINDOWS\system32\oobe
2010-02-23 20:02:58 ----D---- C:\WINDOWS\pchealth
2010-02-23 20:01:31 ----D---- C:\WINDOWS\Cursors
2010-02-23 20:01:13 ----D---- C:\WINDOWS\system32\cs-cz
2010-02-23 20:00:25 ----D---- C:\WINDOWS\system32\spool

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-03-29 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 75856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-03-29 42912]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-03-29 94544]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-03-29 23152]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-11-04 3532544]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 ajndpcv2;ajndpcv2; C:\WINDOWS\system32\drivers\ajndpcv2.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-03-29 17272]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-03-29 144760]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-11-04 131139]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [2010-02-24 181312]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-03-29 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-03-29 345464]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Zdravím

Na logu se pracuje, prosím o strpení.

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Obrázek

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Obrázek

Vložte do PC všechny flash disky, které používáte.

Obrázek

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Obrázek

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Obrázek

Během skenování může být počítač restartován.

Děkuji mockrát za rychlou odpověď!! Tady je log z CoboFixu-

ComboFix 10-03-01.01 - Pajda 01.03.2010 20:25:08.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.714 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pajda\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1169 [VPS 100301-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\recycled\Recycled
c:\windows\system32\ieuinit.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-01 do 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-03-01 18:51 . 2008-04-13 23:15 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2010-03-01 18:51 . 2008-04-13 23:15 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2010-03-01 18:17 . 2010-03-01 18:17 -------- d-----w- c:\program files\trend micro
2010-03-01 17:55 . 2010-03-01 18:17 -------- d--h--w- c:\windows\$hf_mig$
2010-03-01 17:43 . 2008-03-29 18:29 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-01 17:43 . 2008-03-29 18:27 42912 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-01 17:43 . 2008-03-29 18:26 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-01 17:43 . 2008-03-29 18:35 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-01 17:43 . 2008-03-29 18:31 75856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-01 17:43 . 2008-03-29 18:23 95608 ----a-w- c:\windows\system32\AvastSS.scr
2010-03-01 17:43 . 2008-03-29 18:35 94544 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-01 17:43 . 2008-01-17 16:34 93264 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-01 17:42 . 2008-03-29 18:45 1146232 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-01 17:42 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2010-03-01 17:42 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2010-03-01 17:42 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2010-03-01 17:42 . 2010-03-01 17:42 -------- d-----w- c:\program files\Alwil Software
2010-03-01 14:42 . 2008-04-13 21:05 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2010-03-01 14:42 . 2008-04-13 21:05 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-02-28 15:06 . 2010-02-28 15:06 -------- d-----w- c:\program files\Eidos
2010-02-28 14:58 . 2010-02-28 14:58 -------- d-----w- c:\program files\Common Files\EasyInfo
2010-02-28 14:13 . 2010-02-28 14:14 -------- d-----w- c:\program files\QuickTime
2010-02-28 14:13 . 2010-02-28 14:13 -------- d-----w- c:\program files\Apple Software Update
2010-02-28 14:06 . 2010-02-28 14:08 -------- d-----w- c:\program files\Total video converter
2010-02-28 14:01 . 2010-02-28 14:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-28 14:01 . 2010-02-28 14:01 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-24 16:37 . 2010-02-24 16:37 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-24 16:37 . 2009-12-14 11:33 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-02-24 16:37 . 2010-02-24 16:37 -------- d-----w- c:\program files\Intel
2010-02-24 16:37 . 2010-02-24 16:37 -------- d-----w- C:\Intel
2010-02-24 16:36 . 2010-02-24 17:20 -------- d-----w- c:\windows\nview
2010-02-24 16:36 . 2005-11-04 17:03 180224 ----a-w- c:\windows\system32\nvudisp.exe
2010-02-24 16:35 . 2005-11-04 18:03 180224 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-02-24 16:33 . 2010-02-24 16:33 -------- d-----w- C:\NVIDIA
2010-02-24 16:20 . 2010-02-24 16:20 0 ----a-w- c:\windows\nsreg.dat
2010-02-24 16:17 . 2010-02-24 16:17 -------- d-----w- c:\program files\Photodex Presenter
2010-02-24 16:17 . 2010-02-24 16:17 -------- d-----w- c:\program files\Photodex
2010-02-24 16:14 . 2006-08-01 14:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2010-02-24 16:10 . 2001-12-31 23:08 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-24 16:09 . 2010-02-24 16:09 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-02-24 16:09 . 2010-02-24 16:09 -------- d-----w- c:\windows\system32\LogFiles
2010-02-24 16:09 . 2006-09-25 16:58 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2010-02-24 16:07 . 2008-04-13 23:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 13:34 . 2010-02-23 19:43 -------- d-----w- c:\program files\hry
2010-02-24 16:13 . 2010-02-24 16:13 -------- d-----w- c:\program files\Realtek AC97
2010-02-24 16:13 . 2002-01-01 03:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-23 19:11 . 2008-04-14 12:00 46016 ----a-w- c:\windows\system32\perfc005.dat
2010-02-23 19:11 . 2008-04-14 12:00 309716 ----a-w- c:\windows\system32\perfh005.dat
2010-02-23 19:05 . 2010-02-23 19:05 -------- d-----w- c:\program files\microsoft frontpage
2010-02-23 19:02 . 2010-02-23 19:02 21812 ----a-w- c:\windows\system32\emptyregdb.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-04 7307264]
"nwiz"="nwiz.exe" [2005-11-04 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-04 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 05:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.2.2010 15:01 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.3.2010 18:43 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.3.2010 18:43 20560]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.pegi.info/
FF - ProfilePath - c:\documents and settings\Pajda\Data aplikací\Mozilla\Firefox\Profiles\wf68twgf.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
AddRemove-Caveman Adventures - c:\program files\Caveman\Uninstal.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-Open Transport Tycoon Deluxe 0.5.1 - c:\program files\hry\Uninstal.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-01 20:31
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sphe.sys >>UNKNOWN [0x8678E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7892f28
\Driver\ACPI -> ACPI.sys @ 0xf76dacb8
\Driver\atapi -> atapi.sys @ 0xf766fb40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7579bd4
PacketIndicateHandler -> NDIS.sys @ 0xf7585a21
SendHandler -> NDIS.sys @ 0xf7579d44
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-839522115-220523388-1606980848-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2092)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Photodex\ProShowProducer\ScsiAccess.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\RunDll32.exe
c:\windows\Mixer.exe
.
**************************************************************************
.
Celkový čas: 2010-03-01 20:34:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-01 19:34

Před spuštěním: Volných bajtů: 13 798 379 520
Po spuštění: Volných bajtů: 13 860 278 272

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Odinstalujte všechny emulátory virtuálních mechanik

Obrázek

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
zvolte možnost Uninstall a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Obrázek

Start > Spustit (Win + R)

Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

Klikněte na OK

Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

Log z MBR:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

Log Gmer,rychly scan:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-02 16:06:38
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Pajda\LOCALS~1\Temp\pxtdapow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

Log Gmer,kompletni scan:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-02 16:25:55
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Pajda\LOCALS~1\Temp\pxtdapow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF5BF9D98]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF5BF9CB8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF5BFA12A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF5BF98AA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF5BF9D2E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF5BF97C8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF5BF983C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF5BF9E42]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF5BF9E02]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF5BF9F84]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF72D5360, 0x204E5D, 0xE8000020]
? C:\DOCUME~1\Pajda\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2392] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[596] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[596] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5F 0xE6 0xF8 0x5C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5F 0xE6 0xF8 0x5C ...

---- EOF - GMER 1.0.15 ----

Jak to vypadá s PC

Při kontrole avast našel viry na tomhle umistění C:\System Volume Information\_restore{9563DE02-EBFD-4D08-A60F-F914921E9608}\RP16 tak sem je přesunul do truhly!!!

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall
stiskněte Enter

Obrázek

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

Spusťte.
Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít

Dejte nový log z RSIT.

Tady je log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pajda at 2010-03-02 16:58:49
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (65%) free of 20 GB
Total RAM: 1023 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:56, on 2.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Pajda\Plocha\RSIT.exe
C:\Program Files\trend micro\Pajda.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pegi.info/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ Lite - {E59EB121-F339-4851-A3BA-FE49C35617C2} - ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {E59EB121-F339-4851-A3BA-FE49C35617C2} - ICQ.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

--
End of file - 3867 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-11-04 7307264]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-11-04 86016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"C-Media Mixer"=Mixer.exe /startup []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQ.exe"="C:\Program Files\ICQLite\ICQ.exe:*:Enabled:ICQ Lite"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-02 16:58:49 ----D---- C:\rsit
2010-03-02 16:58:49 ----D---- C:\Program Files\trend micro
2010-03-02 16:54:03 ----D---- C:\Program Files\CCleaner
2010-03-02 16:28:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-03-02 16:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-03-02 16:28:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-03-02 16:28:10 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2010-03-02 16:27:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-03-02 16:27:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-03-02 07:41:40 ----D---- C:\WINDOWS\ie8updates
2010-03-02 07:40:48 ----D---- C:\WINDOWS\WBEM
2010-03-02 07:39:34 ----HDC---- C:\WINDOWS\ie8
2010-03-02 07:38:36 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-02 00:39:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-03-02 00:39:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-03-02 00:39:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-03-02 00:39:01 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-03-02 00:38:54 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-03-02 00:38:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-03-02 00:38:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-03-02 00:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-03-02 00:38:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-03-02 00:38:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-03-02 00:37:48 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-03-02 00:37:39 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-03-02 00:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-03-02 00:37:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-03-02 00:37:17 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-03-02 00:37:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-03-02 00:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-03-02 00:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-03-02 00:36:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-03-02 00:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-03-02 00:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-03-02 00:36:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-03-02 00:36:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-03-02 00:35:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-03-02 00:35:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-03-02 00:35:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-03-02 00:35:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-03-02 00:35:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-03-02 00:35:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-03-02 00:35:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-03-02 00:35:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-03-02 00:34:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-03-02 00:34:43 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-03-02 00:34:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-03-02 00:34:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-03-02 00:34:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-03-02 00:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-03-02 00:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-03-02 00:33:30 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-03-02 00:33:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-03-02 00:33:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2010-03-02 00:33:01 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-03-02 00:32:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-03-02 00:32:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-03-02 00:32:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2010-03-02 00:32:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-03-02 00:32:12 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-03-02 00:32:00 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-03-02 00:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-03-02 00:31:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-03-02 00:31:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-03-02 00:31:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-03-02 00:31:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-03-02 00:31:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-03-02 00:31:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-03-02 00:30:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-03-02 00:30:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-03-02 00:30:42 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-03-02 00:30:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-03-02 00:30:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-03-02 00:30:21 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-03-02 00:30:09 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-03-01 21:12:23 ----D---- C:\Program Files\Common Files\ICQ
2010-03-01 21:12:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-03-01 21:12:02 ----D---- C:\Documents and Settings\Pajda\Data aplikací\ICQ
2010-03-01 21:11:39 ----D---- C:\Program Files\ICQLite
2010-03-01 20:42:34 ----D---- C:\Documents and Settings\Pajda\Data aplikací\QIP
2010-03-01 20:41:58 ----SHD---- C:\RECYCLER
2010-03-01 20:24:22 ----A---- C:\Boot.bak
2010-03-01 20:24:17 ----RASHD---- C:\cmdcons
2010-03-01 20:08:17 ----A---- C:\WINDOWS\CMMIXER.INI
2010-03-01 20:04:04 ----A---- C:\WINDOWS\mixerdef.ini
2010-03-01 18:55:46 ----D---- C:\WINDOWS\system32\PreInstall
2010-03-01 18:55:43 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-03-01 18:55:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-01 18:42:53 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2010-03-01 18:42:53 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2010-03-01 18:42:53 ----A---- C:\WINDOWS\system32\MFC71.dll
2010-03-01 18:42:53 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-01 18:42:43 ----D---- C:\Program Files\Alwil Software
2010-03-01 15:49:37 ----D---- C:\Documents and Settings\Pajda\Data aplikací\Macromedia
2010-03-01 15:49:37 ----D---- C:\Documents and Settings\Pajda\Data aplikací\Adobe
2010-03-01 15:48:42 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-03-01 12:31:59 ----D---- C:\Documents and Settings\Pajda\Data aplikací\Apple Computer
2010-02-28 16:06:50 ----D---- C:\Program Files\Eidos
2010-02-28 15:58:36 ----D---- C:\Program Files\Common Files\EasyInfo
2010-02-28 15:33:42 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2010-02-28 15:33:31 ----D---- C:\WINDOWS\RegisteredPackages
2010-02-28 15:33:14 ----A---- C:\WINDOWS\system32\psisdecd.dll
2010-02-28 15:33:11 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2010-02-28 15:13:48 ----D---- C:\Program Files\QuickTime
2010-02-28 15:13:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-02-28 15:13:35 ----D---- C:\Program Files\Apple Software Update
2010-02-28 15:13:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2010-02-28 15:06:08 ----D---- C:\Program Files\Total video converter
2010-02-28 15:00:45 ----D---- C:\Documents and Settings\Pajda\Data aplikací\DAEMON Tools Lite
2010-02-28 15:00:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-02-24 18:23:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2010-02-24 18:21:41 ----D---- C:\WINDOWS\pss
2010-02-24 17:37:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-24 17:37:54 ----A---- C:\WINDOWS\system32\CSVer.dll
2010-02-24 17:37:52 ----D---- C:\Program Files\Intel
2010-02-24 17:37:37 ----D---- C:\Intel
2010-02-24 17:36:35 ----D---- C:\WINDOWS\nview
2010-02-24 17:36:35 ----A---- C:\WINDOWS\system32\nvudisp.exe
2010-02-24 17:35:26 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-24 17:35:14 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2010-02-24 17:33:44 ----D---- C:\NVIDIA
2010-02-24 17:20:24 ----D---- C:\Program Files\Mozilla Firefox
2010-02-24 17:17:10 ----D---- C:\Program Files\Photodex Presenter
2010-02-24 17:17:10 ----D---- C:\Documents and Settings\Pajda\Data aplikací\Netscape
2010-02-24 17:17:10 ----D---- C:\Documents and Settings\Pajda\Data aplikací\Mozilla
2010-02-24 17:17:03 ----D---- C:\Program Files\Photodex
2010-02-24 17:16:42 ----D---- C:\Documents and Settings\Pajda\Data aplikací\Photodex
2010-02-24 17:14:03 ----A---- C:\WINDOWS\system32\ChCfg.exe
2010-02-24 17:13:38 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-02-24 17:13:26 ----D---- C:\Program Files\Realtek AC97
2010-02-24 17:13:26 ----A---- C:\WINDOWS\system32\RTLCPL.exe
2010-02-24 17:13:24 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2010-02-24 17:13:24 ----A---- C:\WINDOWS\soundman.exe
2010-02-24 17:13:23 ----A---- C:\WINDOWS\alcupd.exe
2010-02-24 17:13:23 ----A---- C:\WINDOWS\Alcrmv.exe
2010-02-24 17:10:32 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-02-24 17:10:29 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-02-24 17:10:17 ----D---- C:\Program Files\Windows Media Connect 2
2010-02-24 17:10:08 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-02-24 17:09:42 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-02-24 17:09:22 ----D---- C:\WINDOWS\system32\LogFiles
2010-02-24 17:09:18 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-02-24 17:09:16 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-02-24 17:09:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2010-02-23 20:43:04 ----D---- C:\Program Files\hry
2010-02-23 20:42:36 ----D---- C:\Documents and Settings\Pajda\Data aplikací\WinRAR
2010-02-23 20:42:23 ----D---- C:\Program Files\WinRAR
2010-02-23 20:24:58 ----A---- C:\WINDOWS\system32\wpa.bak
2010-02-23 20:11:19 ----D---- C:\Documents and Settings\Pajda\Data aplikací\Identities
2010-02-23 20:11:17 ----HD---- C:\Program Files\Uninstall Information
2010-02-23 20:11:10 ----ASH---- C:\Documents and Settings\Pajda\Data aplikací\desktop.ini
2010-02-23 20:11:09 ----SD---- C:\Documents and Settings\Pajda\Data aplikací\Microsoft
2010-02-23 20:10:03 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-23 20:10:02 ----SD---- C:\WINDOWS\system32\Microsoft
2010-02-23 20:10:02 ----D---- C:\WINDOWS\Prefetch
2010-02-23 20:10:01 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-23 20:05:55 ----D---- C:\WINDOWS\system32\xircom
2010-02-23 20:05:55 ----D---- C:\Program Files\xerox
2010-02-23 20:05:55 ----D---- C:\Program Files\microsoft frontpage
2010-02-23 20:05:29 ----A---- C:\WINDOWS\control.ini
2010-02-23 20:05:07 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-02-23 20:04:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-23 20:04:09 ----RD---- C:\WINDOWS\Offline Web Pages
2010-02-23 20:04:09 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-02-23 20:04:01 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-02-23 20:03:57 ----HD---- C:\Program Files\WindowsUpdate
2010-02-23 20:03:53 ----D---- C:\Program Files\Online Services
2010-02-23 20:03:38 ----D---- C:\WINDOWS\system32\DirectX
2010-02-23 20:03:33 ----A---- C:\WINDOWS\system32\atrace.dll
2010-02-23 20:03:31 ----A---- C:\WINDOWS\system32\desktop.ini
2010-02-23 20:03:31 ----A---- C:\WINDOWS\desktop.ini
2010-02-23 20:03:26 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-02-23 20:03:25 ----D---- C:\Program Files\Common Files\Services
2010-02-23 20:03:25 ----A---- C:\WINDOWS\system32\acctres.dll
2010-02-23 20:03:23 ----SD---- C:\WINDOWS\Tasks
2010-02-23 20:03:23 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-02-23 20:03:22 ----D---- C:\Program Files\Common Files\MSSoap
2010-02-23 20:03:19 ----D---- C:\WINDOWS\srchasst
2010-02-23 20:03:18 ----D---- C:\WINDOWS\system32\Macromed
2010-02-23 20:03:16 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-02-23 20:03:16 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-02-23 20:03:16 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-02-23 20:03:16 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-02-23 20:03:15 ----N---- C:\WINDOWS\system32\wuauclt.exe
2010-02-23 20:03:15 ----N---- C:\WINDOWS\system32\qmgr.dll
2010-02-23 20:03:15 ----A---- C:\WINDOWS\system32\wups.dll
2010-02-23 20:03:15 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-02-23 20:03:15 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-02-23 20:03:15 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-02-23 20:03:15 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-02-23 20:03:15 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2010-02-23 20:03:15 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-02-23 20:03:15 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-02-23 20:03:12 ----D---- C:\Program Files\Movie Maker
2010-02-23 20:02:58 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-02-23 20:02:58 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-02-23 20:02:58 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-02-23 20:02:58 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-02-23 20:02:55 ----N---- C:\WINDOWS\system32\srsvc.dll
2010-02-23 20:02:55 ----D---- C:\WINDOWS\system32\Restore
2010-02-23 20:02:55 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-02-23 20:02:55 ----A---- C:\WINDOWS\system32\srclient.dll
2010-02-23 20:02:55 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-02-23 20:02:55 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-02-23 20:02:54 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-02-23 20:02:54 ----A---- C:\WINDOWS\system32\msconf.dll
2010-02-23 20:02:54 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-02-23 20:02:54 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-02-23 20:02:54 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-02-23 20:02:54 ----A---- C:\WINDOWS\system32\ils.dll
2010-02-23 20:02:52 ----D---- C:\Program Files\NetMeeting
2010-02-23 20:02:52 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-02-23 20:02:51 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-02-23 20:02:51 ----A---- C:\WINDOWS\system32\inetres.dll
2010-02-23 20:02:50 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-02-23 20:02:49 ----N---- C:\WINDOWS\system32\schedsvc.dll
2010-02-23 20:02:49 ----D---- C:\Program Files\Outlook Express
2010-02-23 20:02:49 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-02-23 20:02:49 ----A---- C:\WINDOWS\system32\mstask.dll
2010-02-23 20:02:48 ----A---- C:\WINDOWS\system32\isign32.dll
2010-02-23 20:02:48 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-02-23 20:02:48 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-02-23 20:02:48 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-02-23 20:02:44 ----D---- C:\Program Files\Common Files\System
2010-02-23 20:02:43 ----D---- C:\Program Files\Internet Explorer
2010-02-23 20:01:59 ----D---- C:\Program Files\ComPlus Applications
2010-02-23 20:01:57 ----A---- C:\WINDOWS\vbaddin.ini
2010-02-23 20:01:57 ----A---- C:\WINDOWS\vb.ini
2010-02-23 20:01:52 ----D---- C:\WINDOWS\Registration
2010-02-23 20:01:43 ----D---- C:\Program Files\Windows Media Player
2010-02-23 20:01:37 ----D---- C:\Program Files\Messenger
2010-02-23 20:01:34 ----D---- C:\Program Files\MSN Gaming Zone
2010-02-23 20:01:34 ----A---- C:\WINDOWS\system32\write.exe
2010-02-23 20:01:27 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-02-23 20:01:27 ----A---- C:\WINDOWS\system32\hticons.dll
2010-02-23 20:01:27 ----A---- C:\WINDOWS\system32\avwav.dll
2010-02-23 20:01:27 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-02-23 20:01:27 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-02-23 20:01:26 ----A---- C:\WINDOWS\system32\winchat.exe
2010-02-23 20:01:22 ----A---- C:\WINDOWS\system32\getuname.dll
2010-02-23 20:01:21 ----A---- C:\WINDOWS\system32\winmine.exe
2010-02-23 20:01:21 ----A---- C:\WINDOWS\system32\sol.exe
2010-02-23 20:01:21 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-02-23 20:01:21 ----A---- C:\WINDOWS\system32\charmap.exe
2010-02-23 20:01:21 ----A---- C:\WINDOWS\system32\calc.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\tskill.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\tscon.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\shadow.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\reset.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\regini.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\msg.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\logoff.exe
2010-02-23 20:01:20 ----A---- C:\WINDOWS\system32\freecell.exe
2010-02-23 20:01:19 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-02-23 20:01:19 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-02-23 20:01:15 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-02-23 20:01:14 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-02-23 20:01:14 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-02-23 20:01:14 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-02-23 20:01:14 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-02-23 20:01:13 ----D---- C:\Program Files\Windows NT
2010-02-23 20:01:13 ----A---- C:\WINDOWS\system32\spider.exe
2010-02-23 20:01:13 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-02-23 20:01:13 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-02-23 20:01:12 ----A---- C:\WINDOWS\system32\tsgqec.dll
2010-02-23 20:01:12 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-02-23 20:01:12 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2010-02-23 20:01:12 ----A---- C:\WINDOWS\system32\aaclient.dll
2010-02-23 20:01:11 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-02-23 20:01:11 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-02-23 20:01:11 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-02-23 20:01:11 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-02-23 20:01:11 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-02-23 20:01:11 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-02-23 20:01:10 ----N---- C:\WINDOWS\system32\termsrv.dll
2010-02-23 20:01:10 ----D---- C:\WINDOWS\system32\MsDtc
2010-02-23 20:01:10 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-02-23 20:01:10 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-02-23 20:01:10 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-02-23 20:01:10 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-02-23 20:01:10 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-02-23 20:01:10 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-02-23 20:01:10 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-02-23 20:01:10 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-02-23 20:01:10 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-02-23 20:01:09 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-02-23 20:01:09 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-02-23 20:01:09 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-02-23 20:01:09 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-02-23 20:01:09 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-02-23 20:01:08 ----D---- C:\WINDOWS\system32\Com
2010-02-23 20:01:08 ----A---- C:\WINDOWS\system32\stclient.dll
2010-02-23 20:01:08 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-02-23 20:01:08 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-02-23 20:01:08 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-02-23 20:01:08 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-02-23 20:01:08 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-02-23 20:01:08 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-02-23 20:01:08 ----A---- C:\WINDOWS\system32\colbact.dll
2010-02-23 20:01:08 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-02-23 20:01:07 ----A---- C:\WINDOWS\system32\comuid.dll
2010-02-23 20:01:07 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-02-23 20:01:07 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-02-23 20:01:07 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-02-23 20:01:07 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-02-23 20:01:06 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-02-23 20:01:06 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-02-23 20:01:01 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-02-23 20:01:01 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-02-23 20:01:01 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-02-23 20:01:01 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2010-03-02 16:58:49 ----RD---- C:\Program Files
2010-03-02 16:55:05 ----D---- C:\WINDOWS\Debug
2010-03-02 16:55:05 ----D---- C:\WINDOWS
2010-03-02 16:51:58 ----D---- C:\WINDOWS\Temp
2010-03-02 16:51:27 ----SHD---- C:\System Volume Information
2010-03-02 16:34:00 ----D---- C:\WINDOWS\system32
2010-03-02 16:31:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-02 16:29:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-02 16:28:45 ----HD---- C:\WINDOWS\inf
2010-03-02 16:28:29 ----D---- C:\WINDOWS\system32\drivers
2010-03-02 16:27:41 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-02 07:44:47 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-02 07:44:47 ----D---- C:\WINDOWS\Help
2010-03-02 07:40:36 ----D---- C:\WINDOWS\Media
2010-03-02 07:34:20 ----D---- C:\WINDOWS\system32\wbem
2010-03-02 07:34:20 ----D---- C:\WINDOWS\AppPatch
2010-03-02 00:38:13 ----D---- C:\WINDOWS\WinSxS
2010-03-01 21:12:23 ----D---- C:\Program Files\Common Files
2010-03-01 21:12:20 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-01 20:31:50 ----A---- C:\WINDOWS\system.ini
2010-03-01 20:24:22 ----RASH---- C:\boot.ini
2010-03-01 20:05:08 ----D---- C:\Documents and Settings
2010-03-01 19:51:15 ----D---- C:\WINDOWS\system
2010-03-01 19:13:02 ----A---- C:\WINDOWS\win.ini
2010-03-01 18:53:25 ----D---- C:\WINDOWS\system32\config
2010-03-01 13:19:29 ----SHD---- C:\WINDOWS\Installer
2010-02-28 15:07:21 ----RSD---- C:\WINDOWS\Fonts
2010-02-23 20:11:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-23 20:05:55 ----D---- C:\WINDOWS\security
2010-02-23 20:05:55 ----D---- C:\WINDOWS\repair
2010-02-23 20:05:55 ----D---- C:\WINDOWS\ime
2010-02-23 20:05:07 ----A---- C:\WINDOWS\ODBCINST.INI
2010-02-23 20:04:51 ----D---- C:\WINDOWS\system32\ias
2010-02-23 20:04:13 ----RD---- C:\WINDOWS\Web
2010-02-23 20:03:09 ----D---- C:\WINDOWS\system32\oobe
2010-02-23 20:02:58 ----D---- C:\WINDOWS\pchealth
2010-02-23 20:01:31 ----D---- C:\WINDOWS\Cursors
2010-02-23 20:00:25 ----D---- C:\WINDOWS\system32\spool

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-11-04 3532544]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-11-04 131139]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [2010-02-24 181312]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

V logu nevidím firewall, doinstalujte

Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

Jinak je to v pořádku.

Mockrát děkuji avast už nic nenašel!Snad to už bude bez virů a v pohodě!!Díky za pomoc!

Nemáte zač

VIRY.CZ

Pls o kontrolu logu-viry

Pls o kontrolu logu-viry

Re: Pls o kontrolu logu-viry

Re: Pls o kontrolu logu-viry

Re: Pls o kontrolu logu-viry

Re: Pls o kontrolu logu-viry

Re: Pls o kontrolu logu-viry

Re: Pls o kontrolu logu-viry

Re: Pls o kontrolu logu-viry

Re: Pls o kontrolu logu-viry

Re: Pls o kontrolu logu-viry

Re: Pls o kontrolu logu-viry

Re: Pls o kontrolu logu-viry

Re: Pls o kontrolu logu-viry