VIRY.CZ

AVG hlásí že nalez spusty infekcí v system32 a virus také napadnul outlook a winrar

Takže zde dávám log z RSITu nechal sem tam last month nebo tak nějak


Logfile of random's system information tool 1.06 (written by random/random)
Run by ADAM at 2010-03-27 12:19:12
Systém Microsoft Windows XP Professional Service Pack 3
System drive D: has 12 GB (25%) free of 50 GB
Total RAM: 1023 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:25, on 27.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG\AVG9\avgchsvx.exe
D:\Program Files\AVG\AVG9\avgrsx.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\Program Files\AVG\AVG9\avgwdsvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
d:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Program Files\AVG\AVG9\avgemc.exe
D:\Program Files\AVG\AVG9\avgam.exe
D:\Program Files\AVG\AVG9\avgnsx.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\WINDOWS\RTHDCPL.EXE
D:\PROGRA~1\Eraser\Eraser.exe
D:\PROGRA~1\AVG\AVG9\avgtray.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\explorer.exe
D:\Documents and Settings\ADAM.ADAM-45D573CD9E\Dokumenty\Stažené soubory\RSIT.exe
D:\Documents and Settings\ADAM.ADAM-45D573CD9E\Dokumenty\Stažené soubory\ADAM.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: Hero Fighter Toolbar - {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Hero Fighter Toolbar - {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Hero Fighter Toolbar - {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Eraser] "D:\PROGRA~1\Eraser\Eraser.exe" --atRestart
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] D:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8718390687
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: ?????a d:\windows\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - D:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SVC - Unknown owner - D:\DOCUME~1\ADAM~1.ADA\LOCALS~1\Temp\SVC.exe (file missing)

--
End of file - 7391 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-861567501-839522115-1003.job
D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-861567501-839522115-1003.job
D:\WINDOWS\tasks\SmartDefrag.job
D:\WINDOWS\tasks\User_Feed_Synchronization-{15B28055-F8FD-434A-938B-457F0CAEF148}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
D:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-12-14 1217896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - D:\Program Files\AVG\AVG9\avgssie.dll [2010-03-26 1598744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-02-23 1664256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b12785f5-d8d0-4530-a3ea-5c4263b85bef}]
Hero Fighter Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-27 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-12-14 1217896]
{b12785f5-d8d0-4530-a3ea-5c4263b85bef} - []
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-02-23 1664256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=D:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-24 98304]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2005-12-09 15691264]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"Eraser"=D:\PROGRA~1\Eraser\Eraser.exe [2009-12-15 976784]
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2010-02-15 417792]
"AVG9_TRAY"=D:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-03-26 2059544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=D:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Advanced SystemCare 3"=D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-02-08 2343632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="?????a d:\windows\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2009-11-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
D:\WINDOWS\system32\avgrsstx.dll [2010-03-26 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="D:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="D:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"D:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="D:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"D:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="D:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\WINDOWS\system32\sessmgr.exe"="D:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\Program Files\Skype\Plugin Manager\skypePM.exe"="D:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-03-27 11:23:09 ----HD---- D:\$AVG
2010-03-26 23:20:10 ----A---- D:\WINDOWS\system32\avgrsstx.dll
2010-03-26 23:19:47 ----D---- D:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVG Security Toolbar
2010-03-26 23:16:01 ----D---- D:\Documents and Settings\All Users.WINDOWS\Data aplikací\avg9
2010-03-26 22:45:48 ----A---- D:\WINDOWS\kbldqlom.EXE
2010-03-26 21:50:31 ----D---- D:\Documents and Settings\ADAM.ADAM-45D573CD9E\Data aplikací\Longfine Software
2010-03-26 21:50:23 ----D---- D:\Program Files\Easy Screen Recorder
2010-03-26 21:01:24 ----A---- D:\WINDOWS\agtnaneh.EXE
2010-03-26 17:51:29 ----D---- D:\Program Files\Expert Debugger
2010-03-26 14:12:20 ----A---- D:\WINDOWS\trecpcdp.EXE
2010-03-25 20:36:27 ----A---- D:\WINDOWS\zmrezmgr.EXE
2010-03-25 20:16:10 ----A---- D:\WINDOWS\qkxsfsby.EXE
2010-03-25 20:12:00 ----A---- D:\WINDOWS\flflfdfq.EXE
2010-03-25 20:11:43 ----A---- D:\WINDOWS\gqisfikf.EXE
2010-03-25 20:05:08 ----A---- D:\WINDOWS\gxhzulva.EXE
2010-03-25 20:03:53 ----A---- D:\WINDOWS\erecwcrg.EXE
2010-03-25 19:36:32 ----A---- D:\WINDOWS\kumwnbli.EXE
2010-03-25 15:11:47 ----A---- D:\WINDOWS\pcpcpnwg.EXE
2010-03-25 14:31:47 ----A---- D:\WINDOWS\gxhzulvl.EXE
2010-03-25 13:31:08 ----A---- D:\WINDOWS\kpcagtcd.EXE
2010-03-25 07:25:10 ----A---- D:\WINDOWS\vpcpkeyw.EXE
2010-03-25 07:12:32 ----A---- D:\WINDOWS\jwjdjwxb.EXE
2010-03-24 19:02:16 ----A---- D:\WINDOWS\ydqdjwxc.EXE
2010-03-24 18:40:28 ----A---- D:\WINDOWS\SCANDISK.exe
2010-03-24 18:40:28 ----A---- D:\WINDOWS\hzjavnxc.EXE
2010-03-21 00:05:20 ----D---- D:\Program Files\Sun
2010-03-20 23:50:55 ----HDC---- D:\WINDOWS\$NtUninstallKB971513$
2010-03-19 19:16:30 ----D---- D:\WINDOWS\ie8updates
2010-03-19 19:12:54 ----D---- D:\WINDOWS\WBEM
2010-03-19 19:08:54 ----HDC---- D:\WINDOWS\ie8
2010-03-17 19:42:01 ----HD---- D:\Sandbox
2010-03-17 19:37:25 ----D---- D:\Documents and Settings\All Users.WINDOWS\Data aplikací\Comodo Downloader
2010-03-17 19:36:32 ----D---- D:\Program Files\COMODO
2010-03-17 14:13:18 ----D---- D:\Program Files\QuickTime
2010-03-17 14:13:17 ----D---- D:\Documents and Settings\All Users.WINDOWS\Data aplikací\Apple Computer
2010-03-17 14:12:40 ----D---- D:\Program Files\Apple Software Update
2010-03-17 14:12:40 ----D---- D:\Documents and Settings\All Users.WINDOWS\Data aplikací\Apple
2010-03-17 00:11:03 ----HDC---- D:\WINDOWS\$NtUninstallKB941569$
2010-03-17 00:10:37 ----HDC---- D:\WINDOWS\$NtUninstallKB929399$
2010-03-17 00:10:18 ----HDC---- D:\WINDOWS\$NtUninstallKB939683$
2010-03-17 00:09:43 ----HDC---- D:\WINDOWS\$NtUninstallKB954154_WM11$
2010-03-16 18:29:48 ----A---- D:\WINDOWS\system32\mucltui.dll.mui
2010-03-16 18:29:48 ----A---- D:\WINDOWS\system32\mucltui.dll
2010-03-16 11:24:18 ----N---- D:\WINDOWS\system32\spmsg.dll
2010-03-16 11:23:01 ----D---- D:\Program Files\Webteh
2010-03-16 07:28:44 ----HDC---- D:\WINDOWS\$NtUninstallMSCompPackV1$
2010-03-16 07:28:41 ----A---- D:\WINDOWS\system32\setb5.tmp
2010-03-16 07:28:23 ----D---- D:\Program Files\Windows Media Connect 2
2010-03-16 07:28:08 ----HDC---- D:\WINDOWS\$NtUninstallwmp11$
2010-03-16 06:52:37 ----D---- D:\Program Files\Agnitum
2010-03-16 06:42:36 ----A---- D:\WINDOWS\system32\MRT.exe
2010-03-16 06:33:05 ----D---- D:\Documents and Settings\All Users.WINDOWS\Data aplikací\Windows Genuine Advantage
2010-03-15 10:54:42 ----D---- D:\Program Files\GTATools
2010-03-14 09:27:08 ----A---- D:\WINDOWS\system32\XAudio2_6.dll
2010-03-14 09:27:08 ----A---- D:\WINDOWS\system32\XAPOFX1_4.dll
2010-03-14 09:27:07 ----A---- D:\WINDOWS\system32\xactengine3_6.dll
2010-03-14 09:27:06 ----A---- D:\WINDOWS\system32\X3DAudio1_7.dll
2010-03-14 09:27:05 ----A---- D:\WINDOWS\system32\XAudio2_5.dll
2010-03-14 09:27:04 ----A---- D:\WINDOWS\system32\xactengine3_5.dll
2010-03-14 09:27:03 ----A---- D:\WINDOWS\system32\D3DCompiler_42.dll
2010-03-14 09:27:02 ----A---- D:\WINDOWS\system32\d3dcsx_42.dll
2010-03-14 09:27:01 ----A---- D:\WINDOWS\system32\d3dx11_42.dll
2010-03-14 09:27:00 ----A---- D:\WINDOWS\system32\d3dx10_42.dll
2010-03-14 09:26:59 ----A---- D:\WINDOWS\system32\D3DX9_42.dll
2010-03-14 09:26:58 ----A---- D:\WINDOWS\system32\d3dx10_41.dll
2010-03-14 09:26:58 ----A---- D:\WINDOWS\system32\D3DCompiler_41.dll
2010-03-14 09:26:57 ----A---- D:\WINDOWS\system32\D3DX9_41.dll
2010-03-14 09:26:56 ----A---- D:\WINDOWS\system32\XAudio2_4.dll
2010-03-14 09:26:56 ----A---- D:\WINDOWS\system32\XAPOFX1_3.dll
2010-03-14 09:26:55 ----A---- D:\WINDOWS\system32\xactengine3_4.dll
2010-03-14 09:26:54 ----A---- D:\WINDOWS\system32\X3DAudio1_6.dll
2010-03-14 09:26:53 ----A---- D:\WINDOWS\system32\d3dx10_40.dll
2010-03-14 09:26:53 ----A---- D:\WINDOWS\system32\D3DCompiler_40.dll
2010-03-14 09:26:52 ----A---- D:\WINDOWS\system32\D3DX9_40.dll
2010-03-14 09:26:51 ----A---- D:\WINDOWS\system32\XAudio2_3.dll
2010-03-14 09:26:51 ----A---- D:\WINDOWS\system32\XAPOFX1_2.dll
2010-03-14 09:26:50 ----A---- D:\WINDOWS\system32\xactengine3_3.dll
2010-03-14 09:26:50 ----A---- D:\WINDOWS\system32\X3DAudio1_5.dll
2010-03-14 09:26:49 ----A---- D:\WINDOWS\system32\XAudio2_2.dll
2010-03-14 09:26:49 ----A---- D:\WINDOWS\system32\XAPOFX1_1.dll
2010-03-14 09:26:48 ----A---- D:\WINDOWS\system32\xactengine3_2.dll
2010-03-14 09:26:47 ----A---- D:\WINDOWS\system32\d3dx10_39.dll
2010-03-14 09:26:47 ----A---- D:\WINDOWS\system32\D3DCompiler_39.dll
2010-03-14 09:26:44 ----A---- D:\WINDOWS\system32\D3DX9_39.dll
2010-03-14 09:24:41 ----HD---- D:\WINDOWS\msdownld.tmp
2010-03-14 09:21:22 ----D---- D:\WINDOWS\system32\CatRoot_bak
2010-03-14 05:03:36 ----HDC---- D:\WINDOWS\$NtUninstallKB951978$
2010-03-14 05:03:21 ----HDC---- D:\WINDOWS\$NtUninstallKB975713$
2010-03-14 05:03:07 ----HDC---- D:\WINDOWS\$NtUninstallKB956744$
2010-03-14 05:02:37 ----HDC---- D:\WINDOWS\$NtUninstallKB973540_WM9$
2010-03-14 04:57:09 ----D---- D:\WINDOWS\Prefetch
2010-03-13 10:22:40 ----A---- D:\WINDOWS\system32\wmpns.dll
2010-03-13 07:40:29 ----HDC---- D:\WINDOWS\$NtUninstallKB978706$
2010-03-13 07:39:10 ----HDC---- D:\WINDOWS\$NtUninstallKB978251$
2010-03-13 07:37:52 ----HDC---- D:\WINDOWS\$NtUninstallKB978207$
2010-03-13 07:36:46 ----HDC---- D:\WINDOWS\$NtUninstallKB978037$
2010-03-13 07:35:13 ----HDC---- D:\WINDOWS\$NtUninstallKB977914$
2010-03-13 07:33:32 ----HDC---- D:\WINDOWS\$NtUninstallKB977165$
2010-03-13 07:32:10 ----HDC---- D:\WINDOWS\$NtUninstallKB976749$
2010-03-13 07:30:48 ----HDC---- D:\WINDOWS\$NtUninstallKB976325$
2010-03-13 07:29:33 ----HDC---- D:\WINDOWS\$NtUninstallKB975561$
2010-03-13 07:28:24 ----HDC---- D:\WINDOWS\$NtUninstallKB975560$
2010-03-13 07:27:02 ----HDC---- D:\WINDOWS\$NtUninstallKB975467$
2010-03-13 07:25:48 ----HDC---- D:\WINDOWS\$NtUninstallKB975025$
2010-03-13 07:23:40 ----HDC---- D:\WINDOWS\$NtUninstallKB974571$
2010-03-13 07:22:49 ----HDC---- D:\WINDOWS\$NtUninstallKB974455$
2010-03-13 07:22:09 ----HDC---- D:\WINDOWS\$NtUninstallKB974392$
2010-03-13 07:21:28 ----HDC---- D:\WINDOWS\$NtUninstallKB974318$
2010-03-13 07:20:45 ----HDC---- D:\WINDOWS\$NtUninstallKB974112$
2010-03-13 07:19:49 ----HDC---- D:\WINDOWS\$NtUninstallKB973869$
2010-03-13 07:19:06 ----HDC---- D:\WINDOWS\$NtUninstallKB973815$
2010-03-13 07:18:23 ----HDC---- D:\WINDOWS\$NtUninstallKB973687$
2010-03-13 07:17:39 ----HDC---- D:\WINDOWS\$NtUninstallKB973507$
2010-03-13 07:16:55 ----HDC---- D:\WINDOWS\$NtUninstallKB973354$
2010-03-13 07:16:11 ----HDC---- D:\WINDOWS\$NtUninstallKB972270$
2010-03-13 07:15:28 ----HDC---- D:\WINDOWS\$NtUninstallKB971737$
2010-03-13 07:14:33 ----HDC---- D:\WINDOWS\$NtUninstallKB971657$
2010-03-13 07:13:48 ----HDC---- D:\WINDOWS\$NtUninstallKB971633$
2010-03-13 07:12:59 ----HDC---- D:\WINDOWS\$NtUninstallKB971557$
2010-03-13 07:12:02 ----HDC---- D:\WINDOWS\$NtUninstallKB971486$
2010-03-13 07:11:13 ----HDC---- D:\WINDOWS\$NtUninstallKB971468$
2010-03-13 07:10:23 ----HDC---- D:\WINDOWS\$NtUninstallKB970430$
2010-03-13 07:09:30 ----HDC---- D:\WINDOWS\$NtUninstallKB970238$
2010-03-13 07:08:30 ----HDC---- D:\WINDOWS\$NtUninstallKB969947$
2010-03-13 07:07:33 ----HDC---- D:\WINDOWS\$NtUninstallKB969059$
2010-03-13 07:06:18 ----HDC---- D:\WINDOWS\$NtUninstallKB968389$
2010-03-13 07:04:50 ----HDC---- D:\WINDOWS\$NtUninstallKB967715$
2010-03-13 07:03:54 ----HDC---- D:\WINDOWS\$NtUninstallKB961501$
2010-03-13 07:02:52 ----HDC---- D:\WINDOWS\$NtUninstallKB961371-v2$
2010-03-13 07:01:41 ----HDC---- D:\WINDOWS\$NtUninstallKB961118$
2010-03-13 07:00:26 ----HDC---- D:\WINDOWS\$NtUninstallKB960859$
2010-03-13 06:59:17 ----HDC---- D:\WINDOWS\$NtUninstallKB960803$
2010-03-13 06:58:11 ----HDC---- D:\WINDOWS\$NtUninstallKB960225$
2010-03-13 06:56:39 ----HDC---- D:\WINDOWS\$NtUninstallKB959426$
2010-03-13 06:54:42 ----HDC---- D:\WINDOWS\$NtUninstallKB958687$
2010-03-13 06:53:37 ----HDC---- D:\WINDOWS\$NtUninstallKB958644$
2010-03-13 06:50:25 ----HDC---- D:\WINDOWS\$NtUninstallKB957097$
2010-03-13 06:48:54 ----HDC---- D:\WINDOWS\$NtUninstallKB956844$
2010-03-13 06:47:48 ----HDC---- D:\WINDOWS\$NtUninstallKB956803$
2010-03-13 06:46:37 ----HDC---- D:\WINDOWS\$NtUninstallKB956802$
2010-03-13 06:45:05 ----HDC---- D:\WINDOWS\$NtUninstallKB956572$
2010-03-13 06:43:47 ----HDC---- D:\WINDOWS\$NtUninstallKB955759$
2010-03-13 06:42:35 ----HDC---- D:\WINDOWS\$NtUninstallKB973687_1$
2010-03-13 06:41:39 ----HDC---- D:\WINDOWS\$NtUninstallKB955069$
2010-03-13 06:40:26 ----HDC---- D:\WINDOWS\$NtUninstallKB952954$
2010-03-13 06:39:24 ----HDC---- D:\WINDOWS\$NtUninstallKB952287$
2010-03-13 06:38:24 ----HDC---- D:\WINDOWS\$NtUninstallKB952004$
2010-03-13 06:37:22 ----HDC---- D:\WINDOWS\$NtUninstallKB951748$
2010-03-13 06:36:21 ----HDC---- D:\WINDOWS\$NtUninstallKB951376-v2$
2010-03-13 06:35:19 ----HDC---- D:\WINDOWS\$NtUninstallKB951066$
2010-03-13 06:34:16 ----HDC---- D:\WINDOWS\$NtUninstallKB950974$
2010-03-13 06:33:07 ----HDC---- D:\WINDOWS\$NtUninstallKB950762$
2010-03-13 06:32:02 ----HDC---- D:\WINDOWS\$NtUninstallKB946648$
2010-03-13 06:30:39 ----HDC---- D:\WINDOWS\$NtUninstallKB923561$
2010-03-13 06:25:26 ----N---- D:\WINDOWS\system32\comsdupd.exe
2010-03-13 06:25:25 ----N---- D:\WINDOWS\system32\smtpapi.dll
2010-03-13 06:25:25 ----N---- D:\WINDOWS\system32\rwnh.dll
2010-03-13 06:25:21 ----N---- D:\WINDOWS\system32\ativtmxx.dll
2010-03-13 06:25:21 ----N---- D:\WINDOWS\system32\ati3d1ag.dll
2010-03-13 06:25:21 ----N---- D:\WINDOWS\system32\ati2dvaa.dll
2010-03-13 06:25:21 ----N---- D:\WINDOWS\system32\aaclient.dll
2010-03-13 06:25:20 ----N---- D:\WINDOWS\system32\bitsprx4.dll
2010-03-13 06:25:20 ----N---- D:\WINDOWS\system32\azroles.dll
2010-03-13 06:25:19 ----N---- D:\WINDOWS\system32\dot3svc.dll
2010-03-13 06:25:19 ----N---- D:\WINDOWS\system32\dot3msm.dll
2010-03-13 06:25:19 ----N---- D:\WINDOWS\system32\dot3gpclnt.dll
2010-03-13 06:25:19 ----N---- D:\WINDOWS\system32\dot3dlg.dll
2010-03-13 06:25:19 ----N---- D:\WINDOWS\system32\dot3cfg.dll
2010-03-13 06:25:19 ----N---- D:\WINDOWS\system32\dot3api.dll
2010-03-13 06:25:19 ----N---- D:\WINDOWS\system32\dimsroam.dll
2010-03-13 06:25:19 ----N---- D:\WINDOWS\system32\dimsntfy.dll
2010-03-13 06:25:19 ----N---- D:\WINDOWS\system32\dhcpqec.dll
2010-03-13 06:25:19 ----N---- D:\WINDOWS\system32\credssp.dll
2010-03-13 06:25:18 ----N---- D:\WINDOWS\system32\eapp3hst.dll
2010-03-13 06:25:18 ----N---- D:\WINDOWS\system32\eapolqec.dll
2010-03-13 06:25:18 ----N---- D:\WINDOWS\system32\dot3ui.dll
2010-03-13 06:25:17 ----N---- D:\WINDOWS\system32\eapsvc.dll
2010-03-13 06:25:17 ----N---- D:\WINDOWS\system32\eapqec.dll
2010-03-13 06:25:17 ----N---- D:\WINDOWS\system32\eappprxy.dll
2010-03-13 06:25:17 ----N---- D:\WINDOWS\system32\eapphost.dll
2010-03-13 06:25:17 ----N---- D:\WINDOWS\system32\eappgnui.dll
2010-03-13 06:25:17 ----N---- D:\WINDOWS\system32\eappcfg.dll
2010-03-13 06:25:16 ----N---- D:\WINDOWS\system32\hsfcisp2.dll
2010-03-13 06:25:14 ----N---- D:\WINDOWS\system32\kbdiultn.dll
2010-03-13 06:25:14 ----N---- D:\WINDOWS\system32\kbdbhc.dll
2010-03-13 06:25:13 ----N---- D:\WINDOWS\system32\l2gpstore.dll
2010-03-13 06:25:13 ----N---- D:\WINDOWS\system32\kmsvc.dll
2010-03-13 06:25:13 ----N---- D:\WINDOWS\system32\kbdpash.dll
2010-03-13 06:25:13 ----N---- D:\WINDOWS\system32\kbdnepr.dll
2010-03-13 06:25:12 ----N---- D:\WINDOWS\system32\mmcperf.exe
2010-03-13 06:25:12 ----N---- D:\WINDOWS\system32\mmcfxcommon.dll
2010-03-13 06:25:12 ----N---- D:\WINDOWS\system32\mmcex.dll
2010-03-13 06:25:12 ----N---- D:\WINDOWS\system32\microsoft.managementconsole.dll
2010-03-13 06:25:12 ----N---- D:\WINDOWS\system32\mdmxsdk.dll
2010-03-13 06:25:11 ----N---- D:\WINDOWS\system32\napstat.exe
2010-03-13 06:25:11 ----N---- D:\WINDOWS\system32\napmontr.dll
2010-03-13 06:25:11 ----N---- D:\WINDOWS\system32\napipsec.dll
2010-03-13 06:25:11 ----N---- D:\WINDOWS\system32\mtxparhd.dll
2010-03-13 06:25:11 ----N---- D:\WINDOWS\system32\msshavmsg.dll
2010-03-13 06:25:11 ----N---- D:\WINDOWS\system32\mssha.dll
2010-03-13 06:25:10 ----N---- D:\WINDOWS\system32\onex.dll
2010-03-13 06:25:10 ----N---- D:\WINDOWS\system32\nv4_disp.dll
2010-03-13 06:25:09 ----N---- D:\WINDOWS\system32\rasqec.dll
2010-03-13 06:25:09 ----N---- D:\WINDOWS\system32\qutil.dll
2010-03-13 06:25:09 ----N---- D:\WINDOWS\system32\qcliprov.dll
2010-03-13 06:25:09 ----N---- D:\WINDOWS\system32\qagentrt.dll
2010-03-13 06:25:09 ----N---- D:\WINDOWS\system32\qagent.dll
2010-03-13 06:25:08 ----N---- D:\WINDOWS\system32\slgen.dll
2010-03-13 06:25:08 ----N---- D:\WINDOWS\system32\slextspk.dll
2010-03-13 06:25:08 ----N---- D:\WINDOWS\system32\slcoinst.dll
2010-03-13 06:25:08 ----N---- D:\WINDOWS\system32\setupn.exe
2010-03-13 06:25:08 ----N---- D:\WINDOWS\system32\s3gnb.dll
2010-03-13 06:25:08 ----N---- D:\WINDOWS\system32\rhttpaa.dll
2010-03-13 06:25:07 ----N---- D:\WINDOWS\system32\slserv.exe
2010-03-13 06:25:07 ----N---- D:\WINDOWS\system32\slrundll.exe
2010-03-13 06:25:06 ----N---- D:\WINDOWS\system32\verclsid.exe
2010-03-13 06:25:06 ----N---- D:\WINDOWS\system32\tspkg.dll
2010-03-13 06:25:06 ----N---- D:\WINDOWS\system32\tsgqec.dll
2010-03-13 06:25:04 ----N---- D:\WINDOWS\system32\wlanapi.dll
2010-03-13 06:25:02 ----N---- D:\WINDOWS\slrundll.exe
2010-03-13 06:25:02 ----A---- D:\WINDOWS\system32\xmllite.dll
2010-03-13 06:14:28 ----A---- D:\WINDOWS\002895_.tmp
2010-03-12 07:22:13 ----N---- D:\WINDOWS\system32\browserchoice.exe
2010-03-11 16:41:34 ----D---- D:\Program Files\AV Vcs 4.0
2010-03-11 16:25:25 ----D---- D:\!KillBox
2010-03-11 01:09:31 ----HDC---- D:\WINDOWS\$NtUninstallKB975561_0$
2010-03-09 19:01:50 ----D---- D:\Program Files\iWEB Studio
2010-03-09 19:01:45 ----A---- D:\WINDOWS\GPInstall.exe
2010-03-09 15:03:25 ----D---- D:\Program Files\Avira
2010-03-09 01:30:10 ----D---- D:\Documents and Settings\All Users.WINDOWS\Data aplikací\ESET
2010-03-08 15:49:26 ----A---- D:\WINDOWS\system32\XAudio2_1.dll
2010-03-08 15:49:26 ----A---- D:\WINDOWS\system32\XAPOFX1_0.dll
2010-03-08 15:49:25 ----A---- D:\WINDOWS\system32\xactengine3_1.dll
2010-03-08 15:49:24 ----A---- D:\WINDOWS\system32\X3DAudio1_4.dll
2010-03-08 15:49:23 ----A---- D:\WINDOWS\system32\d3dx10_38.dll
2010-03-08 15:49:23 ----A---- D:\WINDOWS\system32\D3DCompiler_38.dll
2010-03-08 15:49:21 ----A---- D:\WINDOWS\system32\D3DX9_38.dll
2010-03-05 13:24:49 ----N---- D:\Install.log.txt
2010-03-04 12:29:50 ----D---- D:\Program Files\PC Tools Firewall Plus
2010-03-04 12:28:06 ----A---- D:\WINDOWS\BDTSupport.dll.old
2010-03-04 12:28:05 ----A---- D:\WINDOWS\PCTBDCore.dll.old
2010-03-04 12:24:31 ----D---- D:\Program Files\Spyware Doctor
2010-03-04 12:24:31 ----D---- D:\Program Files\Common Files\PC Tools
2010-03-04 00:02:32 ----HD---- D:\WINDOWS\system32\GroupPolicy
2010-03-03 23:12:01 ----AD---- D:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
2010-03-02 13:35:15 ----D---- D:\Documents and Settings\ADAM.ADAM-45D573CD9E\Data aplikací\TrueCrypt
2010-03-02 13:32:32 ----D---- D:\Program Files\TrueCrypt
2010-02-28 13:48:17 ----D---- D:\Program Files\AVG

======List of files/folders modified in the last 1 months======

2010-03-27 12:16:16 ----D---- D:\WINDOWS\Temp
2010-03-27 11:41:15 ----RSHDC---- D:\WINDOWS\system32\dllcache
2010-03-27 11:41:09 ----D---- D:\WINDOWS\system32
2010-03-27 11:23:46 ----D---- D:\WINDOWS\system32\Lang
2010-03-27 11:23:31 ----D---- D:\Program Files\Windows Media Player
2010-03-27 11:23:18 ----D---- D:\WINDOWS\system32\CatRoot2
2010-03-26 23:20:10 ----D---- D:\WINDOWS\system32\drivers
2010-03-26 23:16:01 ----SHD---- D:\WINDOWS\Installer
2010-03-26 23:15:02 ----HD---- D:\Config.Msi
2010-03-26 23:12:16 ----SD---- D:\Documents and Settings\ADAM.ADAM-45D573CD9E\Data aplikací\Microsoft
2010-03-26 23:12:16 ----D---- D:\WINDOWS
2010-03-26 22:45:50 ----A---- D:\WINDOWS\War3Unin.exe
2010-03-26 22:45:49 ----A---- D:\WINDOWS\system32\utilman.exe
2010-03-26 22:45:49 ----A---- D:\WINDOWS\system32\tourstart.exe
2010-03-26 22:45:49 ----A---- D:\WINDOWS\system32\rcimlby.exe
2010-03-26 22:45:49 ----A---- D:\WINDOWS\system32\notepad.exe
2010-03-26 22:45:49 ----A---- D:\WINDOWS\system32\mobsync.exe
2010-03-26 22:45:49 ----A---- D:\WINDOWS\system32\magnify.exe
2010-03-26 22:45:49 ----A---- D:\WINDOWS\system32\cmd.exe
2010-03-26 21:50:23 ----RD---- D:\Program Files
2010-03-26 21:02:27 ----D---- D:\Program Files\Outlook Express
2010-03-26 17:36:09 ----D---- D:\Documents and Settings\ADAM.ADAM-45D573CD9E\Data aplikací\Image Zone Express
2010-03-25 13:29:18 ----D---- D:\WINDOWS\system32\config
2010-03-25 07:17:36 ----D---- D:\Program Files\Mozilla Firefox
2010-03-24 22:06:07 ----D---- D:\WINDOWS\Debug
2010-03-23 07:07:09 ----D---- D:\Program Files\Burn4Free
2010-03-21 00:06:40 ----HD---- D:\WINDOWS\inf
2010-03-21 00:05:51 ----DC---- D:\WINDOWS\system32\DRVSTORE
2010-03-20 23:51:16 ----D---- D:\WINDOWS\system32\ReinstallBackups
2010-03-20 11:04:08 ----HD---- D:\WINDOWS\$hf_mig$
2010-03-20 09:36:33 ----SD---- D:\WINDOWS\Tasks
2010-03-20 09:32:00 ----D---- D:\WINDOWS\system32\cs-cz
2010-03-20 09:31:58 ----HD---- D:\Program Files\Internet Explorer
2010-03-20 09:31:58 ----D---- D:\WINDOWS\Help
2010-03-19 19:12:37 ----D---- D:\WINDOWS\Media
2010-03-18 22:02:18 ----D---- D:\gfx
2010-03-18 21:49:40 ----D---- D:\WINDOWS\system32\3com_dmi
2010-03-18 20:46:39 ----D---- D:\WINDOWS\WinSxS
2010-03-18 17:44:23 ----A---- D:\WINDOWS\system32\guard32.dll
2010-03-17 19:41:37 ----D---- D:\Documents and Settings\All Users.WINDOWS\Data aplikací\Comodo
2010-03-17 14:12:53 ----D---- D:\Program Files\Common Files\Apple
2010-03-17 09:53:00 ----D---- D:\Program Files\Microsoft Silverlight
2010-03-17 00:11:21 ----D---- D:\WINDOWS\system32\CatRoot
2010-03-16 07:28:35 ----A---- D:\WINDOWS\win.ini
2010-03-16 07:26:58 ----HDC---- D:\WINDOWS\$NtUninstallWMFDist11$
2010-03-16 06:46:34 ----SD---- D:\WINDOWS\Downloaded Program Files
2010-03-16 06:41:07 ----D---- D:\WINDOWS\SoftwareDistribution
2010-03-16 06:33:35 ----D---- D:\WINDOWS\system32\KB905474
2010-03-14 15:26:48 ----D---- D:\WINDOWS\system32\NtmsData
2010-03-14 15:25:24 ----SHD---- D:\System Volume Information
2010-03-14 15:14:02 ----D---- D:\WINDOWS\repair
2010-03-14 15:13:49 ----D---- D:\WINDOWS\Registration
2010-03-14 15:00:43 ----D---- D:\Program Files\Common Files\Real
2010-03-14 15:00:26 ----D---- D:\Program Files\Real
2010-03-14 15:00:07 ----D---- D:\Documents and Settings\ADAM.ADAM-45D573CD9E\Data aplikací\Real
2010-03-14 14:58:17 ----D---- D:\Documents and Settings\ADAM.ADAM-45D573CD9E\Data aplikací\IObit
2010-03-14 09:27:10 ----D---- D:\WINDOWS\system32\DirectX
2010-03-14 05:02:17 ----HDC---- D:\WINDOWS\$NtUninstallKB971961$
2010-03-14 05:00:18 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2010-03-14 04:56:37 ----D---- D:\WINDOWS\Internet Logs
2010-03-14 04:56:36 ----D---- D:\WINDOWS\system32\Setup
2010-03-14 04:56:36 ----D---- D:\WINDOWS\AppPatch
2010-03-14 04:56:36 ----D---- D:\Program Files\Messenger
2010-03-14 04:56:34 ----D---- D:\WINDOWS\system32\wbem
2010-03-14 04:56:32 ----RSD---- D:\WINDOWS\Fonts
2010-03-13 07:30:02 ----D---- D:\Program Files\Movie Maker
2010-03-13 06:36:05 ----D---- D:\WINDOWS\security
2010-03-13 06:25:27 ----D---- D:\WINDOWS\ehome
2010-03-13 06:25:25 ----D---- D:\WINDOWS\system32\inetsrv
2010-03-13 06:25:24 ----D---- D:\WINDOWS\network diagnostic
2010-03-13 06:25:24 ----D---- D:\WINDOWS\ime
2010-03-13 06:25:01 ----D---- D:\WINDOWS\system32\usmt
2010-03-13 06:25:00 ----D---- D:\WINDOWS\l2schemas
2010-03-13 06:24:59 ----D---- D:\WINDOWS\system32\cs
2010-03-13 06:24:59 ----D---- D:\WINDOWS\system32\bits
2010-03-13 06:24:59 ----D---- D:\WINDOWS\PeerNet
2010-03-13 06:20:12 ----D---- D:\WINDOWS\system32\Restore
2010-03-13 06:20:12 ----D---- D:\WINDOWS\system32\npp
2010-03-13 06:20:09 ----D---- D:\WINDOWS\msagent
2010-03-13 06:20:07 ----D---- D:\WINDOWS\srchasst
2010-03-13 06:20:06 ----D---- D:\Program Files\NetMeeting
2010-03-13 06:20:03 ----D---- D:\WINDOWS\system32\Com
2010-03-13 06:19:59 ----D---- D:\Program Files\Windows NT
2010-03-13 06:19:54 ----D---- D:\Program Files\Common Files\System
2010-03-13 06:19:20 ----D---- D:\WINDOWS\system32\oobe
2010-03-13 06:19:17 ----D---- D:\WINDOWS\system
2010-03-13 06:13:57 ----HDC---- D:\WINDOWS\$NtServicePackUninstall$
2010-03-12 07:44:16 ----D---- D:\Program Files\Sanny Builder 3
2010-03-11 17:23:04 ----SHD---- D:\WINDOWS\system32\28463
2010-03-09 19:26:19 ----D---- D:\Fraps
2010-03-09 01:30:10 ----D---- D:\Program Files\ESET
2010-03-08 15:48:46 ----D---- D:\WINDOWS\Logs
2010-03-08 15:48:45 ----RSD---- D:\WINDOWS\assembly
2010-03-08 15:40:07 ----D---- D:\Program Files\EA Games
2010-03-08 15:28:57 ----D---- D:\Documents and Settings
2010-03-04 12:24:31 ----D---- D:\Program Files\Common Files
2010-03-04 01:01:22 ----D---- D:\Documents and Settings\All Users.WINDOWS\Data aplikací\IObit
2010-02-28 19:45:28 ----D---- D:\Documents and Settings\All Users.WINDOWS\Data aplikací\Real
2010-02-28 14:28:36 ----D---- D:\Program Files\CLE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; D:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-26 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; D:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-26 29512]
R1 AvgTdiX;AVG Network Redirector; D:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-26 242696]
R1 intelppm;Řadič procesoru Intel; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SASDIFSV;SASDIFSV; \??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 truecrypt;truecrypt; D:\WINDOWS\System32\drivers\truecrypt.sys [2010-03-02 223432]
R1 VBoxDrv;VirtualBox Service; D:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2009-11-30 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; D:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2009-11-30 41616]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-11-25 4463104]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-02-05 202832]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; D:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2009-11-30 100048]
R3 VBoxNetFlt;VBoxNetFlt Service; D:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2009-11-30 110992]
S3 HdAudAddService;Ovladač funkcí Microsoft UAA pro služby sběrnice High Definition Audio; D:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; D:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; D:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; D:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\D:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\D:\WINDOWS\system32\SophosMEMSWEEP.SYS []
S3 nm;Ovladač programu Sledování sítě; D:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 PsSdk31;PsSdk31; \??\D:\WINDOWS\system32\Drivers\pssdk31.drv []
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-02-05 202832]
S3 SASENUM;SASENUM; \??\D:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RsFx0102;RsFx0102 Driver; D:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2009-11-25 602112]
R2 avg9emc;AVG E-mail Scanner; D:\Program Files\AVG\AVG9\avgemc.exe [2010-03-26 916760]
R2 avg9wd;AVG WatchDog; D:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-26 308064]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2009-12-27 153376]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); d:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448]
R2 Pml Driver HPZ12;Pml Driver HPZ12; D:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 PnkBstrA;PnkBstrA; D:\WINDOWS\system32\PnkBstrA.exe [2009-11-19 66872]
R2 SQLWriter;SQL Server VSS Writer; d:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; D:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-02-23 369920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; d:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 SVC;SVC; D:\DOCUME~1\ADAM~1.ADA\LOCALS~1\Temp\SVC.exe []
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; d:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); d:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S4 SQLBrowser;SQL Server Browser; d:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]

-----------------EOF-----------------

Zdravím

Na logu se pracuje, prosím o strpení.

Doporučuji odinstalovat Advanced SystemCare 3.



Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

A proč odinstalovat advancet system care ?

ComboFix 10-03-26.02 - ADAM 27.03.2010 16:58:11.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.432 [GMT 1:00]
Spuštěný z: d:\documents and settings\ADAM.ADAM-45D573CD9E\Plocha\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Explorer.exe
d:\documents and settings\ADAM.ADAM-45D573CD9E\Dokumenty\cc_20091119_070228.reg
d:\documents and settings\ADAM.ADAM-45D573CD9E\Dokumenty\winlogon.exe
d:\documents and settings\ADAM.ADAM-45D573CD9E\Hosts
d:\program files\HTV
d:\program files\HTV\akv.cfg
d:\program files\HTV\HTV.chm
d:\program files\HTV\menu.gif
d:\program files\HTV\qs.html
d:\program files\HTV\tray.gif
d:\program files\HTV\Uninstall.exe
d:\program files\Mozilla Firefox\searchplugins\qipsearch.xml
d:\recycler\Nová složka
d:\recycler\S-1-5-21-1229272821-602609370-1801674531-1003
d:\recycler\S-1-5-21-1229272821-602609370-1801674531-1004
d:\recycler\S-1-5-21-1229272821-602609370-1801674531-1005
d:\recycler\S-1-5-21-1229272821-602609370-1801674531-1006
d:\windows\eithirtyfour.dll
d:\windows\regedit.com
d:\windows\system32\28463
d:\windows\system32\28463\AKV.exe
d:\windows\system32\28463\key.bin
d:\windows\system32\28463\RRQM.006
d:\windows\system32\28463\RRQM.007
d:\windows\system32\28463\UOMC.001
d:\windows\system32\28463\UOMC.005
d:\windows\system32\28463\UOMC.006
d:\windows\system32\28463\UOMC.007
d:\windows\system32\28463\UOMC.exe
d:\windows\system32\28463\WOME.001
d:\windows\system32\28463\WOME.006
d:\windows\system32\28463\WOME.007
d:\windows\system32\skype
d:\windows\system32\skype\klog.dat
d:\windows\system32\sysaddei34.dll
d:\windows\system32\taskmgr.com
d:\windows\v34peformatei.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Soubory vytvořené od 2010-02-27 do 2010-03-27 )))))))))))))))))))))))))))))))
.

2010-03-27 10:23 . 2010-03-27 10:23 -------- d-----w- D:\$AVG
2010-03-26 22:20 . 2010-03-26 22:20 12464 ----a-w- d:\windows\system32\avgrsstx.dll
2010-03-26 22:20 . 2010-03-26 22:20 52872 ----a-w- d:\windows\system32\drivers\avgrkx86.sys
2010-03-26 22:20 . 2010-03-26 22:20 242696 ----a-w- d:\windows\system32\drivers\avgtdix.sys
2010-03-26 22:20 . 2010-03-26 22:20 216200 ----a-w- d:\windows\system32\drivers\avgldx86.sys
2010-03-26 22:19 . 2010-03-26 22:20 29512 ----a-w- d:\windows\system32\drivers\avgmfx86.sys
2010-03-26 22:19 . 2010-03-27 10:24 -------- d-----w- d:\windows\system32\drivers\Avg
2010-03-26 21:45 . 2003-04-11 00:12 45623 ----a-w- d:\windows\kbldqlom.EXE
2010-03-26 20:50 . 2010-03-26 20:50 -------- d-----w- d:\program files\Easy Screen Recorder
2010-03-26 20:01 . 2003-04-11 00:12 45623 ----a-w- d:\windows\agtnaneh.EXE
2010-03-26 16:51 . 2010-03-26 16:51 -------- d-----w- d:\program files\Expert Debugger
2010-03-26 13:12 . 2003-04-11 00:12 45623 ----a-w- d:\windows\trecpcdp.EXE
2010-03-25 19:36 . 2003-04-11 00:12 45623 ----a-w- d:\windows\zmrezmgr.EXE
2010-03-25 19:16 . 2003-04-11 00:12 45623 ----a-w- d:\windows\qkxsfsby.EXE
2010-03-25 19:12 . 2003-04-11 00:12 45623 ----a-w- d:\windows\flflfdfq.EXE
2010-03-25 19:11 . 2003-04-11 00:12 45623 ----a-w- d:\windows\gqisfikf.EXE
2010-03-25 19:05 . 2003-04-11 00:12 45623 ----a-w- d:\windows\gxhzulva.EXE
2010-03-25 19:03 . 2003-04-11 00:12 45623 ----a-w- d:\windows\erecwcrg.EXE
2010-03-25 18:36 . 2003-04-11 00:12 45623 ----a-w- d:\windows\kumwnbli.EXE
2010-03-25 14:11 . 2003-04-11 00:12 45623 ----a-w- d:\windows\pcpcpnwg.EXE
2010-03-25 13:31 . 2003-04-11 00:12 45623 ----a-w- d:\windows\gxhzulvl.EXE
2010-03-25 12:31 . 2003-04-11 00:12 45623 ----a-w- d:\windows\kpcagtcd.EXE
2010-03-25 06:25 . 2003-04-11 00:12 45623 ----a-w- d:\windows\vpcpkeyw.EXE
2010-03-25 06:12 . 2003-04-11 00:12 45623 ----a-w- d:\windows\jwjdjwxb.EXE
2010-03-24 18:02 . 2003-04-11 00:12 45623 ----a-w- d:\windows\ydqdjwxc.EXE
2010-03-24 17:40 . 2003-04-11 00:12 45623 ----a-w- d:\windows\SCANDISK.exe
2010-03-24 17:40 . 2003-04-11 00:12 45623 ----a-w- d:\windows\hzjavnxc.EXE
2010-03-20 23:07 . 2010-03-20 23:10 -------- d-----w- d:\documents and settings\ADAM.ADAM-45D573CD9E\.VirtualBox
2010-03-20 23:05 . 2009-11-30 11:27 123280 ----a-w- d:\windows\system32\drivers\VBoxDrv.sys
2010-03-20 23:05 . 2009-11-30 11:27 41616 ----a-w- d:\windows\system32\drivers\VBoxUSBMon.sys
2010-03-20 23:05 . 2010-03-20 23:05 -------- d-----w- d:\program files\Sun
2010-03-20 08:37 . 2010-03-20 08:37 -------- d-sh--w- d:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2010-03-20 08:36 . 2010-03-20 08:36 -------- d-sh--w- d:\documents and settings\ADAM.ADAM-45D573CD9E\IECompatCache
2010-03-20 08:34 . 2010-03-20 08:34 -------- d-sh--w- d:\documents and settings\ADAM.ADAM-45D573CD9E\PrivacIE
2010-03-20 08:32 . 2010-03-20 08:32 -------- d-sh--w- d:\documents and settings\ADAM.ADAM-45D573CD9E\IETldCache
2010-03-19 18:17 . 2009-12-11 08:38 69120 -c----w- d:\windows\system32\dllcache\iecompat.dll
2010-03-19 18:16 . 2010-03-20 10:04 -------- d-----w- d:\windows\ie8updates
2010-03-19 18:13 . 2009-12-21 19:08 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll
2010-03-19 18:13 . 2009-12-21 19:08 594432 -c----w- d:\windows\system32\dllcache\msfeeds.dll
2010-03-19 18:13 . 2009-12-21 19:08 55296 -c----w- d:\windows\system32\dllcache\msfeedsbs.dll
2010-03-19 18:13 . 2009-12-21 19:08 1985536 -c----w- d:\windows\system32\dllcache\iertutil.dll
2010-03-19 18:13 . 2009-12-21 19:08 246272 -c----w- d:\windows\system32\dllcache\ieproxy.dll
2010-03-19 18:13 . 2009-12-21 19:08 11070464 -c----w- d:\windows\system32\dllcache\ieframe.dll
2010-03-19 18:08 . 2010-03-19 18:13 -------- dc-h--w- d:\windows\ie8
2010-03-17 18:42 . 2010-03-18 19:34 -------- d-----w- D:\Sandbox
2010-03-17 18:41 . 2010-03-20 11:41 758145 ----a-w- d:\windows\system32\drivers\sfi.dat
2010-03-17 18:36 . 2010-03-17 18:36 -------- d-----w- d:\program files\COMODO
2010-03-17 13:13 . 2010-03-17 13:13 -------- d-----w- d:\program files\QuickTime
2010-03-17 13:12 . 2010-03-17 13:12 -------- d-----w- d:\program files\Apple Software Update
2010-03-16 17:29 . 2009-08-06 18:23 274288 ----a-w- d:\windows\system32\mucltui.dll
2010-03-16 10:23 . 2010-03-16 10:23 -------- d-----w- d:\program files\Webteh
2010-03-16 06:28 . 2010-03-16 06:28 -------- d-----w- d:\program files\Windows Media Connect 2
2010-03-16 05:52 . 2010-03-16 05:52 -------- d-----w- d:\program files\Agnitum
2010-03-15 09:54 . 2010-03-15 09:54 -------- d-----w- d:\program files\GTATools
2010-03-14 08:27 . 2010-02-04 09:01 74072 ----a-w- d:\windows\system32\XAPOFX1_4.dll
2010-03-14 08:27 . 2010-02-04 09:01 528216 ----a-w- d:\windows\system32\XAudio2_6.dll
2010-03-14 08:27 . 2010-02-04 09:01 238936 ----a-w- d:\windows\system32\xactengine3_6.dll
2010-03-14 08:27 . 2010-02-04 09:01 22360 ----a-w- d:\windows\system32\X3DAudio1_7.dll
2010-03-14 08:27 . 2009-09-04 16:44 515416 ----a-w- d:\windows\system32\XAudio2_5.dll
2010-03-14 08:27 . 2009-09-04 16:44 238936 ----a-w- d:\windows\system32\xactengine3_5.dll
2010-03-14 08:27 . 2009-09-04 16:29 1974616 ----a-w- d:\windows\system32\D3DCompiler_42.dll
2010-03-14 08:27 . 2009-09-04 16:29 5501792 ----a-w- d:\windows\system32\d3dcsx_42.dll
2010-03-14 08:27 . 2009-09-04 16:29 235344 ----a-w- d:\windows\system32\d3dx11_42.dll
2010-03-14 08:27 . 2009-09-04 16:29 453456 ----a-w- d:\windows\system32\d3dx10_42.dll
2010-03-14 08:21 . 2010-03-14 08:21 -------- d-----w- d:\windows\system32\CatRoot_bak
2010-03-13 09:22 . 2008-04-14 07:52 221184 ----a-w- d:\windows\system32\wmpns.dll
2010-03-13 08:10 . 2009-12-09 05:55 726528 -c--a-w- d:\windows\system32\dllcache\jscript.dll
2010-03-13 05:19 . 2008-04-14 07:52 294912 -c----w- d:\windows\system32\dllcache\dlimport.exe
2010-03-12 06:22 . 2010-02-12 10:03 293376 ------w- d:\windows\system32\browserchoice.exe
2010-03-11 15:41 . 2010-03-11 15:55 -------- d-----w- d:\program files\AV Vcs 4.0
2010-03-11 15:25 . 2010-03-18 21:07 -------- d-----w- D:\!KillBox
2010-03-09 18:09 . 2010-03-13 06:25 4212 ---h--w- d:\windows\system32\zllictbl.dat
2010-03-09 18:01 . 2010-03-09 18:01 -------- d-----w- d:\program files\iWEB Studio
2010-03-09 18:01 . 2010-03-09 18:01 796672 ----a-w- d:\windows\GPInstall.exe
2010-03-09 14:03 . 2010-03-09 14:03 -------- d-----w- d:\program files\Avira
2010-03-09 13:02 . 2010-03-16 17:18 0 ----a-w- d:\windows\Access Lock.dat
2010-03-08 14:49 . 2008-05-30 13:19 507400 ----a-w- d:\windows\system32\XAudio2_1.dll
2010-03-08 14:49 . 2008-05-30 13:17 65032 ----a-w- d:\windows\system32\XAPOFX1_0.dll
2010-03-08 14:49 . 2008-05-30 13:18 238088 ----a-w- d:\windows\system32\xactengine3_1.dll
2010-03-08 14:49 . 2008-05-30 13:17 25608 ----a-w- d:\windows\system32\X3DAudio1_4.dll
2010-03-08 14:49 . 2008-05-30 13:11 467984 ----a-w- d:\windows\system32\d3dx10_38.dll
2010-03-08 14:49 . 2008-05-30 13:11 1491992 ----a-w- d:\windows\system32\D3DCompiler_38.dll
2010-03-08 14:49 . 2008-05-30 13:11 3850760 ----a-w- d:\windows\system32\D3DX9_38.dll
2010-03-04 11:29 . 2010-03-06 08:50 -------- d-----w- d:\program files\PC Tools Firewall Plus
2010-03-04 11:24 . 2010-03-06 08:50 -------- d-----w- d:\program files\Common Files\PC Tools
2010-03-04 11:24 . 2010-03-05 06:55 -------- d-----w- d:\program files\Spyware Doctor
2010-03-03 23:02 . 2010-03-03 23:02 -------- d--h--w- d:\windows\system32\GroupPolicy
2010-03-02 12:32 . 2010-03-02 12:32 223432 ----a-w- d:\windows\system32\drivers\truecrypt.sys
2010-03-02 12:32 . 2010-03-02 12:32 -------- d-----w- d:\program files\TrueCrypt
2010-02-28 12:48 . 2010-02-28 12:48 -------- d-----w- d:\program files\AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-26 21:45 . 2009-12-16 23:11 139831 ----a-w- d:\windows\War3Unin.exe
2010-03-26 21:45 . 2004-08-17 13:49 50176 ----a-w- d:\windows\system32\utilman.exe
2010-03-26 21:45 . 2004-08-17 13:49 35840 ----a-w- d:\windows\system32\rcimlby.exe
2010-03-26 21:45 . 2004-08-17 13:49 347136 ----a-w- d:\windows\system32\tourstart.exe
2010-03-26 21:45 . 2004-08-17 13:49 69632 ----a-w- d:\windows\system32\notepad.exe
2010-03-26 21:45 . 2004-08-17 13:49 143872 ----a-w- d:\windows\system32\mobsync.exe
2010-03-26 21:45 . 2004-08-17 13:49 72704 ----a-w- d:\windows\system32\magnify.exe
2010-03-26 21:45 . 2004-08-17 13:49 390144 ----a-w- d:\windows\system32\cmd.exe
2010-03-23 06:07 . 2008-12-16 22:25 -------- d-----w- d:\program files\Burn4Free
2010-03-18 16:44 . 2010-02-17 00:36 276648 ----a-w- d:\windows\system32\guard32.dll
2010-03-18 16:44 . 2010-02-17 00:36 25160 ----a-w- d:\windows\system32\drivers\cmdhlp.sys
2010-03-18 16:44 . 2010-02-17 00:36 214056 ----a-w- d:\windows\system32\drivers\cmdGuard.sys
2010-03-18 16:44 . 2010-02-17 00:36 15376 ----a-w- d:\windows\system32\drivers\cmderd.sys
2010-03-17 13:12 . 2009-01-05 12:42 -------- d-----w- d:\program files\Common Files\Apple
2010-03-17 08:53 . 2009-12-05 22:04 -------- d-----w- d:\program files\Microsoft Silverlight
2010-03-14 14:00 . 2009-01-05 11:36 -------- d-----w- d:\program files\Common Files\Real
2010-03-14 14:00 . 2010-01-14 22:55 -------- d-----w- d:\program files\Real
2010-03-14 04:00 . 2001-10-25 14:00 99578 ----a-w- d:\windows\system32\perfc005.dat
2010-03-14 04:00 . 2001-10-25 14:00 488546 ----a-w- d:\windows\system32\perfh005.dat
2010-03-13 05:28 . 2009-11-17 14:29 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-13 05:28 . 2009-11-17 14:29 2740 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-12 06:44 . 2009-11-14 08:24 -------- d-----w- d:\program files\Sanny Builder 3
2010-03-09 00:30 . 2008-12-15 14:49 -------- d-----w- d:\program files\ESET
2010-03-08 14:40 . 2009-11-19 16:56 -------- d-----w- d:\program files\EA Games
2010-02-28 13:28 . 2010-02-12 22:11 -------- d-----w- d:\program files\CLE
2010-02-25 13:34 . 2010-02-19 18:10 -------- d-----w- d:\program files\FKG
2010-02-18 21:36 . 2009-12-05 22:00 -------- d-----w- d:\program files\Microsoft Visual Studio 9.0
2010-02-18 21:34 . 2010-02-18 21:34 -------- d-----w- d:\program files\Reference Assemblies
2010-02-17 22:02 . 2010-02-17 20:49 -------- d-----w- d:\program files\Microsoft.NET
2010-02-17 20:56 . 2009-12-05 22:04 -------- d-----w- d:\program files\Microsoft SQL Server
2010-02-17 20:21 . 2010-02-17 20:21 -------- d-----w- d:\program files\Microsoft WSE
2010-02-16 20:28 . 2010-02-10 17:17 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-02-13 20:44 . 2009-12-12 23:28 -------- d-----w- d:\program files\IObit
2010-02-12 23:38 . 2010-02-12 23:38 -------- d-----w- d:\program files\Eraser
2010-02-12 11:49 . 2010-02-12 11:49 1660848 ----a-w- d:\windows\system32\Bl4ckB0x.dll
2010-02-11 21:31 . 2010-01-09 16:49 -------- d-----w- d:\program files\Cain
2010-02-10 15:34 . 2010-02-10 15:34 98304 ----a-w- d:\windows\system32\CmdLineExt.dll
2010-02-09 21:40 . 2010-02-09 21:40 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2010-02-09 21:34 . 2009-01-01 15:19 -------- d-----w- d:\program files\Common Files\Skype
2010-02-09 21:34 . 2009-01-01 15:19 -------- d-----r- d:\program files\Skype
2010-02-09 17:10 . 2009-11-19 17:10 138184 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2010-02-09 17:09 . 2009-11-19 17:10 183112 ----a-w- d:\windows\system32\PnkBstrB.exe
2010-02-08 14:43 . 2010-02-08 14:43 -------- d-----w- d:\program files\The Sims 3
2010-02-07 16:41 . 2010-02-07 16:41 86016 ----a-w- d:\windows\system32\frapsvid.dll
2010-02-07 14:52 . 2010-02-07 14:52 -------- d-----w- d:\program files\Nová složka (4)
2010-02-05 08:45 . 2009-11-17 14:56 202832 ----a-w- d:\windows\system32\drivers\Rtenicxp.sys
2010-02-04 21:19 . 2010-02-04 21:19 552 ----a-w- d:\windows\system32\d3d8caps.dat
2010-02-02 19:38 . 2010-02-02 19:38 -------- d-----w- d:\program files\SocksCapV2
2010-01-28 05:52 . 2009-12-29 15:21 -------- d-----w- d:\program files\ATI
2010-01-24 15:07 . 2010-01-24 15:07 737280 ----a-w- d:\windows\iun6002.exe
2010-01-12 04:35 . 2010-01-12 04:35 100896 ----a-w- d:\windows\system32\RTNUninst32.dll
2010-01-12 04:35 . 2010-01-12 04:35 80416 ----a-w- d:\windows\system32\RtNicProp32.dll
2010-01-10 22:38 . 2010-01-10 22:37 16403276 ------w- D:\lf2_5_v1_25.exe
2010-01-10 22:01 . 2010-01-10 22:01 2601616 ------w- D:\icinst.exe
2010-01-10 18:26 . 2010-01-10 18:26 2601616 ------w- D:\IMUS12rf.exe
2010-01-09 23:27 . 2010-01-09 23:26 31763456 ------w- D:\LF2_v20a_Setup.exe
2010-01-09 22:36 . 2010-01-09 22:35 6136392 ------w- D:\eac-setup.exe
2010-01-09 17:25 . 2010-01-09 17:25 34 ------w- d:\documents and settings\ADAM.ADAM-45D573CD9E\crash.bat
2009-12-31 16:50 . 2004-08-03 21:14 353792 ----a-w- d:\windows\system32\drivers\srv.sys
2009-12-27 19:06 . 2009-12-27 19:06 411368 ----a-w- d:\windows\system32\deploytk.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "d:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 13:04 1664256 ----a-w- d:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="d:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Eraser"="d:\progra~1\Eraser\Eraser.exe" [2009-12-15 976784]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-02-15 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-26 22:20 12464 ----a-w- d:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\windows\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 AvgRkx86;avgrkx86.sys;d:\windows\system32\drivers\avgrkx86.sys [26.3.2010 23:20 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [26.3.2010 23:20 216200]
R1 AvgTdiX;AVG Network Redirector;d:\windows\system32\drivers\avgtdix.sys [26.3.2010 23:20 242696]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [15.9.2009 11:42 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15.9.2009 11:42 74480]
R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [21.3.2010 0:05 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [21.3.2010 0:05 41616]
R2 avg9emc;AVG E-mail Scanner;d:\program files\AVG\AVG9\avgemc.exe [26.3.2010 23:18 916760]
R2 avg9wd;AVG WatchDog;d:\program files\AVG\AVG9\avgwdsvc.exe [26.3.2010 23:18 308064]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [30.11.2009 12:27 100048]
R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [30.11.2009 12:27 110992]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;d:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [26.3.2010 23:19 369920]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\d:\windows\system32\drivers\mbamswissarmy.sys --> d:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\d:\windows\system32\SophosMEMSWEEP.SYS --> d:\windows\system32\SophosMEMSWEEP.SYS [?]
S3 PsSdk31;PsSdk31;d:\windows\system32\drivers\pssdk31.drv [5.12.2009 13:26 30272]
S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [15.9.2009 11:42 7408]
S3 SVC;SVC;d:\docume~1\ADAM~1.ADA\LOCALS~1\Temp\SVC.exe --> d:\docume~1\ADAM~1.ADA\LOCALS~1\Temp\SVC.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;d:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;d:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);d:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-27 d:\windows\Tasks\User_Feed_Synchronization-{15B28055-F8FD-434A-938B-457F0CAEF148}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Crawler Search - tbr:iemenu
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - d:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - d:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{b12785f5-d8d0-4530-a3ea-5c4263b85bef} - (no file)
BHO-{b12785f5-d8d0-4530-a3ea-5c4263b85bef} - (no file)
Toolbar-{b12785f5-d8d0-4530-a3ea-5c4263b85bef} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{B12785F5-D8D0-4530-A3EA-5C4263B85BEF} - (no file)
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
AddRemove-BSPlayer1 - d:\program files\Webteh\BSplayer\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-27 17:07
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk31]
"ImagePath"="\??\d:\windows\system32\Drivers\pssdk31.drv"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1708537768-861567501-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:0d,84,70,74,da,58,f4,82,45,01,a2,9c,9e,72,9a,6c,95,25,68,76,63,
e0,b4,5b,9f,03,b4,e4,1d,39,aa,dc,08,f2,d0,91,2b,22,91,24,3d,cb,96,aa,c3,8b,\
"rkeysecu"=hex:69,31,94,e9,5f,ca,97,b8,ac,fd,f4,fc,07,af,cd,e3
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(676)
d:\program files\SUPERAntiSpyware\SASWINLO.dll
d:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2376)
d:\windows\system32\msi.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\AVG\AVG9\avgchsvx.exe
d:\program files\AVG\AVG9\avgrsx.exe
d:\program files\AVG\AVG9\avgcsrvx.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
d:\windows\system32\HPZipm12.exe
d:\windows\system32\PnkBstrA.exe
d:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
d:\program files\AVG\AVG9\avgam.exe
d:\program files\AVG\AVG9\avgnsx.exe
d:\program files\AVG\AVG9\avgcsrvx.exe
d:\windows\system32\wscntfy.exe
d:\windows\RTHDCPL.EXE
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-03-27 17:10:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-27 16:10
ComboFix2.txt 2009-02-18 12:42

Před spuštěním: Volných bajtů: 12 863 918 080
Po spuštění: Volných bajtů: 21 484 486 656

- - End Of File - - FDD3A8B61AA083303ED328DC1C1B0662

Omlouvám se za zpoždění Vydržte, napíšu skript na smazání.

Pokud nemáte, přesuňte Combofix na plochu

• Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

• Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
  
• Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

ComboFix 10-03-27.03 - ADAM 28.03.2010 13:27:42.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.597 [GMT 2:00]
Spuštěný z: d:\documents and settings\ADAM.ADAM-45D573CD9E\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\ADAM.ADAM-45D573CD9E\Plocha\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"d:\docume~1\ADAM~1.ADA\LOCALS~1\Temp\SVC.exe"
"d:\windows\agtnaneh.EXE"
"d:\windows\erecwcrg.EXE"
"d:\windows\flflfdfq.EXE"
"d:\windows\gqisfikf.EXE"
"d:\windows\gxhzulva.EXE"
"d:\windows\gxhzulvl.EXE"
"d:\windows\hzjavnxc.EXE"
"d:\windows\jwjdjwxb.EXE"
"d:\windows\kbldqlom.EXE"
"d:\windows\kpcagtcd.EXE"
"d:\windows\kumwnbli.EXE"
"d:\windows\pcpcpnwg.EXE"
"d:\windows\qkxsfsby.EXE"
"d:\windows\SCANDISK.exe"
"d:\windows\trecpcdp.EXE"
"d:\windows\vpcpkeyw.EXE"
"d:\windows\ydqdjwxc.EXE"
"d:\windows\zmrezmgr.EXE"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SVC
-------\Service_SVC


((((((((((((((((((((((((( Soubory vytvořené od 2010-02-28 do 2010-03-28 )))))))))))))))))))))))))))))))
.

2010-03-27 23:22 . 2010-03-27 23:50 -------- d-----w- d:\program files\Nero
2010-03-27 23:22 . 2010-03-27 23:36 -------- d-----w- d:\program files\Common Files\Nero
2010-03-27 16:59 . 2010-01-07 15:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-03-27 16:59 . 2010-03-27 16:59 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-03-27 16:59 . 2010-01-07 15:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-03-27 16:22 . 2010-03-27 16:43 -------- d-----w- d:\documents and settings\ADAM.ADAM-45D573CD9E\DoctorWeb
2010-03-27 10:23 . 2010-03-27 10:23 -------- d-----w- D:\$AVG
2010-03-26 20:50 . 2010-03-27 19:55 -------- d-----w- d:\program files\Easy Screen Recorder
2010-03-26 16:51 . 2010-03-26 16:51 -------- d-----w- d:\program files\Expert Debugger
2010-03-20 23:07 . 2010-03-20 23:10 -------- d-----w- d:\documents and settings\ADAM.ADAM-45D573CD9E\.VirtualBox
2010-03-20 23:05 . 2009-11-30 11:27 123280 ----a-w- d:\windows\system32\drivers\VBoxDrv.sys
2010-03-20 23:05 . 2009-11-30 11:27 41616 ----a-w- d:\windows\system32\drivers\VBoxUSBMon.sys
2010-03-20 23:05 . 2010-03-20 23:05 -------- d-----w- d:\program files\Sun
2010-03-20 08:37 . 2010-03-20 08:37 -------- d-sh--w- d:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2010-03-20 08:36 . 2010-03-20 08:36 -------- d-sh--w- d:\documents and settings\ADAM.ADAM-45D573CD9E\IECompatCache
2010-03-20 08:34 . 2010-03-20 08:34 -------- d-sh--w- d:\documents and settings\ADAM.ADAM-45D573CD9E\PrivacIE
2010-03-20 08:32 . 2010-03-20 08:32 -------- d-sh--w- d:\documents and settings\ADAM.ADAM-45D573CD9E\IETldCache
2010-03-19 18:17 . 2009-12-11 08:38 69120 -c----w- d:\windows\system32\dllcache\iecompat.dll
2010-03-19 18:16 . 2010-03-20 10:04 -------- d-----w- d:\windows\ie8updates
2010-03-19 18:13 . 2009-12-21 19:08 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll
2010-03-19 18:13 . 2009-12-21 19:08 594432 -c----w- d:\windows\system32\dllcache\msfeeds.dll
2010-03-19 18:13 . 2009-12-21 19:08 55296 -c----w- d:\windows\system32\dllcache\msfeedsbs.dll
2010-03-19 18:13 . 2009-12-21 19:08 1985536 -c----w- d:\windows\system32\dllcache\iertutil.dll
2010-03-19 18:13 . 2009-12-21 19:08 246272 -c----w- d:\windows\system32\dllcache\ieproxy.dll
2010-03-19 18:13 . 2009-12-21 19:08 11070464 -c----w- d:\windows\system32\dllcache\ieframe.dll
2010-03-19 18:08 . 2010-03-19 18:13 -------- dc-h--w- d:\windows\ie8
2010-03-17 18:42 . 2010-03-18 19:34 -------- d-----w- D:\Sandbox
2010-03-17 18:41 . 2010-03-20 11:41 758145 ----a-w- d:\windows\system32\drivers\sfi.dat
2010-03-17 18:36 . 2010-03-17 18:36 -------- d-----w- d:\program files\COMODO
2010-03-17 13:13 . 2010-03-17 13:13 -------- d-----w- d:\program files\QuickTime
2010-03-17 13:12 . 2010-03-17 13:12 -------- d-----w- d:\program files\Apple Software Update
2010-03-16 17:29 . 2009-08-06 18:23 274288 ----a-w- d:\windows\system32\mucltui.dll
2010-03-16 10:23 . 2010-03-16 10:23 -------- d-----w- d:\program files\Webteh
2010-03-16 06:28 . 2010-03-16 06:28 -------- d-----w- d:\program files\Windows Media Connect 2
2010-03-16 05:52 . 2010-03-16 05:52 -------- d-----w- d:\program files\Agnitum
2010-03-15 09:54 . 2010-03-15 09:54 -------- d-----w- d:\program files\GTATools
2010-03-14 08:27 . 2010-02-04 09:01 74072 ----a-w- d:\windows\system32\XAPOFX1_4.dll
2010-03-14 08:27 . 2010-02-04 09:01 528216 ----a-w- d:\windows\system32\XAudio2_6.dll
2010-03-14 08:27 . 2010-02-04 09:01 238936 ----a-w- d:\windows\system32\xactengine3_6.dll
2010-03-14 08:27 . 2010-02-04 09:01 22360 ----a-w- d:\windows\system32\X3DAudio1_7.dll
2010-03-14 08:27 . 2009-09-04 16:44 515416 ----a-w- d:\windows\system32\XAudio2_5.dll
2010-03-14 08:27 . 2009-09-04 16:44 238936 ----a-w- d:\windows\system32\xactengine3_5.dll
2010-03-14 08:27 . 2009-09-04 16:29 1974616 ----a-w- d:\windows\system32\D3DCompiler_42.dll
2010-03-14 08:27 . 2009-09-04 16:29 5501792 ----a-w- d:\windows\system32\d3dcsx_42.dll
2010-03-14 08:27 . 2009-09-04 16:29 235344 ----a-w- d:\windows\system32\d3dx11_42.dll
2010-03-14 08:27 . 2009-09-04 16:29 453456 ----a-w- d:\windows\system32\d3dx10_42.dll
2010-03-14 08:21 . 2010-03-14 08:21 -------- d-----w- d:\windows\system32\CatRoot_bak
2010-03-13 09:22 . 2008-04-14 07:52 221184 ----a-w- d:\windows\system32\wmpns.dll
2010-03-13 08:10 . 2009-12-09 05:55 726528 -c--a-w- d:\windows\system32\dllcache\jscript.dll
2010-03-13 05:19 . 2008-04-14 07:52 294912 -c----w- d:\windows\system32\dllcache\dlimport.exe
2010-03-12 06:22 . 2010-02-12 10:03 293376 ------w- d:\windows\system32\browserchoice.exe
2010-03-11 15:41 . 2010-03-28 00:40 -------- d-----w- d:\program files\AV Vcs 4.0
2010-03-11 15:25 . 2010-03-28 00:42 -------- d-----w- D:\!KillBox
2010-03-09 18:09 . 2010-03-13 06:25 4212 ---h--w- d:\windows\system32\zllictbl.dat
2010-03-09 18:01 . 2010-03-09 18:01 -------- d-----w- d:\program files\iWEB Studio
2010-03-09 18:01 . 2010-03-09 18:01 796672 ----a-w- d:\windows\GPInstall.exe
2010-03-09 14:03 . 2010-03-09 14:03 -------- d-----w- d:\program files\Avira
2010-03-09 13:02 . 2010-03-16 17:18 0 ----a-w- d:\windows\Access Lock.dat
2010-03-08 14:49 . 2008-05-30 13:19 507400 ----a-w- d:\windows\system32\XAudio2_1.dll
2010-03-08 14:49 . 2008-05-30 13:17 65032 ----a-w- d:\windows\system32\XAPOFX1_0.dll
2010-03-08 14:49 . 2008-05-30 13:18 238088 ----a-w- d:\windows\system32\xactengine3_1.dll
2010-03-08 14:49 . 2008-05-30 13:17 25608 ----a-w- d:\windows\system32\X3DAudio1_4.dll
2010-03-08 14:49 . 2008-05-30 13:11 467984 ----a-w- d:\windows\system32\d3dx10_38.dll
2010-03-08 14:49 . 2008-05-30 13:11 1491992 ----a-w- d:\windows\system32\D3DCompiler_38.dll
2010-03-08 14:49 . 2008-05-30 13:11 3850760 ----a-w- d:\windows\system32\D3DX9_38.dll
2010-03-04 11:29 . 2010-03-06 08:50 -------- d-----w- d:\program files\PC Tools Firewall Plus
2010-03-04 11:24 . 2010-03-06 08:50 -------- d-----w- d:\program files\Common Files\PC Tools
2010-03-04 11:24 . 2010-03-05 06:55 -------- d-----w- d:\program files\Spyware Doctor
2010-03-03 23:02 . 2010-03-03 23:02 -------- d--h--w- d:\windows\system32\GroupPolicy
2010-03-02 12:32 . 2010-03-02 12:32 223432 ----a-w- d:\windows\system32\drivers\truecrypt.sys
2010-03-02 12:32 . 2010-03-02 12:32 -------- d-----w- d:\program files\TrueCrypt
2010-02-28 12:48 . 2010-02-28 12:48 -------- d-----w- d:\program files\AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 10:13 . 2001-10-25 14:00 99578 ----a-w- d:\windows\system32\perfc005.dat
2010-03-28 10:13 . 2001-10-25 14:00 488546 ----a-w- d:\windows\system32\perfh005.dat
2010-03-26 21:45 . 2004-08-17 13:49 50176 ----a-w- d:\windows\system32\utilman.exe
2010-03-26 21:45 . 2004-08-17 13:49 35840 ----a-w- d:\windows\system32\rcimlby.exe
2010-03-26 21:45 . 2004-08-17 13:49 347136 ----a-w- d:\windows\system32\tourstart.exe
2010-03-26 21:45 . 2004-08-17 13:49 69632 ----a-w- d:\windows\system32\notepad.exe
2010-03-26 21:45 . 2004-08-17 13:49 143872 ----a-w- d:\windows\system32\mobsync.exe
2010-03-26 21:45 . 2004-08-17 13:49 72704 ----a-w- d:\windows\system32\magnify.exe
2010-03-26 21:45 . 2004-08-17 13:49 390144 ----a-w- d:\windows\system32\cmd.exe
2010-03-23 06:07 . 2008-12-16 22:25 -------- d-----w- d:\program files\Burn4Free
2010-03-18 16:44 . 2010-02-17 00:36 276648 ----a-w- d:\windows\system32\guard32.dll
2010-03-18 16:44 . 2010-02-17 00:36 25160 ----a-w- d:\windows\system32\drivers\cmdhlp.sys
2010-03-18 16:44 . 2010-02-17 00:36 214056 ----a-w- d:\windows\system32\drivers\cmdGuard.sys
2010-03-18 16:44 . 2010-02-17 00:36 15376 ----a-w- d:\windows\system32\drivers\cmderd.sys
2010-03-17 13:12 . 2009-01-05 12:42 -------- d-----w- d:\program files\Common Files\Apple
2010-03-17 08:53 . 2009-12-05 22:04 -------- d-----w- d:\program files\Microsoft Silverlight
2010-03-14 14:00 . 2009-01-05 11:36 -------- d-----w- d:\program files\Common Files\Real
2010-03-14 14:00 . 2010-01-14 22:55 -------- d-----w- d:\program files\Real
2010-03-13 05:28 . 2009-11-17 14:29 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-13 05:28 . 2009-11-17 14:29 2740 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-12 06:44 . 2009-11-14 08:24 -------- d-----w- d:\program files\Sanny Builder 3
2010-03-09 00:30 . 2008-12-15 14:49 -------- d-----w- d:\program files\ESET
2010-03-08 14:40 . 2009-11-19 16:56 -------- d-----w- d:\program files\EA Games
2010-02-28 13:28 . 2010-02-12 22:11 -------- d-----w- d:\program files\CLE
2010-02-25 13:34 . 2010-02-19 18:10 -------- d-----w- d:\program files\FKG
2010-02-18 21:36 . 2009-12-05 22:00 -------- d-----w- d:\program files\Microsoft Visual Studio 9.0
2010-02-18 21:34 . 2010-02-18 21:34 -------- d-----w- d:\program files\Reference Assemblies
2010-02-17 22:02 . 2010-02-17 20:49 -------- d-----w- d:\program files\Microsoft.NET
2010-02-17 20:56 . 2009-12-05 22:04 -------- d-----w- d:\program files\Microsoft SQL Server
2010-02-17 20:21 . 2010-02-17 20:21 -------- d-----w- d:\program files\Microsoft WSE
2010-02-16 20:28 . 2010-02-10 17:17 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-02-13 20:44 . 2009-12-12 23:28 -------- d-----w- d:\program files\IObit
2010-02-12 23:38 . 2010-02-12 23:38 -------- d-----w- d:\program files\Eraser
2010-02-12 11:49 . 2010-02-12 11:49 1660848 ----a-w- d:\windows\system32\Bl4ckB0x.dll
2010-02-11 21:31 . 2010-01-09 16:49 -------- d-----w- d:\program files\Cain
2010-02-10 15:34 . 2010-02-10 15:34 98304 ----a-w- d:\windows\system32\CmdLineExt.dll
2010-02-09 21:40 . 2010-02-09 21:40 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2010-02-09 21:34 . 2009-01-01 15:19 -------- d-----w- d:\program files\Common Files\Skype
2010-02-09 21:34 . 2009-01-01 15:19 -------- d-----r- d:\program files\Skype
2010-02-09 17:10 . 2009-11-19 17:10 138184 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2010-02-09 17:09 . 2009-11-19 17:10 183112 ----a-w- d:\windows\system32\PnkBstrB.exe
2010-02-08 14:43 . 2010-02-08 14:43 -------- d-----w- d:\program files\The Sims 3
2010-02-07 16:41 . 2010-02-07 16:41 86016 ----a-w- d:\windows\system32\frapsvid.dll
2010-02-07 14:52 . 2010-02-07 14:52 -------- d-----w- d:\program files\Nová složka (4)
2010-02-05 08:45 . 2009-11-17 14:56 202832 ----a-w- d:\windows\system32\drivers\Rtenicxp.sys
2010-02-04 21:19 . 2010-02-04 21:19 552 ----a-w- d:\windows\system32\d3d8caps.dat
2010-02-02 19:38 . 2010-02-02 19:38 -------- d-----w- d:\program files\SocksCapV2
2010-01-28 05:52 . 2009-12-29 15:21 -------- d-----w- d:\program files\ATI
2010-01-24 15:07 . 2010-01-24 15:07 737280 ----a-w- d:\windows\iun6002.exe
2010-01-12 04:35 . 2010-01-12 04:35 100896 ----a-w- d:\windows\system32\RTNUninst32.dll
2010-01-12 04:35 . 2010-01-12 04:35 80416 ----a-w- d:\windows\system32\RtNicProp32.dll
2010-01-10 22:38 . 2010-01-10 22:37 16403276 ------w- D:\lf2_5_v1_25.exe
2010-01-10 22:01 . 2010-01-10 22:01 2601616 ------w- D:\icinst.exe
2010-01-10 18:26 . 2010-01-10 18:26 2601616 ------w- D:\IMUS12rf.exe
2010-01-09 23:27 . 2010-01-09 23:26 31763456 ------w- D:\LF2_v20a_Setup.exe
2010-01-09 22:36 . 2010-01-09 22:35 6136392 ------w- D:\eac-setup.exe
2010-01-09 17:25 . 2010-01-09 17:25 34 ------w- d:\documents and settings\ADAM.ADAM-45D573CD9E\crash.bat
2009-12-31 16:50 . 2004-08-03 21:14 353792 ----a-w- d:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-03-27_16.07.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-28 11:34 . 2010-03-28 11:34 16384 d:\windows\Temp\Perflib_Perfdata_680.dat
+ 2001-10-25 14:00 . 2010-03-28 10:13 89482 d:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-03-14 04:00 89482 d:\windows\system32\perfc009.dat
+ 2010-03-27 23:36 . 2010-03-27 23:36 22016 d:\windows\Installer\50441a.msi
+ 2010-03-27 23:36 . 2010-03-27 23:36 28160 d:\windows\Installer\504414.msi
+ 2010-03-27 23:35 . 2010-03-27 23:35 38400 d:\windows\Installer\504408.msi
+ 2010-03-27 23:22 . 2010-03-27 23:22 44544 d:\windows\Installer\5043a1.msi
+ 2010-03-27 23:20 . 2010-03-27 23:20 32256 d:\windows\Installer\504396.msi
+ 2006-03-17 14:49 . 2006-03-17 14:49 368640 d:\windows\system32\twnlib4.dll
+ 2006-12-04 16:53 . 2006-12-04 16:53 187184 d:\windows\system32\pssuspend.exe
+ 2006-12-04 16:53 . 2006-12-04 16:53 207664 d:\windows\system32\psshutdown.exe
+ 2008-01-09 15:36 . 2008-01-09 15:36 107560 d:\windows\system32\psservice.exe
+ 2006-12-04 16:53 . 2006-12-04 16:53 105264 d:\windows\system32\pspasswd.exe
+ 2009-05-07 00:25 . 2009-05-07 00:25 177024 d:\windows\system32\psloglist.exe
+ 2006-12-04 16:53 . 2006-12-04 16:53 105264 d:\windows\system32\psloggedon.exe
+ 2006-12-04 16:53 . 2006-12-04 16:53 125744 d:\windows\system32\pslist.exe
+ 2009-12-01 09:52 . 2009-12-01 09:52 621944 d:\windows\system32\pskill.exe
+ 2007-07-09 10:23 . 2007-07-09 10:23 243072 d:\windows\system32\Psinfo.exe
+ 2006-12-04 16:53 . 2006-12-04 16:53 187184 d:\windows\system32\psgetsid.exe
+ 2006-12-04 16:53 . 2006-12-04 16:53 105264 d:\windows\system32\psfile.exe
+ 2009-12-01 09:53 . 2009-12-01 09:53 381304 d:\windows\system32\psexec.exe
+ 2001-10-25 14:00 . 2010-03-28 10:13 491382 d:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-03-14 04:00 491382 d:\windows\system32\perfh009.dat
+ 2008-07-04 09:23 . 2008-07-04 09:23 802816 d:\windows\system32\imagXRA7.dll
+ 2008-07-04 09:23 . 2008-07-04 09:23 258048 d:\windows\system32\imagXR7.dll
+ 2008-07-04 09:23 . 2008-07-04 09:23 497296 d:\windows\system32\imagXpr7.dll
+ 2010-03-27 23:20 . 2010-03-27 23:20 106496 d:\windows\Installer\504390.msi
+ 2010-03-27 23:20 . 2010-03-27 23:20 1233920 d:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2008-07-04 09:23 . 2008-07-04 09:23 1757184 d:\windows\system32\imagX7.dll
+ 2010-03-27 23:36 . 2010-03-27 23:36 4157952 d:\windows\Installer\504420.msi
+ 2010-03-27 23:35 . 2010-03-27 23:35 3654656 d:\windows\Installer\50440e.msi
+ 2010-03-27 23:35 . 2010-03-27 23:35 3655680 d:\windows\Installer\504402.msi
+ 2010-03-27 23:34 . 2010-03-27 23:34 3775488 d:\windows\Installer\5043fc.msi
+ 2010-03-27 23:33 . 2010-03-27 23:33 3655168 d:\windows\Installer\5043f6.msi
+ 2010-03-27 23:33 . 2010-03-27 23:33 3654144 d:\windows\Installer\5043f0.msi
+ 2010-03-27 23:32 . 2010-03-27 23:32 3654144 d:\windows\Installer\5043ea.msi
+ 2010-03-27 23:31 . 2010-03-27 23:31 3654144 d:\windows\Installer\5043e4.msi
+ 2010-03-27 23:31 . 2010-03-27 23:31 3664384 d:\windows\Installer\5043de.msi
+ 2010-03-27 23:30 . 2010-03-27 23:30 3702272 d:\windows\Installer\5043d8.msi
+ 2010-03-27 23:29 . 2010-03-27 23:29 3703296 d:\windows\Installer\5043d1.msi
+ 2010-03-27 23:28 . 2010-03-27 23:28 3705856 d:\windows\Installer\5043cb.msi
+ 2010-03-27 23:28 . 2010-03-27 23:28 3738624 d:\windows\Installer\5043c5.msi
+ 2010-03-27 23:27 . 2010-03-27 23:27 3830784 d:\windows\Installer\5043bf.msi
+ 2010-03-27 23:25 . 2010-03-27 23:25 3707392 d:\windows\Installer\5043b9.msi
+ 2010-03-27 23:24 . 2010-03-27 23:24 3707392 d:\windows\Installer\5043b3.msi
+ 2010-03-27 23:23 . 2010-03-27 23:23 3675136 d:\windows\Installer\5043ad.msi
+ 2010-03-27 23:22 . 2010-03-27 23:22 3728896 d:\windows\Installer\5043a7.msi
+ 2009-09-23 12:38 . 2009-09-23 12:38 2135336 d:\windows\Installer\$PatchCache$\Managed\C8CA84773E81BB3459B980F8EA1AF62B\9.4.19\SMC_NeroDigitalExt.dll
+ 2009-09-23 12:38 . 2009-09-23 12:38 2135336 d:\windows\Installer\$PatchCache$\Managed\C6BC7A5CD67EF804ABE058064502EFD9\4.4.37\SMC_NeroDigitalExt.dll
+ 2009-09-23 12:38 . 2009-09-23 12:38 2135336 d:\windows\Installer\$PatchCache$\Managed\B525902A77334F348B68236F6B7E53F6\5.4.37\SMC_NeroDigitalExt.dll
+ 2009-09-23 12:38 . 2009-09-23 12:38 2135336 d:\windows\Installer\$PatchCache$\Managed\A0CFC9531BEBD04459ABFC368AD63AF4\4.4.38\SMC_NeroDigitalExt.dll
+ 2009-09-23 12:38 . 2009-09-23 12:38 2135336 d:\windows\Installer\$PatchCache$\Managed\936A520D9C9BD714581302889500A08F\9.4.26\SMC_NeroDigitalExt.dll
+ 2009-09-23 12:38 . 2009-09-23 12:38 2135336 d:\windows\Installer\$PatchCache$\Managed\6113A595BB04F0E42A8E7D59D15A2607\9.4.26\SMC_NeroDigitalExt.dll
+ 2009-09-23 12:38 . 2009-09-23 12:38 2135336 d:\windows\Installer\$PatchCache$\Managed\03893E346281D514B8EA684875785BB4\6.4.16\SMC_NeroDigitalExt.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="d:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Eraser"="d:\progra~1\Eraser\Eraser.exe" [2009-12-15 976784]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\windows\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [15.9.2009 12:42 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15.9.2009 12:42 74480]
R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [21.3.2010 1:05 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [21.3.2010 1:05 41616]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [27.3.2010 18:59 236368]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [27.3.2010 18:59 19160]
R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [30.11.2009 13:27 110992]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;d:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> d:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\d:\windows\system32\SophosMEMSWEEP.SYS --> d:\windows\system32\SophosMEMSWEEP.SYS [?]
S3 PsSdk31;PsSdk31;d:\windows\system32\drivers\pssdk31.drv [5.12.2009 14:26 30272]
S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [15.9.2009 12:42 7408]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [30.11.2009 13:27 100048]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;d:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;d:\windows\system32\drivers\RsFx0102.sys [10.7.2008 3:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);d:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-28 d:\windows\Tasks\User_Feed_Synchronization-{15B28055-F8FD-434A-938B-457F0CAEF148}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - d:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-avgrsstarter - avgrsstx.dll
AddRemove-AV Voice Changer Software 4.0 - d:\progra~1\AVVCS4~1.0\UNWISE.EXE
AddRemove-Warcraft III - d:\windows\War3Unin.exe



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk31]
"ImagePath"="\??\d:\windows\system32\Drivers\pssdk31.drv"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1708537768-861567501-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:0d,84,70,74,da,58,f4,82,45,01,a2,9c,9e,72,9a,6c,95,25,68,76,63,
e0,b4,5b,9f,03,b4,e4,1d,39,aa,dc,08,f2,d0,91,2b,22,91,24,3d,cb,96,aa,c3,8b,\
"rkeysecu"=hex:69,31,94,e9,5f,ca,97,b8,ac,fd,f4,fc,07,af,cd,e3
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(592)
d:\program files\SUPERAntiSpyware\SASWINLO.dll
d:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3096)
d:\windows\system32\msi.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
d:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
d:\windows\system32\HPZipm12.exe
d:\windows\system32\PnkBstrA.exe
d:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
d:\windows\RTHDCPL.EXE
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-03-28 13:45:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-28 11:45
ComboFix2.txt 2010-03-27 16:10
ComboFix3.txt 2009-02-18 12:42

Před spuštěním: Volných bajtů: 17 442 783 232
Po spuštění: Volných bajtů: 19 329 265 664

- - End Of File - - E941F7D5FEAA23A96C61F6710E68D4FC

Tohle otestujte na http://www.virustotal.com/cs/
d:\windows\system32\pssuspend.exe
d:\windows\system32\psshutdown.exe
d:\windows\system32\psservice.exe
d:\windows\system32\pspasswd.exe
d:\windows\system32\psloglist.exe
d:\windows\system32\psloggedon.exe
d:\windows\system32\pslist.exe
d:\windows\system32\pskill.exe
d:\windows\system32\Psinfo.exe
d:\windows\system32\psgetsid.exe
d:\windows\system32\psfile.exe
d:\windows\system32\psexec.exe

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

OK, ještě další.