VIRY.CZ

Zdravím je možné že je tam nějaký neřád,udělal jsem scan z rootkit reveleer a supery

HKU\.DEFAULT\Control Panel\International 8.6.2009 8:34 0 bytes Security mismatch.
HKU\.DEFAULT\Control Panel\International\Geo 8.6.2009 8:34 0 bytes Security mismatch.
HKU\S-1-5-21-1409082233-1580818891-839522115-1004\Console 24.3.2010 16:13 0 bytes Security mismatch.
HKU\S-1-5-21-1409082233-1580818891-839522115-1004\Control Panel\International 1.1.2010 1:01 0 bytes Security mismatch.
HKU\S-1-5-21-1409082233-1580818891-839522115-1004\Control Panel\International\Geo 8.6.2009 8:34 0 bytes Security mismatch.
HKU\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 31.8.2009 10:59 0 bytes Key name contains embedded nulls (*)
HKU\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\License information* 30.1.2010 18:31 0 bytes Key name contains embedded nulls (*)
HKU\S-1-5-18\Control Panel\International 8.6.2009 8:34 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International\Geo 8.6.2009 8:34 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 17.10.2008 23:28 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 17.10.2008 23:28 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\swearware\backup\winsock2 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 20.7.2009 13:28 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 20.7.2009 13:28 0 bytes Security mismatch.
C:\Documents and Settings\user\Data aplikací\Sports Interactive\Installer Launcher \cache 22.12.2008 19:24 0 bytes Hidden from Windows API.
C:\Documents and Settings\user\Data aplikací\Sports Interactive\Installer Launcher \logs 22.12.2008 19:24 0 bytes Hidden from Windows API.
C:\Documents and Settings\user\Data aplikací\Sports Interactive\Installer Launcher \settings 22.12.2008 19:24 0 bytes Hidden from Windows API.
C:\Documents and Settings\user\Data aplikací\Sports Interactive\Installer Launcher \temporary 22.12.2008 19:24 0 bytes Hidden from Windows API.
C:\Documents and Settings\user\Data aplikací\Sports Interactive\Installer Launcher\cache 22.12.2008 20:24 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\user\Data aplikací\Sports Interactive\Installer Launcher\logs 22.12.2008 20:24 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\user\Data aplikací\Sports Interactive\Installer Launcher\settings 22.12.2008 20:24 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\user\Data aplikací\Sports Interactive\Installer Launcher\temporary 22.12.2008 20:24 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\user\Local Settings\Data aplikací\Opera\Program Files\cache\opr0IKR7 5.4.2010 12:18 1.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\user\Local Settings\Data aplikací\Opera\Program Files\cache\opr0IKRF 5.4.2010 12:27 20.82 KB Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Data aplikací\Opera\Program Files\cache\opr0IKRG 5.4.2010 12:27 35 bytes Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Data aplikací\Opera\Program Files\cache\opr0IKRH 5.4.2010 12:27 43 bytes Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Data aplikací\Opera\Program Files\cache\opr0IKRI 5.4.2010 12:29 436 bytes Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Data aplikací\Opera\Program Files\cache\opr0IKRJ 5.4.2010 12:29 43 bytes Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Data aplikací\Opera\Program Files\cache\opr0IKRK 5.4.2010 12:29 1.11 KB Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Data aplikací\Opera\Program Files\cache\opr0IKRL 5.4.2010 12:29 35 bytes Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Data aplikací\Opera\Program Files\cache\opr0IKRM 5.4.2010 12:29 29.39 KB Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Data aplikací\Opera\Program Files\cache\opr0IKRN 5.4.2010 12:29 2.57 KB Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Data aplikací\Opera\Program Files\cache\opr0IKRO 5.4.2010 12:29 632 bytes Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Data aplikací\Opera\Program Files\cache\opr0IKRP 5.4.2010 12:29 1.17 KB Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Data aplikací\Opera\Program Files\cache\opr0IKRQ 5.4.2010 12:29 1.19 KB Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Data aplikací\Opera\Program Files\cache\opr0IKRR 5.4.2010 12:29 1.12 KB Hidden from Windows API.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/05/2010 at 02:24 PM

Application Version : 4.34.1000

Core Rules Database Version : 4769
Trace Rules Database Version: 2581

Scan type : Complete Scan
Total Scan Time : 00:48:31

Memory items scanned : 616
Memory threats detected : 0
Registry items scanned : 5151
Registry threats detected : 6
File items scanned : 14310
File threats detected : 1

Trojan.Agent/Gen
HKLM\System\ControlSet001\Services\utexnjq5
C:\WINDOWS\SYSTEM32\DRIVERS\UTEXNJQ5.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_utexnjq5
HKLM\System\ControlSet006\Services\utexnjq5
HKLM\System\ControlSet006\Enum\Root\LEGACY_utexnjq5
HKLM\System\CurrentControlSet\Services\utexnjq5
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_utexnjq5

Vypadá to, že máte v PC trojáka. Dejte log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 , abych věděl, co všechno tam běží.

zdravím tady jsou logy

info.txt logfile of random's system information tool 1.06 2010-04-06 07:07:59

======Uninstall list======

-->MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
AbsoluteShield File Shredder-->"C:\Program Files\SysShield Tools\File Shredder\unins000.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A93000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v6.10.25-->MsiExec.exe /X{7104189A-C592-4A56-AC9E-7C0CA135DA3C}
AGEIA PhysX v7.07.09-->MsiExec.exe /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
Aktualizace systému Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Aktualizace zabezpečení systému Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Ares 2.1.0-->"C:\Program Files\Ares\uninstall.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{F85B3B0A-E302-4B67-9220-6B57F075B311}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Autodesk DWF Writer-->MsiExec.exe /X{A2A5C34C-BD78-4505-9E57-AFCDF2FB926C}
Balíček ovladače systému Windows - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\embda_754491038463AF55DC013DBF40581C2B1BFEE429\embda.inf
Balíček ovladače systému Windows - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\emaudio_754491038463AF55DC013DBF40581C2B1BFEE429\emaudio.inf
Catalyst Control Center - Branding-->MsiExec.exe /I{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}
CCC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
Creation Master 10 Release 10.1-->"C:\Program Files\Fifa Master\Creation Master 10\unins000.exe"
Euro Truck Simulator-->C:\Program Files\Euro Truck Simulator\Uninstal_EuroTruckSimulator.exe
FIFA 10 FAT Rebuilder-->C:\Program Files\EA Sports\FIFA 10\FIFA 10 FAT Rebuilder Uninstaller.exe
FIFA 10-->MsiExec.exe /X{11202615-E557-4ECF-9B86-F59C81E52909}
Football Manager 2010-->"C:\Program Files\Sports Interactive\Football Manager 2010\Uninstall_Football Manager 2010\Uninstall Football Manager 2010.exe"
Free Mp3/Wma/Ogg Converter 4.0.1-->"C:\Program Files\Free Mp3WmaOgg Converter\unins000.exe"
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
Harry Potter a Princ Dvojí Krve™-->MsiExec.exe /X{FD1B1980-8CAB-4474-89F8-1245AF657AD1}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
K-Lite Mega Codec Pack 3.8.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Landwirtschafts-Simulator 2009-->"C:\Program Files\Landwirtschafts-Simulator 2009\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MariusSoft Disk Scrubber-->MsiExec.exe /I{083A7AA2-8871-42B0-8513-7428F44DFC38}
Medal of Honor Allied Assault v 1.0.0.1-->"C:\Program Files\EA GAMES\MOHAA\unins000.exe"
Medal of Honor Allied Assault(tm) Spearhead-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7914BE1E-F186-4790-B8F4-9F63C52A41C1}\Setup.exe" -l0x9
Medal of Honor Allied Assault-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Flight Simulator 2004 A Century of Flight-->"C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NHL® 09-->MsiExec.exe /X{F2B5A2A7-2DF9-4361-8BD5-362714528B51}
Opera 10.10-->MsiExec.exe /X{FB8148DD-C575-4B0A-9F6C-0CFC46937930}
Opera 9.61-->MsiExec.exe /X{F8CCEF4F-6EEF-4B81-B70D-821E72451D93}
Oprava Hotfix systému Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
Pro Evolution Soccer 2010-->MsiExec.exe /X{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0005 -removeonly
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Star Wars JK II Jedi Outcast-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}\Setup.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
USB Video Driver-->C:\Program Files\InstallShield Installation Information\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}\setup.exe -runfromtemp -l0x0005 -removeonly
Virtua Tennis 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B63540D-D942-4C38-B42E-A48AE0145970}\setup.exe" -l0x9 -removeonly
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
WinXP Manager-->MsiExec.exe /I{1043E281-B080-4947-9BD7-3F1D233BF6D2}
WinXP Manager-->MsiExec.exe /I{DE6A7775-D036-4216-AD8A-2ACBAC49F532}
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}

=====HijackThis Backups=====

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-08-03]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-08-03]
R3 - URLSearchHook: (no name) - - (no file) [2009-08-03]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [2009-08-03]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = [2009-08-03]
O4 - HKCU\..\Run: [Monopod] C:\DOCUME~1\user\LOCALS~1\Temp\a.exe [2009-08-17]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) [2009-08-17]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = [2009-08-18]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-08-18]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-08-18]

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: COMODO Antivirus (disabled)
AV: AVG (disabled) (outdated)

======System event log======

Computer Name: VLASTN-81FD8C78
Event Code: 35
Message: Služba Systémový čas nyní synchronizuje systémový čas s časem
zdroje time.windows.com (ntp.m|0x1|10.1.6.10:123->207.46.232.182:123).

Record Number: 17992
Source Name: W32Time
Time Written: 20100309103425.000000+060
Event Type: Informace
User:

Computer Name: VLASTN-81FD8C78
Event Code: 26
Message: Místní nabídka aplikace: dpnsvr.exe - Chyba aplikace : Instrukce na adrese 0x0100275d odkazovala na adresu paměi 0x00000030. S pamětí nelze provést operaci: read.

Klepnutím na tlačítko OK ukončete program.
Chcete-li program ladit, klepněte na tlačítko Storno.

Record Number: 17991
Source Name: Application Popup
Time Written: 20100309095118.000000+060
Event Type: Informace
User:

Computer Name: VLASTN-81FD8C78
Event Code: 26
Message: Místní nabídka aplikace: dpnsvr.exe - Chyba aplikace : Instrukce na adrese 0x0100275d odkazovala na adresu paměi 0x00000030. S pamětí nelze provést operaci: read.

Klepnutím na tlačítko OK ukončete program.
Chcete-li program ladit, klepněte na tlačítko Storno.

Record Number: 17990
Source Name: Application Popup
Time Written: 20100309095107.000000+060
Event Type: Informace
User:

Computer Name: VLASTN-81FD8C78
Event Code: 26
Message: Místní nabídka aplikace: dpnsvr.exe - Chyba aplikace : Instrukce na adrese 0x0100275d odkazovala na adresu paměi 0x00000030. S pamětí nelze provést operaci: read.

Klepnutím na tlačítko OK ukončete program.
Chcete-li program ladit, klepněte na tlačítko Storno.

Record Number: 17989
Source Name: Application Popup
Time Written: 20100309095056.000000+060
Event Type: Informace
User:

Computer Name: VLASTN-81FD8C78
Event Code: 26
Message: Místní nabídka aplikace: dpnsvr.exe - Chyba aplikace : Instrukce na adrese 0x0100275d odkazovala na adresu paměi 0x00000030. S pamětí nelze provést operaci: read.

Klepnutím na tlačítko OK ukončete program.
Chcete-li program ladit, klepněte na tlačítko Storno.

Record Number: 17988
Source Name: Application Popup
Time Written: 20100309095050.000000+060
Event Type: Informace
User:

=====Application event log=====

Computer Name: VLASTN-81FD8C78
Event Code: 11708
Message: Product: Pro Evolution Soccer 2010 -- Installation operation failed.

Record Number: 5
Source Name: MsiInstaller
Time Written: 20091026164511.000000+060
Event Type: Informace
User: VLASTN-81FD8C78\user

Computer Name: VLASTN-81FD8C78
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 4
Source Name: SecurityCenter
Time Written: 20091026083853.000000+060
Event Type: Informace
User:

Computer Name: VLASTN-81FD8C78
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 3
Source Name: SecurityCenter
Time Written: 20091026073416.000000+060
Event Type: Informace
User:

Computer Name: VLASTN-81FD8C78
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 2
Source Name: SecurityCenter
Time Written: 20091025134906.000000+060
Event Type: Informace
User:

Computer Name: VLASTN-81FD8C78
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 1
Source Name: SecurityCenter
Time Written: 20091025122357.000000+060
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\ATI Technologies\ATI.ACE
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0103
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2010-04-06 07:07:15
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 57 GB (37%) free of 153 GB
Total RAM: 511 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:50, on 6.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\opera.exe
C:\Documents and Settings\user\Dokumenty\Nová složka (2)\RSIT.exe
C:\Program Files\trend micro\HijackThis\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7}: NameServer = 10.1.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7}: NameServer = 10.1.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7}: NameServer = 10.1.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7}: NameServer = 10.1.1.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7}: NameServer = 10.1.1.1
O17 - HKLM\System\CS5\Services\Tcpip\..\{7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7}: NameServer = 10.1.1.1
O17 - HKLM\System\CS6\Services\Tcpip\..\{7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7}: NameServer = 10.1.1.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PHU - Unknown owner - C:\DOCUME~1\user\LOCALS~1\Temp\PHU.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TXHTPDI - Unknown owner - C:\DOCUME~1\user\LOCALS~1\Temp\TXHTPDI.exe (file missing)

--
End of file - 5279 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-02-02 1800464]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-10-12 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoResolveTrack"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoResolveTrack"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\2K Sports\NBA 2K10\nba2k10.exe"="C:\Program Files\2K Sports\NBA 2K10\nba2k10.exe:*:Enabled:2K Sports NBA 2K10"
"C:\Documents and Settings\user\Dokumenty\košikova nba\nba2k10.exe"="C:\Documents and Settings\user\Dokumenty\košikova nba\nba2k10.exe:*:Enabled:2K Sports NBA 2K10"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\opera.exe"="C:\Program Files\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe"="C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\autorun.exe

======List of files/folders created in the last 1 months======

2010-04-06 07:07:15 ----D---- C:\rsit
2010-04-05 13:31:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-04-05 13:31:21 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-05 13:31:21 ----D---- C:\Documents and Settings\user\Data aplikací\SUPERAntiSpyware.com
2010-04-02 14:27:42 ----A---- C:\mbam-error.txt
2010-03-29 14:35:30 ----SHD---- C:\RECYCLER
2010-03-24 16:13:16 ----D---- C:\WINDOWS\temp
2010-03-24 15:59:24 ----A---- C:\WINDOWS\MBR.exe
2010-03-15 15:55:43 ----D---- C:\Program Files\SanityCheck
2010-03-07 21:17:29 ----D---- C:\Documents and Settings\user\Data aplikací\Trail Remover
2010-03-07 20:24:33 ----D---- C:\Program Files\SysShield Tools

======List of files/folders modified in the last 1 months======

2010-04-06 07:06:49 ----D---- C:\WINDOWS\Prefetch
2010-04-06 06:57:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-06 06:56:58 ----D---- C:\WINDOWS
2010-04-05 20:05:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-05 14:25:06 ----D---- C:\WINDOWS\system32\drivers
2010-04-05 14:20:07 ----SHD---- C:\System Volume Information
2010-04-05 14:20:07 ----D---- C:\WINDOWS\system32\Restore
2010-04-05 13:31:33 ----SHD---- C:\WINDOWS\Installer
2010-04-05 13:31:32 ----D---- C:\Config.Msi
2010-04-05 13:31:21 ----RD---- C:\Program Files
2010-04-05 13:30:29 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-05 13:12:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-05 13:12:44 ----D---- C:\WINDOWS\system32
2010-04-05 12:38:36 ----A---- C:\WINDOWS\wincmd.ini
2010-04-02 14:27:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-02 14:03:49 ----A---- C:\WINDOWS\cfplogvw.INI
2010-04-02 14:01:08 ----A---- C:\WINDOWS\cavscan.INI
2010-03-30 09:31:08 ----HDC---- C:\WINDOWS\ie8
2010-03-30 09:15:00 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-03-30 09:13:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\KONAMI
2010-03-28 14:57:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-25 13:39:42 ----D---- C:\Program Files\LucasArts
2010-03-25 13:39:31 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-24 16:09:19 ----A---- C:\WINDOWS\system.ini
2010-03-24 16:06:29 ----D---- C:\WINDOWS\AppPatch
2010-03-24 16:06:27 ----D---- C:\Program Files\Common Files
2010-03-13 19:55:54 ----D---- C:\Documents and Settings\user\Data aplikací\uTorrent
2010-03-12 20:34:28 ----HD---- C:\WINDOWS\inf
2010-03-09 14:58:27 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-02-02 134344]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service; C:\WINDOWS\System32\Drivers\ousbehci.sys [2005-07-15 45696]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-30 637713]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-10-12 1777152]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support; C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2005-07-15 56960]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-07-09 25280]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-10-10 721904]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-10-12 430080]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-02-02 723632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-16 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-07-16 189744]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-10-11 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 PHU;PHU; C:\DOCUME~1\user\LOCALS~1\Temp\PHU.exe []
S3 TXHTPDI;TXHTPDI; C:\DOCUME~1\user\LOCALS~1\Temp\TXHTPDI.exe []
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

tady je ještě log combo

ComboFix 10-04-05.06 - user 06.04.2010 13:29:28.43.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.196 [GMT 2:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-06 do 2010-04-06 )))))))))))))))))))))))))))))))
.

2010-04-06 05:07 . 2010-04-06 05:07 -------- d-----w- C:\rsit
2010-04-05 11:31 . 2010-04-05 12:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-15 13:55 . 2010-03-15 14:02 -------- d-----w- c:\program files\SanityCheck
2010-03-07 18:24 . 2010-03-07 18:45 -------- d-----w- c:\program files\SysShield Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-05 11:30 . 2008-10-22 14:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-02 12:27 . 2010-02-18 11:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 22:46 . 2010-02-18 11:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2010-02-18 11:21 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 12:57 . 2006-03-02 12:00 91866 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 12:57 . 2006-03-02 12:00 469558 ----a-w- c:\windows\system32\perfh005.dat
2010-03-25 11:39 . 2010-01-24 14:15 -------- d-----w- c:\program files\LucasArts
2010-03-25 11:39 . 2008-10-17 21:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-24 10:43 . 2010-02-24 10:43 -------- d-----w- c:\program files\MariusSoft
2010-02-24 10:24 . 2010-02-24 10:24 -------- d-----w- c:\program files\IObit
2010-02-23 14:57 . 2010-02-23 14:57 -------- d-----w- c:\program files\Audacity
2010-02-16 12:36 . 2009-10-26 12:45 -------- d-----w- c:\program files\Microsoft Games
2010-02-15 10:30 . 2010-02-15 10:30 -------- d-----w- c:\program files\MSXML 4.0
2010-02-09 07:28 . 2008-12-13 14:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-05 12:06 . 2010-01-25 09:19 -------- d-----w- c:\program files\Ares
2010-02-03 10:37 . 2010-02-03 10:35 5635494 ----a-w- c:\windows\REGBK08.ZIP
2010-02-02 12:16 . 2010-02-02 12:16 451072 ----a-w- c:\windows\Radeon Omega Drivers v2.6.87 Uninstall.exe
2010-02-02 11:42 . 2009-04-21 08:57 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-02 11:42 . 2009-04-21 08:57 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-02 11:42 . 2009-04-21 08:57 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-02 11:42 . 2009-04-21 08:57 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-02 09:06 . 2009-10-03 14:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-29 09:38 . 2010-01-29 09:38 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-29 09:38 . 2010-01-29 09:38 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-24 15:37 . 2010-01-24 15:37 693 ----a-w- c:\windows\eReg.dat
2010-01-23 08:47 . 2010-01-23 08:45 5394529 ----a-w- c:\windows\REGBK07.ZIP
2010-01-06 12:46 . 2010-01-06 12:23 209 ----a-w- c:\program files\operaprefs_default.ini
2009-11-20 18:11 . 2009-11-20 18:11 15828 ----a-w- c:\program files\license.rtf
2009-11-20 18:01 . 2009-11-20 18:01 832296 ----a-w- c:\program files\opera.exe
2009-11-20 18:01 . 2009-11-20 18:01 4450088 ----a-w- c:\program files\opera.dll
2009-11-20 18:00 . 2009-11-20 18:00 653419 ----a-w- c:\program files\encoding.bin
2009-06-17 13:41 . 2009-06-17 13:41 3870 ----a-w- c:\program files\lngcode.txt
2004-02-26 12:35 . 2004-02-26 12:35 7904 ----a-w- c:\program files\html40_entities.dtd
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-02 1800464]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\2K Sports\\NBA 2K10\\nba2k10.exe"=
"c:\\Documents and Settings\\user\\Dokumenty\\košikova nba\\nba2k10.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\opera.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.1.2009 11:14 64160]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [21.4.2009 10:57 134344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 10:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2010 10:15 66632]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [3.2.2010 21:50 45696]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [3.2.2010 21:50 56960]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2010 10:15 12872]
S0 mkfsvgp;mkfsvgp;c:\windows\system32\drivers\humodhg.sys --> c:\windows\system32\drivers\humodhg.sys [?]
S3 PHU;PHU;c:\docume~1\user\LOCALS~1\Temp\PHU.exe --> c:\docume~1\user\LOCALS~1\Temp\PHU.exe [?]
S3 TXHTPDI;TXHTPDI;c:\docume~1\user\LOCALS~1\Temp\TXHTPDI.exe --> c:\docume~1\user\LOCALS~1\Temp\TXHTPDI.exe [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.10.2009 19:15 721904]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7} = 10.1.1.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-06 13:39
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b7,4a,67,15,5b,a9,6a,5b,cd,e9,29,0d,e8,6d,03,26,ab,ed,d4,03,b1,05,91,
9e,12,18,64,cd,52,6a,9b,30,35,dd,39,6d,c6,2c,07,28,e0,cc,4d,3d,fe,d3,a7,b4,\
"??"=hex:8a,95,0c,91,36,dd,90,2c,2c,e3,05,7a,7a,8f,80,cc

[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:01,38,c0,f0,9f,86,ce,1b,9b,97,ec,02,a1,a1,36,1d,98,51,81,c5,8c,
68,61,8a,14,b7,48,c9,32,14,df,e7,50,bc,54,d5,aa,8d,f6,19,7a,aa,ed,ff,ce,8b,\
"rkeysecu"=hex:03,a4,a8,d4,d9,9b,91,ef,48,52,9f,6c,1c,34,21,ac
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(696)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(436)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-04-06 13:44:24
ComboFix-quarantined-files.txt 2010-04-06 11:44

Před spuštěním: Volných bajtů: 59 579 887 616
Po spuštění: Volných bajtů: 59 538 231 296

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 147D61CF2E3923251F72756435DBB4B3

Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\drivers\humodhg.sys
c:\docume~1\user\LOCALS~1\Temp\PHU.exe
c:\docume~1\user\LOCALS~1\Temp\TXHTPDI.exe

Driver::
mkfsvgp
PHU
TXHTPDI

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Zdravím ,nevěděl jsem jestli mám dát vysledný log tak pro jistotu tady je

ComboFix 10-04-05.06 - user 07.04.2010 10:46:21.44.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.283 [GMT 2:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\user\Plocha\CFScript.txt
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PHU
-------\Legacy_TXHTPDI
-------\Service_mkfsvgp
-------\Service_PHU
-------\Service_TXHTPDI

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-07 do 2010-04-07 )))))))))))))))))))))))))))))))
.

2010-04-06 05:07 . 2010-04-06 05:07 -------- d-----w- C:\rsit
2010-04-05 11:31 . 2010-04-05 12:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-15 13:55 . 2010-03-15 14:02 -------- d-----w- c:\program files\SanityCheck

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-05 11:30 . 2008-10-22 14:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-02 12:27 . 2010-02-18 11:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 22:46 . 2010-02-18 11:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2010-02-18 11:21 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 12:57 . 2006-03-02 12:00 91866 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 12:57 . 2006-03-02 12:00 469558 ----a-w- c:\windows\system32\perfh005.dat
2010-03-25 11:39 . 2010-01-24 14:15 -------- d-----w- c:\program files\LucasArts
2010-03-25 11:39 . 2008-10-17 21:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-07 18:45 . 2010-03-07 18:24 -------- d-----w- c:\program files\SysShield Tools
2010-02-24 10:43 . 2010-02-24 10:43 -------- d-----w- c:\program files\MariusSoft
2010-02-24 10:24 . 2010-02-24 10:24 -------- d-----w- c:\program files\IObit
2010-02-23 14:57 . 2010-02-23 14:57 -------- d-----w- c:\program files\Audacity
2010-02-16 12:36 . 2009-10-26 12:45 -------- d-----w- c:\program files\Microsoft Games
2010-02-15 10:30 . 2010-02-15 10:30 -------- d-----w- c:\program files\MSXML 4.0
2010-02-09 07:28 . 2008-12-13 14:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-03 10:37 . 2010-02-03 10:35 5635494 ----a-w- c:\windows\REGBK08.ZIP
2010-02-02 12:16 . 2010-02-02 12:16 451072 ----a-w- c:\windows\Radeon Omega Drivers v2.6.87 Uninstall.exe
2010-02-02 11:42 . 2009-04-21 08:57 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-02 11:42 . 2009-04-21 08:57 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-02 11:42 . 2009-04-21 08:57 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-02 11:42 . 2009-04-21 08:57 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-02 09:06 . 2009-10-03 14:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-29 09:38 . 2010-01-29 09:38 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-29 09:38 . 2010-01-29 09:38 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-24 15:37 . 2010-01-24 15:37 693 ----a-w- c:\windows\eReg.dat
2010-01-23 08:47 . 2010-01-23 08:45 5394529 ----a-w- c:\windows\REGBK07.ZIP
2010-01-06 12:46 . 2010-01-06 12:23 209 ----a-w- c:\program files\operaprefs_default.ini
2009-11-20 18:11 . 2009-11-20 18:11 15828 ----a-w- c:\program files\license.rtf
2009-11-20 18:01 . 2009-11-20 18:01 832296 ----a-w- c:\program files\opera.exe
2009-11-20 18:01 . 2009-11-20 18:01 4450088 ----a-w- c:\program files\opera.dll
2009-11-20 18:00 . 2009-11-20 18:00 653419 ----a-w- c:\program files\encoding.bin
2009-06-17 13:41 . 2009-06-17 13:41 3870 ----a-w- c:\program files\lngcode.txt
2004-02-26 12:35 . 2004-02-26 12:35 7904 ----a-w- c:\program files\html40_entities.dtd
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-02 1800464]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\2K Sports\\NBA 2K10\\nba2k10.exe"=
"c:\\Documents and Settings\\user\\Dokumenty\\košikova nba\\nba2k10.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\opera.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.1.2009 11:14 64160]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [21.4.2009 10:57 134344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 10:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2010 10:15 66632]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [3.2.2010 21:50 45696]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [3.2.2010 21:50 56960]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2010 10:15 12872]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.10.2009 19:15 721904]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7} = 10.1.1.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 10:59
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b7,4a,67,15,5b,a9,6a,5b,cd,e9,29,0d,e8,6d,03,26,ab,ed,d4,03,b1,05,91,
9e,12,18,64,cd,52,6a,9b,30,35,dd,39,6d,c6,2c,07,28,e0,cc,4d,3d,fe,d3,a7,b4,\
"??"=hex:8a,95,0c,91,36,dd,90,2c,2c,e3,05,7a,7a,8f,80,cc

[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:01,38,c0,f0,9f,86,ce,1b,9b,97,ec,02,a1,a1,36,1d,98,51,81,c5,8c,
68,61,8a,14,b7,48,c9,32,14,df,e7,50,bc,54,d5,aa,8d,f6,19,7a,aa,ed,ff,ce,8b,\
"rkeysecu"=hex:03,a4,a8,d4,d9,9b,91,ef,48,52,9f,6c,1c,34,21,ac
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2184)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\locator.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Celkový čas: 2010-04-07 11:06:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-07 09:06
ComboFix2.txt 2010-04-06 11:44

Před spuštěním: Volných bajtů: 59 560 628 224
Po spuštění: Volných bajtů: 59 456 249 856

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 6F871A2D2A979F2D7D13A585D4AADF53

Ještě mimo téma ,proč jse mi objevuje v mém topicu, pod lištou temata černý kolečko s černou tečkou to jsem něco posr.....

díky za odpověd

Log již vypadá čistý. Černý puntík u vašeho topic znamená, že v něm jsou vaše příspěvky. Je tomu tak kvůli snazší orientaci. Žádný problém nemáte.

zdravím mam dotaz k výpisu z HijackThis v bode 017 co je to za pripojení
zatím díky Rudy za všechno

IP adresa 10.1.1.1 je adresa místní sítě. Mělo by to být nastavení vašeho DNS serveru.

Rudy diky

Nemáte zač!

ZDRAVÍM RUDY mám menší problém nevím jestli to jsem patří ale na netu jsem se dočetl že by to mohl byt nějaky vir vyskakuje mi tato hláška C:\DOCUME~1\\LOCALS~1\TEMP\-f51e43.tmp) při některych programech a hrach prosím o radu

Nejspíš to bude nějaký šmejd, google ho nezná. Smažte, pokud půjde ručně, v opačném případě dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=82743 .

tady je log ----Ješte jsem zapoměl že pořád vyskočí přístup byl odepřen i přitomhle logu musel jsem přes comandera a C/

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2010-05-01 12:45:35
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 52 GB (34%) free of 153 GB
Total RAM: 511 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:01, on 1.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\opera.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\user\Plocha\RSIT.exe
C:\Program Files\trend micro\HijackThis\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7}: NameServer = 10.1.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7}: NameServer = 10.1.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7}: NameServer = 10.1.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7}: NameServer = 10.1.1.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7}: NameServer = 10.1.1.1
O17 - HKLM\System\CS5\Services\Tcpip\..\{7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7}: NameServer = 10.1.1.1
O17 - HKLM\System\CS6\Services\Tcpip\..\{7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7}: NameServer = 10.1.1.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 4981 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-02-02 1800464]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-10-12 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoResolveTrack"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoResolveTrack"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\2K Sports\NBA 2K10\nba2k10.exe"="C:\Program Files\2K Sports\NBA 2K10\nba2k10.exe:*:Enabled:2K Sports NBA 2K10"
"C:\Documents and Settings\user\Dokumenty\košikova nba\nba2k10.exe"="C:\Documents and Settings\user\Dokumenty\košikova nba\nba2k10.exe:*:Enabled:2K Sports NBA 2K10"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\opera.exe"="C:\Program Files\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe"="C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\autorun.exe

======List of files/folders created in the last 1 months======

2010-05-01 12:43:36 ----D---- C:\rsit
2010-04-25 11:07:59 ----D---- C:\Program Files\Centauri
2010-04-25 11:05:39 ----D---- C:\Program Files\Data Design Interactive
2010-04-24 15:42:57 ----D---- C:\Program Files\rFactor
2010-04-21 18:12:16 ----D---- C:\Program Files\18 WoS Pedal to the Metal
2010-04-14 12:26:09 ----D---- C:\Program Files\Recuva
2010-04-14 11:36:49 ----D---- C:\Program Files\GetData
2010-04-07 11:27:03 ----SHD---- C:\RECYCLER
2010-04-05 13:31:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-04-05 13:31:21 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-05 13:31:21 ----D---- C:\Documents and Settings\user\Data aplikací\SUPERAntiSpyware.com
2010-04-02 14:27:42 ----A---- C:\mbam-error.txt

======List of files/folders modified in the last 1 months======

2010-05-01 12:43:54 ----D---- C:\WINDOWS\Prefetch
2010-05-01 12:33:23 ----D---- C:\WINDOWS
2010-05-01 12:32:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-01 10:20:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-01 10:18:32 ----A---- C:\WINDOWS\wincmd.ini
2010-05-01 06:16:58 ----SHD---- C:\System Volume Information
2010-05-01 06:16:58 ----D---- C:\WINDOWS\system32\Restore
2010-05-01 06:16:26 ----D---- C:\WINDOWS\temp
2010-04-26 10:52:17 ----D---- C:\Documents and Settings\user\Data aplikací\uTorrent
2010-04-25 11:07:59 ----RD---- C:\Program Files
2010-04-14 18:49:50 ----ASH---- C:\boot.ini
2010-04-14 18:49:50 ----A---- C:\WINDOWS\win.ini
2010-04-14 18:49:50 ----A---- C:\WINDOWS\system.ini
2010-04-14 12:21:58 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-04-14 06:27:42 ----D---- C:\Config.Msi
2010-04-14 06:20:05 ----SHD---- C:\WINDOWS\Installer
2010-04-14 06:15:26 ----D---- C:\WINDOWS\system32
2010-04-14 05:59:50 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-04-07 11:06:44 ----D---- C:\WINDOWS\system32\drivers
2010-04-07 10:57:03 ----D---- C:\WINDOWS\system32\config
2010-04-07 10:53:00 ----D---- C:\WINDOWS\AppPatch
2010-04-07 10:52:52 ----D---- C:\Program Files\Common Files
2010-04-05 13:30:29 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-05 13:12:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-02 14:27:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-02 14:03:49 ----A---- C:\WINDOWS\cfplogvw.INI
2010-04-02 14:01:08 ----A---- C:\WINDOWS\cavscan.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-02-02 134344]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service; C:\WINDOWS\System32\Drivers\ousbehci.sys [2005-07-15 45696]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-30 637713]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-10-12 1777152]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support; C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2005-07-15 56960]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-07-09 25280]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-10-10 721904]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-10-12 430080]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-02-02 723632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-16 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-07-16 189744]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-10-11 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

VIRY.CZ

pomalé nabíhání windows při startu

pomalé nabíhání windows při startu

Re: pomalé nabíhání windows při startu

Re: pomalé nabíhání windows při startu

Re: pomalé nabíhání windows při startu

Re: pomalé nabíhání windows při startu

Re: pomalé nabíhání windows při startu

Re: pomalé nabíhání windows při startu

Re: pomalé nabíhání windows při startu

Re: pomalé nabíhání windows při startu

Re: pomalé nabíhání windows při startu

Re: pomalé nabíhání windows při startu

Re: pomalé nabíhání windows při startu

Re: pomalé nabíhání windows při startu

Re: pomalé nabíhání windows při startu

Re: pomalé nabíhání windows při startu