Prosim prosim o kontrolu Vyřešeno

[pitrisek_brno]

a log je zde:o)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pitrisek at 2009-03-28 18:12:39
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 30 GB (53%) free of 57 GB
Total RAM: 1014 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:45, on 28.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\Pitrisek\Plocha\složka_pro_stahování_nemazat\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Pitrisek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crl ... crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

--
End of file - 9667 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{14077BDF-150C-49E1-BB83-17C2C9CBCAD3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-15 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-22 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-03-15 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-14 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-15 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-03-22 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-03-22 126976]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-05 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-05 688218]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-04-26 544768]
"Zástupce stránky vlastností sběrnice High Definition Audio"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-14 148888]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"TuneUp MemOptimizer"=C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe [2008-12-22 150528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-03-22 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSMMyDocs"=1
"NoRecentDocsNetHood"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Google\Picasa3\Picasa3.exe"="C:\Program Files\Google\Picasa3\Picasa3.exe:*:Enabled:Picasa 3"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-03-28 18:11:51 ----D---- C:\rsit
2009-03-28 17:58:20 ----A---- C:\WINDOWS\system32\CF30544.exe
2009-03-28 17:56:57 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-28 17:43:19 ----A---- C:\WINDOWS\system32\CF27566.exe
2009-03-28 15:19:52 ----A---- C:\WINDOWS\system32\CF32253.exe
2009-03-28 15:13:35 ----A---- C:\WINDOWS\system32\CF30986.exe
2009-03-28 15:03:50 ----A---- C:\WINDOWS\system32\CF29010.exe
2009-03-28 14:55:15 ----A---- C:\WINDOWS\system32\CF27299.exe
2009-03-28 14:54:26 ----D---- C:\Qoobox
2009-03-28 14:54:25 ----A---- C:\Bug.txt
2009-03-28 10:07:54 ----D---- C:\Documents and Settings\Pitrisek\Data aplikací\Malwarebytes
2009-03-28 10:07:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-28 10:07:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2009-03-27 22:20:31 ----D---- C:\Documents and Settings\Pitrisek\Data aplikací\Adobe
2009-03-27 14:17:47 ----D---- C:\Documents and Settings\Pitrisek\Data aplikací\GlarySoft
2009-03-27 14:14:06 ----D---- C:\Program Files\Glary Utilities
2009-03-25 19:08:51 ----D---- C:\Program Files\Windows Live Safety Center
2009-03-22 11:00:05 ----D---- C:\Program Files\FDN
2009-03-20 17:13:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\ashampoo
2009-03-15 19:27:33 ----A---- C:\Documents and Settings\Pitrisek\Data aplikací\inst.exe
2009-03-12 18:59:51 ----D---- C:\Program Files\Microsoft Silverlight
2009-03-11 21:57:06 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-11 21:56:58 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 21:47:08 ----D---- C:\c5de2ddba2120e09cfaf1e6ddfd4
2009-03-11 21:46:51 ----D---- C:\WINDOWS\SxsCaPendDel
2009-03-05 22:10:25 ----D---- C:\Documents and Settings\Pitrisek\Data aplikací\DVDFab
2009-03-05 21:41:13 ----A---- C:\WINDOWS\system32\ShellManager310E2D762.dll
2009-03-05 21:40:01 ----A---- C:\WINDOWS\Irremote.ini
2009-03-05 21:25:02 ----D---- C:\Program Files\Common Files\Nero
2009-03-04 18:59:20 ----D---- C:\Documents and Settings\Pitrisek\Data aplikací\Tracker Software
2009-03-04 18:57:20 ----D---- C:\Program Files\Dealio
2009-03-04 18:44:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2009-03-04 12:48:08 ----A---- C:\WINDOWS\system32\TUKernel.exe
2009-03-02 21:29:10 ----D---- C:\Documents and Settings\Pitrisek\Data aplikací\Windows Live Writer
2009-03-02 20:59:41 ----D---- C:\Program Files\Windows Live SkyDrive
2009-03-02 20:56:27 ----D---- C:\Program Files\Common Files\Windows Live
2009-03-01 20:05:16 ----D---- C:\Program Files\The Logo Creator v5
2009-03-01 19:26:49 ----A---- C:\WINDOWS\system32\Utility.dll
2009-03-01 19:26:12 ----A---- C:\WINDOWS\system32\vbar332.dll

======List of files/folders modified in the last 1 months======

2009-03-28 18:01:09 ----D---- C:\Program Files\Mozilla Firefox
2009-03-28 18:00:41 ----D---- C:\WINDOWS\Temp
2009-03-28 17:59:44 ----SD---- C:\WINDOWS\Tasks
2009-03-28 17:58:21 ----D---- C:\WINDOWS\system32
2009-03-28 17:56:57 ----AD---- C:\WINDOWS
2009-03-28 17:56:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-28 15:41:35 ----D---- C:\WINDOWS\twain_32
2009-03-28 15:10:49 ----D---- C:\WINDOWS\network diagnostic
2009-03-28 13:31:26 ----D---- C:\WINDOWS\Prefetch
2009-03-28 11:06:34 ----HD---- C:\WINDOWS\system32\drivers
2009-03-28 10:41:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2009-03-28 10:07:48 ----RD---- C:\Program Files
2009-03-28 09:43:42 ----SHD---- C:\Config.Msi
2009-03-27 22:24:01 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-03-27 22:15:07 ----D---- C:\My Download Files
2009-03-27 22:02:29 ----D---- C:\Downloads
2009-03-27 22:00:51 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-27 21:43:39 ----D---- C:\Program Files\Common Files\Services
2009-03-27 21:42:42 ----D---- C:\Program Files\Common Files
2009-03-27 21:27:17 ----SHD---- C:\WINDOWS\Installer
2009-03-27 21:27:17 ----D---- C:\UPM
2009-03-27 21:27:17 ----D---- C:\Program Files\WinRAR
2009-03-27 21:25:00 ----D---- C:\Documents and Settings\Pitrisek\Data aplikací\Macromedia
2009-03-27 21:20:03 ----HD---- C:\WINDOWS\inf
2009-03-27 19:05:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2009-03-27 15:12:12 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-27 15:05:42 ----D---- C:\WINDOWS\system32\Restore
2009-03-25 19:08:52 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-22 11:22:00 ----SHD---- C:\System Volume Information
2009-03-22 11:16:32 ----D---- C:\Documents and Settings\Pitrisek\Data aplikací\DMCache
2009-03-21 20:03:59 ----D---- C:\Program Files\Common Files\Real
2009-03-21 20:03:55 ----D---- C:\Program Files\Real
2009-03-21 20:03:54 ----D---- C:\Documents and Settings\Pitrisek\Data aplikací\Real
2009-03-21 19:05:09 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-21 14:07:47 ----D---- C:\Documents and Settings\Pitrisek\Data aplikací\Ahead
2009-03-21 12:09:04 ----D---- C:\Program Files\Common Files\Adobe
2009-03-21 12:00:49 ----D---- C:\Temp
2009-03-21 11:53:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ahead
2009-03-21 11:51:29 ----D---- C:\Program Files\Common Files\Ahead
2009-03-21 11:47:43 ----D---- C:\Program Files\Nero
2009-03-21 11:47:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2009-03-17 19:49:42 ----D---- C:\Program Files\Google
2009-03-15 21:14:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-15 20:35:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2009-03-15 19:53:39 ----D---- C:\WINDOWS\system32\IOSUBSYS
2009-03-15 19:34:05 ----D---- C:\Program Files\Katalog filmů
2009-03-15 19:28:23 ----D---- C:\WINDOWS\Debug
2009-03-15 19:27:36 ----D---- C:\Documents and Settings\Pitrisek\Data aplikací\Vso
2009-03-15 19:04:55 ----D---- C:\Program Files\CyberLink
2009-03-13 10:06:11 ----AC---- C:\Documents and Settings\Pitrisek\Data aplikací\Printer.ini
2009-03-12 20:04:40 ----D---- C:\WINDOWS\Microsoft.NET
2009-03-12 20:04:38 ----RSD---- C:\WINDOWS\assembly
2009-03-12 06:13:50 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-11 21:55:57 ----D---- C:\WINDOWS\system32\cs-cz
2009-03-11 21:55:56 ----D---- C:\WINDOWS\system32\XPSViewer
2009-03-11 21:53:09 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-11 21:52:37 ----D---- C:\WINDOWS\WinSxS
2009-03-11 21:48:16 ----D---- C:\WINDOWS\system32\en-us
2009-03-11 21:48:08 ----RSD---- C:\WINDOWS\Fonts
2009-03-11 18:38:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2009-03-11 18:38:36 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-09 21:09:45 ----D---- C:\Program Files\Common Files\System
2009-03-09 19:11:21 ----D---- C:\Program Files\VSO
2009-03-05 21:43:45 ----AC---- C:\WINDOWS\system32\MsiExec.exe.log
2009-03-04 14:36:49 ----D---- C:\Program Files\MSECache
2009-03-04 12:48:08 ----RSH---- C:\boot.ini
2009-03-02 21:03:56 ----D---- C:\WINDOWS\system32\DirectX
2009-03-02 20:59:47 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-03-02 20:59:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-01 18:36:52 ----D---- C:\Program Files\FlashGet
2009-03-01 18:30:32 ----D---- C:\WINDOWS\system32\wbem
2009-03-01 18:30:32 ----D---- C:\WINDOWS\security
2009-03-01 10:20:38 ----A---- C:\WINDOWS\wincmd.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-07-31 43696]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-01-21 5632]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-01-01 44384]
R2 UMAXPCLS;Ovladač skeneru na portu tiskárny; C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 22912]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HdAudAddService;Ovladač funkcí Microsoft UAA pro služby sběrnice High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-03-22 827196]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-10-02 10368]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-04-26 839436]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-05 185824]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-04-05 160768]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2003-09-19 45056]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-07-31 278576]
S1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-04-25 135168]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 Fkndisf;FortKnox Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\fortknoxfw_ndisim.sys []
S3 KLIF;KLIF; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-11-30 47360]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-07-31 317616]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
S3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2007-02-15 26624]
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VM0517VM11;UMAX AstraSlim 1200 Scanner ProdID x0110; C:\WINDOWS\System32\Drivers\USB0517.sys [2001-11-08 18120]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-14 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-01-14 603904]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 183280]
S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-10-03 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;Tiskový server TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-18 19456]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2004-10-29 86016]
S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe [2007-09-11 184504]
S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe [2007-09-11 1265856]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-01-14 360192]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe []
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S4 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S4 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S4 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe []
S4 WSearch;Vyhledávání systému Windows; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]

-----------------EOF-----------------

[Reklama]

[jaro3]

No můžu Ti napsat , že to vypadá hrozně:
1) po posledním odvirování jsem Ti nepsal , abys odinstaloval COMBOFIX?
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

2)
Máš tam zbytky po Symantec/Norton, FortKnox Firewall ( nebo je funkční?),Kaspersky atd...
Napiš , zda-li Ti funguje bez problémů nouz. režim.

Stáhni si program OTMoveIt3 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services
CO_Mon
COH_Mon
EraserUtilRebootDrv
klif
SPBBCDrv
SRTSPL
SYMEVENT
SYMFW
SYMIDS
SymIM
SYMNDIS
SYMREDRV

:Reg

:Files
C:\WINDOWS\system32\CF30544.exe
C:\WINDOWS\system32\CF27566.exe
C:\WINDOWS\system32\CF32253.exe
C:\WINDOWS\system32\CF30986.exe
C:\WINDOWS\system32\CF29010.exe
C:\WINDOWS\system32\CF27299.exe
C:\Qoobox
C:\Documents and Settings\Pitrisek\Data aplikací\inst.exe
C:\WINDOWS\SxsCaPendDel
C:\WINDOWS\system32\ShellManager310E2D762.dll
C:\Program Files\Dealio
C:\WINDOWS\system32\drivers\CO_Mon.sys
C:\WINDOWS\system32\Drivers\COH_Mon.sys
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
C:\Program Files\Common Files\Symantec Shared
C:\WINDOWS\system32\drivers\klif.sys
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
C:\WINDOWS\System32\Drivers\SRTSPL.SYS
C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
C:\WINDOWS\System32\Drivers\SYMFW.SYS
C:\WINDOWS\System32\Drivers\SYMIDS.SYS
C:\WINDOWS\system32\DRIVERS\SymIM.sys
C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Pak zkus stáhnout a spustit Combofix a dát sem z něho log.

[pitrisek_brno]

Dobre nedelni ranko, tak jsem udelal vse dle navodu a log z COMBO je nize; nouzovy rezim funguje:

ComboFix 09-03-28.06 - Pitrisek 2009-03-29 10:44:40.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1014.634 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pitrisek\Plocha\složka_pro_stahování_nemazat\ComboFix.exe
AV: *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1335 [VPS 090328-0] *On-access scanning disabled* (Updated)
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated)
FW: *disabled*
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((( Soubory vytvořené od 2009-02-28 do 2009-03-29 )))))))))))))))))))))))))))))))
.

2009-03-29 10:15 . 2009-03-29 10:15 <DIR> d-------- C:\_OTMoveIt
2009-03-28 19:11 . 2009-03-28 19:12 <DIR> d-------- C:\rsit
2009-03-28 11:07 . 2009-03-28 11:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-28 11:07 . 2009-03-28 11:07 <DIR> d-------- c:\documents and settings\Pitrisek\Data aplikací\Malwarebytes
2009-03-28 11:07 . 2009-03-28 11:07 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-28 11:07 . 2009-03-26 17:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-28 11:07 . 2009-03-26 17:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-27 15:17 . 2009-03-27 15:29 <DIR> d-------- c:\documents and settings\Pitrisek\Data aplikací\GlarySoft
2009-03-27 15:14 . 2009-03-27 22:54 <DIR> d-------- c:\program files\Glary Utilities
2009-03-25 20:08 . 2009-03-25 20:14 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-03-25 19:05 . 2009-03-28 14:49 <DIR> d-------- c:\documents and settings\Pitrisek\.thinupload
2009-03-22 12:00 . 2009-03-27 22:27 <DIR> d-------- c:\program files\FDN
2009-03-22 12:00 . 2009-03-22 12:00 <DIR> d-------- c:\documents and settings\Pitrisek\FileDownloader
2009-03-20 18:13 . 2009-03-20 18:13 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ashampoo
2009-03-15 20:40 . 2009-03-28 15:06 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-15 20:40 . 2009-03-15 20:40 1,409 --a------ c:\windows\QTFont.for
2009-03-12 19:59 . 2009-03-12 19:59 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-03-12 07:03 . 2009-01-09 21:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-11 22:47 . 2009-03-11 22:47 <DIR> d-------- C:\c5de2ddba2120e09cfaf1e6ddfd4
2009-03-11 22:47 . 2008-07-06 14:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-11 22:47 . 2008-07-06 12:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-11 22:47 . 2008-07-06 14:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-11 22:47 . 2008-07-06 14:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-05 23:10 . 2009-03-05 23:10 <DIR> d-------- c:\documents and settings\Pitrisek\Data aplikací\DVDFab
2009-03-05 22:41 . 2008-06-23 17:36 773,120 --a------ c:\windows\system32\NEROINSTAEC43759.DB
2009-03-05 22:40 . 2009-03-05 22:40 0 --a------ c:\windows\Irremote.ini
2009-03-05 22:25 . 2009-03-05 22:43 <DIR> d-------- c:\program files\Common Files\Nero
2009-03-04 19:59 . 2009-03-04 19:59 <DIR> d-------- c:\documents and settings\Pitrisek\Data aplikací\Tracker Software
2009-03-04 19:44 . 2009-03-04 19:44 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\FLEXnet
2009-03-04 13:48 . 2009-03-04 13:48 2,331,008 --a------ c:\windows\system32\TUKernel.exe
2009-03-02 22:29 . 2009-03-02 22:29 <DIR> d-------- c:\documents and settings\Pitrisek\Data aplikací\Windows Live Writer
2009-03-02 21:59 . 2009-03-02 21:59 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-02 21:56 . 2009-03-02 21:56 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-01 21:05 . 2009-03-04 19:39 <DIR> d-------- c:\program files\The Logo Creator v5
2009-03-01 20:26 . 2007-10-25 11:32 1,511,424 --a------ c:\windows\system32\Flash8.ocx
2009-03-01 20:26 . 1996-11-08 03:48 368,912 --a------ c:\windows\system32\vbar332.dll
2009-03-01 20:26 . 2007-11-06 19:58 196,608 --a------ c:\windows\system32\Utility.dll
2009-03-01 20:26 . 2007-10-25 11:32 109,248 --a------ c:\windows\system32\Mswinsck.ocx
2009-03-01 20:26 . 2007-10-25 11:32 32,768 --a------ c:\windows\system32\Flash8.oca

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 09:41 --------- d-----w c:\documents and settings\All Users\Data aplikací\Google Updater
2009-03-27 21:24 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-27 18:05 --------- d-----w c:\documents and settings\All Users\Data aplikací\DVD Shrink
2009-03-22 10:16 --------- d-----w c:\documents and settings\Pitrisek\Data aplikací\DMCache
2009-03-21 19:03 --------- d-----w c:\program files\Real
2009-03-21 19:03 --------- d-----w c:\program files\Common Files\Real
2009-03-21 18:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-21 13:07 --------- d-----w c:\documents and settings\Pitrisek\Data aplikací\Ahead
2009-03-21 11:09 --------- d-----w c:\program files\Common Files\Adobe
2009-03-21 10:53 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ahead
2009-03-21 10:51 --------- d-----w c:\program files\Common Files\Ahead
2009-03-21 10:47 --------- d-----w c:\program files\Nero
2009-03-21 10:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2009-03-17 18:49 --------- d-----w c:\program files\Google
2009-03-15 18:34 --------- d-----w c:\program files\Katalog filmů
2009-03-15 18:27 47,360 -c--a-w c:\documents and settings\Pitrisek\Data aplikací\pcouffin.sys
2009-03-15 18:27 --------- d-----w c:\documents and settings\Pitrisek\Data aplikací\Vso
2009-03-15 18:04 --------- d-----w c:\program files\CyberLink
2009-03-11 17:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-09 18:11 --------- d-----w c:\program files\VSO
2009-03-04 13:36 --------- d-----w c:\program files\MSECache
2009-03-01 17:36 --------- d-----w c:\program files\FlashGet
2009-02-16 18:37 --------- d-----w c:\program files\VMNetSrv
2009-02-16 18:37 --------- d-----w c:\documents and settings\Pitrisek\Data aplikací\Steganos VPN
2009-02-14 11:59 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-14 11:59 --------- d-----w c:\program files\Java
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 12:37 --------- d-----w c:\program files\FDRLab
2009-02-02 18:23 --------- d-----w c:\program files\Elaborate Bytes
2009-01-31 18:24 --------- d-----w c:\documents and settings\All Users\Data aplikací\Elaborate Bytes
2009-01-15 01:05 911,872 ----a-w c:\windows\system32\wininet.dll
2009-01-15 01:05 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-01-15 01:04 18,944 ----a-w c:\windows\system32\corpol.dll
2009-01-15 01:03 72,704 ----a-w c:\windows\system32\admparse.dll
2009-01-15 01:03 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-01-15 01:03 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-01-15 01:01 34,304 ----a-w c:\windows\system32\imgutil.dll
2009-01-15 01:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-01-15 01:00 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-15 00:50 156,160 ----a-w c:\windows\system32\msls31.dll
2009-01-14 11:19 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-01-14 11:19 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-12-29 12:15 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL
2008-05-08 18:08 81,920 -c--a-w c:\documents and settings\Pitrisek\Data aplikací\ezpinst.exe
2008-03-31 18:34 1,278 -c--a-w c:\program files\ImageBuilder.log
2008-03-31 18:31 0 -c--a-w c:\program files\init_x.cfg
2008-01-06 15:22 774,144 -c--a-w c:\program files\RngInterstitial.dll
2007-01-25 02:52 65,536 ----a-w c:\program files\Common Files\NMSAccessU.exe
2007-07-25 07:41 12,592 -c--a-w c:\program files\mozilla firefox\plugins\libcomm.dll
2007-07-25 07:41 37,256 -c--a-w c:\program files\mozilla firefox\plugins\NanoInst.dll
2007-07-25 07:41 43,824 -c--a-w c:\program files\mozilla firefox\plugins\PSComm.dll
2007-07-25 07:41 113,456 -c--a-w c:\program files\mozilla firefox\plugins\PSNAdBrk.dll
2008-08-31 16:56 2,828 -csha-w c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2008-12-22 150528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-22 126976]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-14 148888]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"SMSERIAL"="sm56hlpr.exe" [2005-04-26 c:\windows\sm56hlpr.exe]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Picasa3\\Picasa3.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-20 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-24 20560]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-08-01 45848]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-14 603904]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-18 69120]
S3 Fkndisf;FortKnox Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\fortknoxfw_ndisim.sys --> c:\windows\system32\DRIVERS\fortknoxfw_ndisim.sys [?]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2007-02-15 26624]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2007-10-14 23600]
S3 VM0517VM11;UMAX AstraSlim 1200 Scanner ProdID x0110;c:\windows\system32\drivers\usb0517.sys [2001-11-08 18120]
S4 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon --> c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-03-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 22:36]

2008-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-03-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-03-23 10:49]

2009-03-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 11:43]

2009-03-29 c:\windows\Tasks\User_Feed_Synchronization-{14077BDF-150C-49E1-BB83-17C2C9CBCAD3}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 03:01]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pitrisek\Data aplikací\Mozilla\Firefox\Profiles\n53805tp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 10:47:04
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1292428093-2147244605-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{530DDC5C-B598-D3AE-F96F-C0A96502D1A4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oakhinpemcnjkiiohgakkdjmogjmhp"=hex:6a,61,68,63,70,64,62,61,70,6c,69,6e,6b,64,
6b,6a,64,61,63,64,00,ee
"naahoknffdbdpedaogbnfknlknop"=hex:6a,61,6f,63,61,65,69,62,70,67,66,65,67,63,
6a,6a,6a,64,61,6b,00,ee

[HKEY_USERS\S-1-5-21-1292428093-2147244605-725345543-1005\Software\nanocosmos\VideoTransformer\ExtData*]
"InstallDate"=dword:475a5dd9

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{08809bfe-db5a-44c2-8e8a-c3f8a46da788}]
@Denied: (Full) (Everyone)
"Model"=dword:00000103
"Therad"=dword:0000002b
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b2,fe,36,b6,fa,
8d,40,5d,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):4b,74,eb,3e,9f,a5,10,ba,d2,72,23,28,e6,e9,24,f2,c6,e9,8e,6b,31,
d6,f9,bb,95,59,17,d4,f0,25,8a,84,65,80,6c,39,1e,e6,e6,d0,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,5e,a2,d4,57,dd,
1d,c8,ee,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,77,7f,cf,9b,95,
eb,a7,89,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,03,78,87,19,a4,
4d,e0,a8,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,1a,33,e9,e8,24,
30,8a,9a,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,fa,af,3c,57,f7,
67,e6,fe,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,8b,b1,20,ae,a8,
ee,84,1a,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,eb,f5,98,62,71,
66,b9,11,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,8a,dd,7c,74,f1,
d9,78,e0,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,80,79,d8,73,e9,
a5,03,94,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,48,19,37,43,93,
6c,56,ab,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,19,26,88,41,b8,
5e,8e,bd,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="AF9F321ECEF834CFED046A92BF63620C2636C96A445D572DDE6F4CBFECA3864B6FC2F0708CFED86D763DD5D31628EEC71B9B1A82C6473186A80C9B30A47BADB1EB7E008BC9784C96E90909B900AC4DCDE65D40DC3001983DB6C16EA61E9B61C465B0E20170459362A7EF0FC894C917F4A2C86D8BE479DC0B00CA37E6292EC3BFCF1C72E76068C429BFDAC505607CF7599D952327BD47DEEA3044BE3A0DFE0C1ED3E65B57EC078C8A771B5E7B62E130DADAD8B7CB8623141D26AF22ED03028222CE9B1FEFDBEE296749E35EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5555D575E7D6A3B98089DB7CE019D40AA5C0365C396952F79FE0A0F5C223AA34B74EE6F6D42B3AD300D64F97A4971539ADA84F9D0410AB08D44B8619F1B2DAB86DC2E612232A0F467925D585D184FDE801EA18F653BE5841C54E0C53D5283B8A6B73A8E3F9EF8505D63D87A967D94B294C63F97C9C581BC8628B43C587EB77D37003A23DFD5F73066A48DD85C7ADD98953C4478EDB8FAA3948BF0363769865EA70A583F44361C35BA4BB76107A48B91A3BA9F8CE27C32B56E1FD19CC4F3F2744BF8C2F5CEB429B7F72218F293A440D1C2D0BF205E10CD22A4D91A489091420ED947ADCF0959A5C09C49F0E423B8E43E5F639A783B85B6CE29810D8ACCC800ADEF444FC91F41DC0F8D318A7FF9322774452A2848F5049853D1B477A4D1B5F9070A9061D25F1CDD1593A3307F03F474C3A531E53B31C4667D59E325CD1806C1840DA123CF3F2FFC7ADB39B116C77C04AF96D7D36F3396D3CCDD53E7B240FEACC3C1C1D618D6515098F46162E77B54CB6F9052F6F565DB5B75E11D15708D76D696510FC3F7DF6EB2FDD5DE9A8E731E87EDF1A65856558AB8DF4C2C869A65D71E01CCFAB3AEBB88436ED4C7B517A68F394B7B320489B6AC6EAA66C29B39D32223BEA64A7671EDB2675F2E091302B3F0245BD2258AFDDCE14024DFF4B34608EA4DBBB5185E679F96C2FA83DE17C4DA2150A58182809444DA3952C92CB4B0D256471A37D2C12D9AEEC320595DA847801089E4F521FE25085E25EC9C2489DCADA17DAF49B9F9D2D08C96E1176B34692E43E10AFE2FA279EC461560B0ED9F20329BA205EFE4E7DB5553318689C328F811D42BB7542A8B4DD5825FCCC47067C59F28AD5812BDEDC0DEBCC88961F479BCF9717EC40EE6DF55CF939B88FC61578D58BDD89AFA01716D4BD3D89732E09F6DDCD9383EAA8D46B60791A71A5ECDE92AE3E621F15AC05E4299392214F4BF95B853E477E28998EC8B4DA4A4BED1199A43ECC3C938C3632312EDA1A415869B5A3E1AF922A5F2D98361198C78E6A8756D734289D7FA2E2331A50F552B6626D3F21492975F2F8E723F3A031ACB"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_CO_MON\0000\LogConf]
@DACL=(02 0000)
.
Celkový čas: 2009-03-29 10:49:56
ComboFix-quarantined-files.txt 2009-03-29 08:49:28

Před spuštěním: Volných bajtů: 31 740 334 080
Po spuštění: Volných bajtů: 31,728,136,192

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
313 --- E O F --- 2009-03-27 08:43:39

[jaro3]

Ještě tam stále máš napsané :
AV: *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1335 [VPS 090328-0] *On-access scanning disabled* (Updated)
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated)
FW: *disabled*
Něco bych odinstaloval.Jinak dočistíme+ zbytky Fortknox firewall a Symantec:

START-spustit-napiš= cmd.exe -dej OK- v dosovém okně vlož myší celý tento text na blikající kurzor:
sc stop fortknoxfw_ndisim
sc delete fortknoxfw_ndisim
sc stop ccSvcHst
sc delete ccSvcHst
exit
Okno se zavře a potom restartuj PC.
****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\DRIVERS\fortknoxfw_ndisim.sys
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

Folder::
c:\program files\Common Files\Symantec Shared

Driver::
fortknoxfw_ndisim


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[pitrisek_brno]

opet vše dle Tvého návodu:
log z combo:
ComboFix 09-03-28.06 - Pitrisek 2009-03-29 14:02:51.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1014.635 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pitrisek\Plocha\složka_pro_stahování_nemazat\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pitrisek\Plocha\CFScript.txt
AV: *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1335 [VPS 090328-0] *On-access scanning disabled* (Updated)
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated)
FW: *disabled*
* Vytvořen nový Bod Obnovení

FILE ::
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\DRIVERS\fortknoxfw_ndisim.sys
c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\KGyGaAvL.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-28 do 2009-03-29 )))))))))))))))))))))))))))))))
.

2009-03-29 10:15 . 2009-03-29 10:15 <DIR> d-------- C:\_OTMoveIt
2009-03-28 19:11 . 2009-03-28 19:12 <DIR> d-------- C:\rsit
2009-03-28 11:07 . 2009-03-28 11:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-28 11:07 . 2009-03-28 11:07 <DIR> d-------- c:\documents and settings\Pitrisek\Data aplikací\Malwarebytes
2009-03-28 11:07 . 2009-03-28 11:07 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-28 11:07 . 2009-03-26 17:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-28 11:07 . 2009-03-26 17:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-27 15:17 . 2009-03-27 15:29 <DIR> d-------- c:\documents and settings\Pitrisek\Data aplikací\GlarySoft
2009-03-27 15:14 . 2009-03-27 22:54 <DIR> d-------- c:\program files\Glary Utilities
2009-03-25 20:08 . 2009-03-25 20:14 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-03-25 19:05 . 2009-03-28 14:49 <DIR> d-------- c:\documents and settings\Pitrisek\.thinupload
2009-03-22 12:00 . 2009-03-27 22:27 <DIR> d-------- c:\program files\FDN
2009-03-22 12:00 . 2009-03-22 12:00 <DIR> d-------- c:\documents and settings\Pitrisek\FileDownloader
2009-03-20 18:13 . 2009-03-20 18:13 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ashampoo
2009-03-15 20:40 . 2009-03-28 15:06 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-15 20:40 . 2009-03-15 20:40 1,409 --a------ c:\windows\QTFont.for
2009-03-12 19:59 . 2009-03-12 19:59 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-03-12 07:03 . 2009-01-09 21:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-11 22:47 . 2009-03-11 22:47 <DIR> d-------- C:\c5de2ddba2120e09cfaf1e6ddfd4
2009-03-11 22:47 . 2008-07-06 14:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-11 22:47 . 2008-07-06 12:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-11 22:47 . 2008-07-06 14:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-11 22:47 . 2008-07-06 14:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-05 23:10 . 2009-03-05 23:10 <DIR> d-------- c:\documents and settings\Pitrisek\Data aplikací\DVDFab
2009-03-05 22:41 . 2008-06-23 17:36 773,120 --a------ c:\windows\system32\NEROINSTAEC43759.DB
2009-03-05 22:40 . 2009-03-05 22:40 0 --a------ c:\windows\Irremote.ini
2009-03-05 22:25 . 2009-03-05 22:43 <DIR> d-------- c:\program files\Common Files\Nero
2009-03-04 19:59 . 2009-03-04 19:59 <DIR> d-------- c:\documents and settings\Pitrisek\Data aplikací\Tracker Software
2009-03-04 19:44 . 2009-03-04 19:44 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\FLEXnet
2009-03-04 13:48 . 2009-03-04 13:48 2,331,008 --a------ c:\windows\system32\TUKernel.exe
2009-03-02 22:29 . 2009-03-02 22:29 <DIR> d-------- c:\documents and settings\Pitrisek\Data aplikací\Windows Live Writer
2009-03-02 21:59 . 2009-03-02 21:59 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-02 21:56 . 2009-03-02 21:56 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-01 21:05 . 2009-03-04 19:39 <DIR> d-------- c:\program files\The Logo Creator v5
2009-03-01 20:26 . 2007-10-25 11:32 1,511,424 --a------ c:\windows\system32\Flash8.ocx
2009-03-01 20:26 . 1996-11-08 03:48 368,912 --a------ c:\windows\system32\vbar332.dll
2009-03-01 20:26 . 2007-11-06 19:58 196,608 --a------ c:\windows\system32\Utility.dll
2009-03-01 20:26 . 2007-10-25 11:32 109,248 --a------ c:\windows\system32\Mswinsck.ocx
2009-03-01 20:26 . 2007-10-25 11:32 32,768 --a------ c:\windows\system32\Flash8.oca

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 11:40 --------- d-----w c:\documents and settings\All Users\Data aplikací\Google Updater
2009-03-27 21:24 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-27 18:05 --------- d-----w c:\documents and settings\All Users\Data aplikací\DVD Shrink
2009-03-22 10:16 --------- d-----w c:\documents and settings\Pitrisek\Data aplikací\DMCache
2009-03-21 19:03 --------- d-----w c:\program files\Real
2009-03-21 19:03 --------- d-----w c:\program files\Common Files\Real
2009-03-21 18:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-21 13:07 --------- d-----w c:\documents and settings\Pitrisek\Data aplikací\Ahead
2009-03-21 11:09 --------- d-----w c:\program files\Common Files\Adobe
2009-03-21 10:53 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ahead
2009-03-21 10:51 --------- d-----w c:\program files\Common Files\Ahead
2009-03-21 10:47 --------- d-----w c:\program files\Nero
2009-03-21 10:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2009-03-17 18:49 --------- d-----w c:\program files\Google
2009-03-15 18:34 --------- d-----w c:\program files\Katalog filmů
2009-03-15 18:27 47,360 -c--a-w c:\documents and settings\Pitrisek\Data aplikací\pcouffin.sys
2009-03-15 18:27 --------- d-----w c:\documents and settings\Pitrisek\Data aplikací\Vso
2009-03-15 18:04 --------- d-----w c:\program files\CyberLink
2009-03-11 17:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-09 18:11 --------- d-----w c:\program files\VSO
2009-03-04 13:36 --------- d-----w c:\program files\MSECache
2009-03-01 17:36 --------- d-----w c:\program files\FlashGet
2009-02-16 18:37 --------- d-----w c:\program files\VMNetSrv
2009-02-16 18:37 --------- d-----w c:\documents and settings\Pitrisek\Data aplikací\Steganos VPN
2009-02-14 11:59 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-14 11:59 --------- d-----w c:\program files\Java
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 12:37 --------- d-----w c:\program files\FDRLab
2009-02-02 18:23 --------- d-----w c:\program files\Elaborate Bytes
2009-01-31 18:24 --------- d-----w c:\documents and settings\All Users\Data aplikací\Elaborate Bytes
2009-01-15 01:05 911,872 ----a-w c:\windows\system32\wininet.dll
2009-01-15 01:05 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-01-15 01:04 18,944 ----a-w c:\windows\system32\corpol.dll
2009-01-15 01:03 72,704 ----a-w c:\windows\system32\admparse.dll
2009-01-15 01:03 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-01-15 01:03 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-01-15 01:01 34,304 ----a-w c:\windows\system32\imgutil.dll
2009-01-15 01:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-01-15 01:00 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-15 00:50 156,160 ----a-w c:\windows\system32\msls31.dll
2009-01-14 11:19 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-01-14 11:19 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-12-29 12:15 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL
2008-05-08 18:08 81,920 -c--a-w c:\documents and settings\Pitrisek\Data aplikací\ezpinst.exe
2008-03-31 18:34 1,278 -c--a-w c:\program files\ImageBuilder.log
2008-03-31 18:31 0 -c--a-w c:\program files\init_x.cfg
2008-01-06 15:22 774,144 -c--a-w c:\program files\RngInterstitial.dll
2007-01-25 02:52 65,536 ----a-w c:\program files\Common Files\NMSAccessU.exe
2007-07-25 07:41 12,592 -c--a-w c:\program files\mozilla firefox\plugins\libcomm.dll
2007-07-25 07:41 37,256 -c--a-w c:\program files\mozilla firefox\plugins\NanoInst.dll
2007-07-25 07:41 43,824 -c--a-w c:\program files\mozilla firefox\plugins\PSComm.dll
2007-07-25 07:41 113,456 -c--a-w c:\program files\mozilla firefox\plugins\PSNAdBrk.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-29_10.47.44,93 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-29 08:33:56 1,589,056 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-29 11:40:10 1,589,056 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-29 11:51:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_224.dat
+ 2009-03-29 11:51:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_540.dat
+ 2009-03-29 11:50:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6a8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2008-12-22 150528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-22 126976]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-14 148888]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"SMSERIAL"="sm56hlpr.exe" [2005-04-26 c:\windows\sm56hlpr.exe]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Picasa3\\Picasa3.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-20 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-24 20560]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-08-01 45848]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-14 603904]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-18 69120]
S3 Fkndisf;FortKnox Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\fortknoxfw_ndisim.sys --> c:\windows\system32\DRIVERS\fortknoxfw_ndisim.sys [?]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2007-02-15 26624]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2007-10-14 23600]
S3 VM0517VM11;UMAX AstraSlim 1200 Scanner ProdID x0110;c:\windows\system32\drivers\usb0517.sys [2001-11-08 18120]
S4 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon --> c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-03-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 22:36]

2008-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-03-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-03-23 10:49]

2009-03-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 11:43]

2009-03-29 c:\windows\Tasks\User_Feed_Synchronization-{14077BDF-150C-49E1-BB83-17C2C9CBCAD3}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 03:01]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pitrisek\Data aplikací\Mozilla\Firefox\Profiles\n53805tp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 14:04:09
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1292428093-2147244605-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{530DDC5C-B598-D3AE-F96F-C0A96502D1A4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oakhinpemcnjkiiohgakkdjmogjmhp"=hex:6a,61,68,63,70,64,62,61,70,6c,69,6e,6b,64,
6b,6a,64,61,63,64,00,ee
"naahoknffdbdpedaogbnfknlknop"=hex:6a,61,6f,63,61,65,69,62,70,67,66,65,67,63,
6a,6a,6a,64,61,6b,00,ee

[HKEY_USERS\S-1-5-21-1292428093-2147244605-725345543-1005\Software\nanocosmos\VideoTransformer\ExtData*]
"InstallDate"=dword:475a5dd9

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{08809bfe-db5a-44c2-8e8a-c3f8a46da788}]
@Denied: (Full) (Everyone)
"Model"=dword:00000103
"Therad"=dword:0000002b
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b2,fe,36,b6,fa,
8d,40,5d,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):4b,74,eb,3e,9f,a5,10,ba,d2,72,23,28,e6,e9,24,f2,c6,e9,8e,6b,31,
d6,f9,bb,95,59,17,d4,f0,25,8a,84,65,80,6c,39,1e,e6,e6,d0,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,5e,a2,d4,57,dd,
1d,c8,ee,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,77,7f,cf,9b,95,
eb,a7,89,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,03,78,87,19,a4,
4d,e0,a8,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,1a,33,e9,e8,24,
30,8a,9a,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,fa,af,3c,57,f7,
67,e6,fe,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,8b,b1,20,ae,a8,
ee,84,1a,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,eb,f5,98,62,71,
66,b9,11,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,8a,dd,7c,74,f1,
d9,78,e0,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,80,79,d8,73,e9,
a5,03,94,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,48,19,37,43,93,
6c,56,ab,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,19,26,88,41,b8,
5e,8e,bd,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="AF9F321ECEF834CFED046A92BF63620C2636C96A445D572DDE6F4CBFECA3864B6FC2F0708CFED86D763DD5D31628EEC71B9B1A82C6473186A80C9B30A47BADB1EB7E008BC9784C96E90909B900AC4DCDE65D40DC3001983DB6C16EA61E9B61C465B0E20170459362A7EF0FC894C917F4A2C86D8BE479DC0B00CA37E6292EC3BFCF1C72E76068C429BFDAC505607CF7599D952327BD47DEEA3044BE3A0DFE0C1ED3E65B57EC078C8A771B5E7B62E130DADAD8B7CB8623141D26AF22ED03028222CE9B1FEFDBEE296749E35EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5555D575E7D6A3B98089DB7CE019D40AA5C0365C396952F79FE0A0F5C223AA34B74EE6F6D42B3AD300D64F97A4971539ADA84F9D0410AB08D44B8619F1B2DAB86DC2E612232A0F467925D585D184FDE801EA18F653BE5841C54E0C53D5283B8A6B73A8E3F9EF8505D63D87A967D94B294C63F97C9C581BC8628B43C587EB77D37003A23DFD5F73066A48DD85C7ADD98953C4478EDB8FAA3948BF0363769865EA70A583F44361C35BA4BB76107A48B91A3BA9F8CE27C32B56E1FD19CC4F3F2744BF8C2F5CEB429B7F72218F293A440D1C2D0BF205E10CD22A4D91A489091420ED947ADCF0959A5C09C49F0E423B8E43E5F639A783B85B6CE29810D8ACCC800ADEF444FC91F41DC0F8D318A7FF9322774452A2848F5049853D1B477A4D1B5F9070A9061D25F1CDD1593A3307F03F474C3A531E53B31C4667D59E325CD1806C1840DA123CF3F2FFC7ADB39B116C77C04AF96D7D36F3396D3CCDD53E7B240FEACC3C1C1D618D6515098F46162E77B54CB6F9052F6F565DB5B75E11D15708D76D696510FC3F7DF6EB2FDD5DE9A8E731E87EDF1A65856558AB8DF4C2C869A65D71E01CCFAB3AEBB88436ED4C7B517A68F394B7B320489B6AC6EAA66C29B39D32223BEA64A7671EDB2675F2E091302B3F0245BD2258AFDDCE14024DFF4B34608EA4DBBB5185E679F96C2FA83DE17C4DA2150A58182809444DA3952C92CB4B0D256471A37D2C12D9AEEC320595DA847801089E4F521FE25085E25EC9C2489DCADA17DAF49B9F9D2D08C96E1176B34692E43E10AFE2FA279EC461560B0ED9F20329BA205EFE4E7DB5553318689C328F811D42BB7542A8B4DD5825FCCC47067C59F28AD5812BDEDC0DEBCC88961F479BCF9717EC40EE6DF55CF939B88FC61578D58BDD89AFA01716D4BD3D89732E09F6DDCD9383EAA8D46B60791A71A5ECDE92AE3E621F15AC05E4299392214F4BF95B853E477E28998EC8B4DA4A4BED1199A43ECC3C938C3632312EDA1A415869B5A3E1AF922A5F2D98361198C78E6A8756D734289D7FA2E2331A50F552B6626D3F21492975F2F8E723F3A031ACB"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_CO_MON\0000\LogConf]
@DACL=(02 0000)
.
Celkový čas: 2009-03-29 14:07:04
ComboFix-quarantined-files.txt 2009-03-29 12:06:32
ComboFix2.txt 2009-03-29 08:49:59

Před spuštěním: Volných bajtů: 31 673 073 664
Po spuštění: Volných bajtů: 31,659,790,336

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=S763OE /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Záloha)" /noexecute=optin /fastdetect /TUTag=S763OE-BAK

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
334 --- E O F --- 2009-03-27 08:43:39

[pitrisek_brno]

a log z HIJA:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:49, on 29.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\sm56hlpr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crl ... crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

--
End of file - 9358 bytes

[jaro3]

Start- spustit-napiš services.msc –potvrď a vpravo v novém okně vyhledej ( pokud tam budou):
FortKnox Firewall NDIS Filter Service
LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared
Klikni pravým na první službu a vyber-vlastnosti- v novém okně nastav typ spouštění na zakázáno.
Opakuj to samé s druhou službou.. Zavři services.msc.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Pokud nejsou problémy , je to vše.

[pitrisek_brno]

Vše jsem udělal dle návodu a návodů - bohužel Picasa stále hlásí, že nejsem přihlášen na net a COMBO nelze toho odinstalovat, hlásí to, že je tam stále CYBERDEFENDER INTERNET SECURITY. Ale dulezite je ze vse ostatní funguje jak má. Děkuji za pomoc - moc a moc

[jaro3]

Ten CYBERDEFENDER INTERNET SECURITY máš v přidat/odebrat programy? Zkus ho odinstalovat( pokud máš ikonu v systrayi zvol pravým exit), nebo můžeš použít
k odinstalaci CCleaner-nástroje.
Pokud tam máš složku:
C:\Program Files\CyberDefender koukni do ní , zda tam není unistall.exe.Pokud jsi už předtím program odinstaloval na jdi a smaž:
C:\Program Files\CyberDefender

Pikasa bych zkusil přeinstalovat, tedy pokud je připojení v pořádku.

[pitrisek_brno]

prave ze neni ani v programech, ani disku c, ani v program files ani ve skrytych slozkach a kdyz klasicek vyhledavani souboru tak to take nenajde

[jaro3]

Zkus Combofix odinstalovat v nouz. režimu, nebo smaž:
C:\Combofix
C:\qoobox

Co se týká CYBERDEFENDER INTERNET SECURITY
tak zkusit ještě nějaký odinstalační program, ale pochybuji i tohoto, když nikde není. Zkus se podívat do services.msc .

Stáhni si a spusť DDS (by sUBs)
a ulož si ho na plochu.
- spusť ho, objeví se ti okno a tak do něho neklikej a počkej až program proběhne
- po ukončení své činnosti program vytvoří 2 logy a vyhodí ti informativní okno. To zavři přes OK
- vlož sem pak celý obsah logu z DDS

[pitrisek_brno]

Picaso preinstalovano a uz funguje a tak snad uz to bude fungovat navzdy:o)
A zde jsou ty dva logy:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2009-01-19 19:27:26
System Uptime: 2009-03-29 19:16:54 (0 hours ago)

Motherboard: FUJITSU SIEMENS | | AMILO Pro V2060
Processor: Intel(R) Pentium(R) M processor 1.70GHz | U1 | 983/400mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 29.765 GiB free.
D: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: UMAX Astra 610P
Device ID: ROOT\IMAGE\0000
Manufacturer: UMAX DATA SYSTEMS INC.
Name: UMAX Astra 1200
PNP Device ID: ROOT\IMAGE\0000
Service: UMAXPCLS

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Symantec Network Security Miniport
Device ID: ROOT\SYMC_SYMIMMP\0002
Manufacturer: Symantec
Name: Symantec Network Security Miniport #3
PNP Device ID: ROOT\SYMC_SYMIMMP\0002
Service: SymIMMP

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Settik
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP95: 2009-03-29 17:21:46 - Kontrolní bod systému

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8 - Czech
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Stock Photos 1.0
Aktualizace systému Windows Internet Explorer 8 (KB961813)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127-v2)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB956390)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB958215)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB960714)
Aktualizace zabezpečení systému Windows XP (KB923789)
AppCore
Apple Mobile Device Support
Apple Software Update
Asistent pro přihlášení ke službě Windows Live
avast! Antivirus
Balíček ovladače systému Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Balíček ovladače systému Windows - Nokia Modem (02/15/2007 3.1)
Balíček ovladače systému Windows - Nokia Modem (05/24/2007 6.84.0.1)
BS.Player FREE powered by AdVantage
Camera Window DS
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Component Framework
DivX Converter
DivX Player
DivX Web Player
dm paradies foto
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD2SVCD 1.2.3 Build 1
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Graphics Media Accelerator Driver for Mobile
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 12
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Konvertor
Megaupload Toolbar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Czech Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
Microsoft .NET Framework 3.0 Czech Language Pack
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
Microsoft .NET Framework 3.5 Language Pack SP1 - csy
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
Microsoft Application Error Reporting
Microsoft Office Access MUI (Czech) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Czech) 2007
Microsoft Office Groove MUI (Czech) 2007
Microsoft Office InfoPath MUI (Czech) 2007
Microsoft Office OneNote MUI (Czech) 2007
Microsoft Office Outlook MUI (Czech) 2007
Microsoft Office PowerPoint MUI (Czech) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (Czech) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Slovak) 2007
Microsoft Office Proofing (Czech) 2007
Microsoft Office Publisher MUI (Czech) 2007
Microsoft Office Shared MUI (Czech) 2007
Microsoft Office Word MUI (Czech) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (Czech) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero 7 Ultra Edition
neroxml
Nokia Connectivity Cable Driver
Nokia PC Suite
Numedia CD-DVD writing as non-admin user
NVIDIA Photoshop Plug-ins
OpenAL
OpenSSL 0.9.6m
PC Connectivity Solution
Photo Story 3 for Windows
PhotoStitch
Picasa 3
QuickTime
RealSpeak Solo for UK English Emily
Rhapsody Player Engine
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung Samples Installer
save2pc Light 3.44
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
SiSoftware Sandra Lite XIIc
SoundMAX
SPBBC 32bit
Spelling Dictionaries Support For Adobe Reader 8
Srt2Sup a4.03
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
TIxx21/x515
Total Commander (Remove or Repair)
TubeSucker
TuneUp Utilities 2009
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
VBA (2627.01)
VCRedistSetup
Virtual Machine Network Services Driver
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Commander (Remove or Repair)
Windows Desktop Search 3.01
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8 Release Candidate 1
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (CSY)
WinPcap 3.1 beta4
WinRAR archiver
wxMusik 0.4.2.2
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.2 final uninstall
Yahoo! Toolbar
Zoner Photo Studio 11

==== End Of File ===========================


DDS (Ver_09-03-16.01) - NTFSx86
Run by Pitrisek at 19:29:15.04 on 2009-03-29
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1014.517 [GMT 2:00]

AV: CyberDefender Internet Security *On-access scanning enabled* (Updated)
AV: *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1335 [VPS 090328-0] *On-access scanning enabled* (Updated)
FW: *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pitrisek\Plocha\složka_pro_stahování_nemazat\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.seznam.cz/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: UIHost=c:\documents and settings\all users\data aplikací\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: Pomocník pro přihlášení ke službě Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: Alcohol Toolbar: {ed4bd629-c1b6-4399-8a34-02ccaa921dc9} -
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TuneUp MemOptimizer] "c:\program files\tuneup utilities 2009\MemOptimizer.exe" autostart
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
uPolicies-explorer: NoSMMyDocs = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
dPolicies-explorer: NoSMMyDocs = 1 (0x1)
dPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... mv9VCM.CAB
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resour ... se5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/s ... wflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crl ... crlocx.ocx
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pitrisek\dataap~1\mozilla\firefox\profiles\n53805tp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.SOAPEncoding.schemaCollection", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-20 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-24 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-1-24 138680]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-8-1 45848]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-1-14 603904]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-1-24 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-1-24 352920]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-18 69120]
S3 Fkndisf;FortKnox Firewall NDIS Filter Service;c:\windows\system32\drivers\fortknoxfw_ndisim.sys --> c:\windows\system32\drivers\fortknoxfw_ndisim.sys [?]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2007-2-15 26624]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2007-10-14 23600]
S3 VM0517VM11;UMAX AstraSlim 1200 Scanner ProdID x0110;c:\windows\system32\drivers\usb0517.sys [2001-11-8 18120]
S4 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon --> c:\program files\common files\symantec shared\ccSvcHst.exe [?]
S4 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon --> c:\program files\common files\symantec shared\ccSvcHst.exe [?]
S4 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon --> c:\program files\common files\symantec shared\ccSvcHst.exe [?]
S4 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe --> c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [?]

=============== Created Last 30 ================

2009-03-29 14:00 <DIR> a-dshr-- C:\cmdcons
2009-03-28 11:07 <DIR> --d----- c:\docume~1\pitrisek\dataap~1\Malwarebytes
2009-03-28 11:07 <DIR> --d----- c:\docume~1\alluse~1\dataap~1\Malwarebytes
2009-03-27 15:17 <DIR> --d----- c:\docume~1\pitrisek\dataap~1\GlarySoft
2009-03-27 15:14 <DIR> --d----- c:\program files\Glary Utilities
2009-03-25 19:05 <DIR> --d----- c:\documents and settings\pitrisek\.thinupload
2009-03-22 12:00 <DIR> --d----- c:\documents and settings\pitrisek\FileDownloader
2009-03-22 12:00 <DIR> --d----- c:\program files\FDN
2009-03-20 20:50 3,358,720 a------- c:\windows\system32\GPhotos.scr
2009-03-20 18:13 <DIR> --d----- c:\docume~1\alluse~1\dataap~1\ashampoo
2009-03-12 07:03 1,089,883 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-11 22:47 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-11 22:47 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-11 22:47 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-11 22:47 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-11 22:47 <DIR> --d----- C:\c5de2ddba2120e09cfaf1e6ddfd4
2009-03-05 23:10 <DIR> --d----- c:\docume~1\pitrisek\dataap~1\DVDFab
2009-03-05 22:41 773,120 a------- c:\windows\system32\NEROINSTAEC43759.DB
2009-03-05 22:40 0 a------- c:\windows\Irremote.ini
2009-03-04 19:59 <DIR> --d----- c:\docume~1\pitrisek\dataap~1\Tracker Software
2009-03-04 13:48 2,331,008 a------- c:\windows\system32\TUKernel.exe
2009-03-02 22:29 <DIR> --d----- c:\docume~1\pitrisek\dataap~1\Windows Live Writer
2009-03-02 21:59 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-02 21:56 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-01 21:05 <DIR> --d----- c:\program files\The Logo Creator v5
2009-03-01 20:26 109,248 a------- c:\windows\system32\Mswinsck.ocx
2009-03-01 20:26 32,768 a------- c:\windows\system32\Flash8.oca
2009-03-01 20:26 1,511,424 a------- c:\windows\system32\Flash8.ocx
2009-03-01 20:26 196,608 a------- c:\windows\system32\Utility.dll
2009-03-01 20:26 368,912 a------- c:\windows\system32\vbar332.dll
2009-02-28 15:34 16 a------- c:\windows\sremcon.dat

==================== Find3M ====================

2009-03-15 20:56 66,504 ac--h--- c:\windows\system32\mlfcache.dat
2009-03-15 20:27 47,360 ac------ c:\docume~1\pitrisek\dataap~1\pcouffin.sys
2009-03-11 22:53 462,188 a------- c:\windows\system32\perfh005.dat
2009-03-11 22:53 92,114 a------- c:\windows\system32\perfc005.dat
2009-02-14 13:59 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-09 16:07 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-31 14:19 175,522 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1029.dat
2009-01-19 20:13 23,544 ac------ c:\windows\system32\emptyregdb.dat
2009-01-15 03:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 03:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 03:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 03:03 420,352 a------- c:\windows\system32\vbscript.dll
2009-01-15 03:03 72,704 a------- c:\windows\system32\admparse.dll
2009-01-15 03:03 71,680 a------- c:\windows\system32\iesetup.dll
2009-01-15 03:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 03:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 03:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 02:50 156,160 a------- c:\windows\system32\msls31.dll
2009-01-14 13:19 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-01-14 13:19 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2008-05-08 20:08 81,920 ac------ c:\docume~1\pitrisek\dataap~1\ezpinst.exe
2008-03-31 20:34 1,278 ac------ c:\program files\ImageBuilder.log
2008-03-31 20:31 0 ac------ c:\program files\init_x.cfg
2008-01-06 17:22 774,144 ac------ c:\program files\RngInterstitial.dll
2007-01-25 04:52 65,536 a------- c:\program files\common files\NMSAccessU.exe

============= FINISH: 19:30:09.75 ===============