Sekání PC

[Blademan]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:25, on 6.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\190.38\english\PhysX_9.09.0428_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 2574 bytes

Mám problém s tím že při kopírování většího objemu dat počítač zamrzne a musí se restartovat. Může mi někdo projít hijack log a poradit čím by to mohlo být. Díky

Konfigurace PC: Asus M4N78, AMD Athlon II X2 240, Kingston 4 GB CL6 800 MHz, Leadtek Winfast PX9500GT 512MB DDR2, Samsung Spinpoint F1 3.5'' 640 GB

[Reklama]

[Damned]

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\190.38\english\PhysX_9.09.0428_SystemSoftware.exe"
****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Blademan]

tady je ten log

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2551
Windows 5.1.2600 Service Pack 2

6.8.2009 17:56:21
mbam-log-2009-08-06 (17-56-21).txt

Typ skenu: Rychlý sken
Objektu skenováno: 77372
Uplynulý cas: 1 minute(s), 24 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[Damned]

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Blademan]

tak opět další log

ComboFix 09-08-04.04 - Lukáš 06.08.2009 18:23.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3327.2979 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lukáš\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-07-06 do 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-06 14:21 . 2009-08-06 14:21 -------- d-----w- c:\windows\nview
2009-08-06 14:19 . 2009-08-06 14:19 -------- d-----w- c:\windows\system32\Lang
2009-08-06 14:13 . 2008-04-13 22:15 6272 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2009-08-06 14:13 . 2008-04-13 22:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-08-06 14:13 . 2008-04-13 22:47 83072 -c--a-w- c:\windows\system32\dllcache\wdmaud.sys
2009-08-06 14:13 . 2008-04-13 22:47 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2009-08-06 14:13 . 2008-04-13 22:15 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
2009-08-06 14:13 . 2008-04-13 22:15 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2009-08-06 14:11 . 2008-08-25 08:17 528384 ------r- c:\windows\RtlExUpd.dll
2009-08-06 14:11 . 2009-08-06 14:11 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-06 14:09 . 2009-08-06 14:09 -------- d-----w- c:\windows\ASUSInstAll
2009-08-06 14:09 . 2009-08-06 14:09 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-06 14:09 . 2007-04-16 14:46 33792 ----a-w- c:\windows\system32\drivers\AmdPPM.sys
2009-08-06 14:09 . 2009-08-06 14:09 -------- d-----w- c:\program files\AMD
2009-08-06 14:09 . 2009-08-06 14:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-06 14:09 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-08-06 14:08 . 2004-08-17 15:49 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-08-06 14:07 . 2004-08-17 15:49 75264 ----a-w- c:\windows\system32\usbui.dll
2009-08-06 14:05 . 2009-08-06 16:23 -------- d-----w- c:\windows\system32\CatRoot2
2009-08-06 14:05 . 2009-08-06 14:31 -------- d-----w- c:\windows\system32\CatRoot
2009-08-06 14:05 . 2009-08-06 15:52 -------- d--h--r- c:\documents and settings\All Users\Data aplikací
2009-08-06 14:05 . 2009-08-06 14:06 -------- d--h--r- c:\documents and settings\Default User\Data aplikací
2009-08-06 14:05 . 2009-08-06 12:19 -------- d-----w- C:\Documents and Settings
2009-08-06 14:05 . 2009-08-06 12:16 -------- d--h--w- c:\documents and settings\Default User
2009-08-06 14:05 . 2009-08-06 12:15 -------- d-----w- c:\documents and settings\All Users
2009-08-06 14:05 . 2004-08-12 10:56 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2009-08-06 14:05 . 2007-12-28 07:22 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 15:52 . 2009-08-06 15:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 15:51 . 2009-08-06 15:51 -------- d-----w- c:\program files\HD Tune
2009-08-06 15:46 . 2009-08-06 15:46 -------- d-----w- c:\program files\Simpli Software
2009-08-06 15:20 . 2009-08-06 15:20 -------- d-----w- c:\program files\Trend Micro
2009-08-06 14:52 . 2009-08-06 14:48 319488 ----a-w- c:\windows\HideWin.exe
2009-08-06 14:51 . 2004-08-18 12:00 46016 ----a-w- c:\windows\system32\perfc005.dat
2009-08-06 14:51 . 2004-08-18 12:00 309716 ----a-w- c:\windows\system32\perfh005.dat
2009-08-06 14:28 . 2009-08-06 12:15 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-06 14:28 . 2009-08-06 12:15 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-08-06 14:12 . 2009-08-06 14:12 -------- d-----w- c:\program files\Realtek
2009-08-06 13:57 . 2009-08-06 12:15 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-08-06 12:31 . 2009-08-06 12:31 -------- d-----w- c:\program files\ESET
2009-08-06 12:29 . 2009-08-06 12:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-06 12:29 . 2009-08-06 12:29 -------- d-----w- c:\program files\NVIDIA Corporation
2009-08-06 12:26 . 2004-08-18 12:00 502272 ----a-w- c:\windows\system32\winlogon.exe
2009-08-06 12:16 . 2009-08-06 12:16 -------- d-----w- c:\program files\microsoft frontpage
2009-08-06 12:13 . 2009-08-06 12:13 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-03 11:36 . 2009-08-06 15:52 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-08-06 15:52 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-14 18:54 . 2009-08-06 12:28 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2009-08-06 12:28 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-14 18:54 . 2009-08-06 12:28 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-07-14 18:54 . 2009-08-06 12:28 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-07-14 11:35 . 2009-07-14 11:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-07-10 05:01 . 2009-08-06 12:28 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
.

------- Sigcheck -------

[-] 2009-08-06 12:26 502272 427E6DED3A2369D3432A683EB489EE14 c:\windows\system32\winlogon.exe

[-] 2008-04-13 20:09 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 20:09 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\drivers\aec.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-16 13578240]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-16 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-16 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-17 17676288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-dimsntfy - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 18:25
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Celkový čas: 2009-08-06 18:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-06 16:26

Před spuštěním: Volných bajtů: 56 250 068 992
Po spuštění: Volných bajtů: 56 245 252 096

114

[Damned]

Před použitím ComboFixu vyoni štít Esetu.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\emptyregdb.dat

FileLook::
c:\windows\HideWin.exe




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[Blademan]

Takže

Log Combo Fix:

ComboFix 09-08-04.04 - Lukáš 06.08.2009 18:44.2.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3327.2984 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lukáš\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Lukáš\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\windows\system32\emptyregdb.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\emptyregdb.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-06 do 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-06 15:52 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-06 15:52 . 2009-08-06 15:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 15:52 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-06 15:51 . 2009-08-06 15:51 -------- d-----w- c:\program files\HD Tune
2009-08-06 15:46 . 2009-08-06 15:46 -------- d-----w- c:\program files\Simpli Software
2009-08-06 15:20 . 2009-08-06 15:20 -------- d-----w- c:\program files\Trend Micro
2009-08-06 14:48 . 2009-08-06 14:52 319488 ----a-w- c:\windows\HideWin.exe
2009-08-06 14:21 . 2009-08-06 14:21 -------- d-----w- c:\windows\nview
2009-08-06 14:19 . 2009-08-06 14:19 -------- d-----w- c:\windows\system32\Lang
2009-08-06 14:13 . 2008-04-13 22:15 6272 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2009-08-06 14:13 . 2008-04-13 22:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-08-06 14:13 . 2008-04-13 22:47 83072 -c--a-w- c:\windows\system32\dllcache\wdmaud.sys
2009-08-06 14:13 . 2008-04-13 22:47 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2009-08-06 14:13 . 2008-04-13 22:15 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
2009-08-06 14:13 . 2008-04-13 22:15 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2009-08-06 14:11 . 2008-08-25 08:17 528384 ------r- c:\windows\RtlExUpd.dll
2009-08-06 14:11 . 2009-08-06 14:11 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-06 14:09 . 2009-08-06 14:09 -------- d-----w- c:\windows\ASUSInstAll
2009-08-06 14:09 . 2009-08-06 14:09 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-06 14:09 . 2007-04-16 14:46 33792 ----a-w- c:\windows\system32\drivers\AmdPPM.sys
2009-08-06 14:09 . 2009-08-06 14:09 -------- d-----w- c:\program files\AMD
2009-08-06 14:09 . 2009-08-06 14:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-06 14:09 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-08-06 14:08 . 2004-08-17 15:49 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-08-06 14:07 . 2004-08-17 15:49 75264 ----a-w- c:\windows\system32\usbui.dll
2009-08-06 14:05 . 2009-08-06 16:44 -------- d-----w- c:\windows\system32\CatRoot2
2009-08-06 14:05 . 2009-08-06 14:31 -------- d-----w- c:\windows\system32\CatRoot
2009-08-06 14:05 . 2009-08-06 15:52 -------- d--h--r- c:\documents and settings\All Users\Data aplikací
2009-08-06 14:05 . 2009-08-06 14:06 -------- d--h--r- c:\documents and settings\Default User\Data aplikací
2009-08-06 14:05 . 2009-08-06 12:19 -------- d-----w- C:\Documents and Settings
2009-08-06 14:05 . 2009-08-06 12:16 -------- d--h--w- c:\documents and settings\Default User
2009-08-06 14:05 . 2009-08-06 12:15 -------- d-----w- c:\documents and settings\All Users
2009-08-06 14:05 . 2004-08-12 10:56 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2009-08-06 14:05 . 2007-12-28 07:22 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 14:51 . 2004-08-18 12:00 46016 ----a-w- c:\windows\system32\perfc005.dat
2009-08-06 14:51 . 2004-08-18 12:00 309716 ----a-w- c:\windows\system32\perfh005.dat
2009-08-06 14:28 . 2009-08-06 12:15 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-06 14:28 . 2009-08-06 12:15 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-08-06 14:12 . 2009-08-06 14:12 -------- d-----w- c:\program files\Realtek
2009-08-06 13:57 . 2009-08-06 12:15 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-08-06 12:31 . 2009-08-06 12:31 -------- d-----w- c:\program files\ESET
2009-08-06 12:29 . 2009-08-06 12:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-06 12:29 . 2009-08-06 12:29 -------- d-----w- c:\program files\NVIDIA Corporation
2009-08-06 12:26 . 2004-08-18 12:00 502272 ----a-w- c:\windows\system32\winlogon.exe
2009-08-06 12:16 . 2009-08-06 12:16 -------- d-----w- c:\program files\microsoft frontpage
2009-07-14 18:54 . 2009-08-06 12:28 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2009-08-06 12:28 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-14 18:54 . 2009-08-06 12:28 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-07-14 18:54 . 2009-08-06 12:28 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-07-14 11:35 . 2009-07-14 11:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-07-10 05:01 . 2009-08-06 12:28 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\HideWin.exe ---
Company: Realtek Semiconductor Corp.
File Description: Hide Windows
File Version: 1.0.0.3
Product Name: HD Audio Hide windows program
Copyright: Realtek Semiconductor Corp. All rights reserved.
Original Filename: HideWin.exe
File size: 319488
Created time: 2009-08-06 14:48
Modified time: 2009-08-06 14:52
MD5: 950F61ED7C6DBFAD41059F754AF35469
SHA1: 4780F97573F6FFFD9DDFFE882D41F344CC66825C


------- Sigcheck -------

[-] 2009-08-06 12:26 502272 427E6DED3A2369D3432A683EB489EE14 c:\windows\system32\winlogon.exe

[-] 2008-04-13 20:09 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 20:09 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\drivers\aec.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-16 13578240]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-16 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-16 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-17 17676288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 18:45
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-08-06 18:45
ComboFix-quarantined-files.txt 2009-08-06 16:45
ComboFix2.txt 2009-08-06 16:26

Před spuštěním: Volných bajtů: 56 251 068 416
Po spuštění: Volných bajtů: 56 209 018 880

124


Log HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:45, on 6.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 2285 bytes

Počítač opět provedl to samé co předtím.

[Damned]

Nevidím, že bys tam měl nějakýho šmejda.

Stáhni si RSIT, klikni na "Continue" a nech ho provést sken.
Za chvíli se vygeneruje log se jménem log.txt (pokud nebude log vygenerován, najdeš jej v C:\rsit\log.txt); jeho obsah mi sem zkopíruj.
Zkopíruj sem (nebo přilož) i druhý log s názvem info.txt

[Blademan]

Log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Lukáš at 2009-08-06 21:04:28
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 72 GB (94%) free of 76 GB
Total RAM: 3327 MB (91% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-16 13578240]
"nwiz"=nwiz.exe /install []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-11-17 17676288]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-16 86016]
"Six Engine"=C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2009-02-13 5634560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\Bin\assetup.exe


======List of files/folders created in the last 1 months======

2009-08-06 22:07:43 ----A---- C:\WINDOWS\system32\h323log.txt
2009-08-06 22:05:33 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-08-06 22:04:23 ----A---- C:\WINDOWS\system32\usbui.dll
2009-08-06 22:03:30 ----A---- C:\WINDOWS\imsins.BAK
2009-08-06 22:03:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-06 22:03:27 ----SHD---- C:\WINDOWS\Installer
2009-08-06 22:03:27 ----D---- C:\Program Files\Common Files\ODBC
2009-08-06 22:03:27 ----A---- C:\WINDOWS\ODBCINST.INI
2009-08-06 22:03:24 ----RD---- C:\Program Files
2009-08-06 22:03:24 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-08-06 22:03:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-08-06 22:03:24 ----D---- C:\Program Files\Common Files
2009-08-06 22:03:20 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-08-06 22:03:20 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-08-06 22:03:20 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-08-06 22:03:19 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-08-06 22:03:19 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-08-06 22:03:19 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-08-06 22:03:18 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-08-06 22:03:18 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-08-06 22:03:18 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-08-06 22:03:18 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-08-06 22:03:18 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-08-06 22:03:18 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-08-06 22:03:18 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-08-06 22:03:18 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-08-06 22:03:18 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-08-06 22:03:16 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-08-06 22:03:16 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-08-06 22:03:16 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-08-06 22:03:16 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-08-06 22:03:16 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-08-06 22:03:16 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-08-06 22:03:16 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-08-06 22:03:15 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-08-06 22:03:15 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-08-06 22:03:15 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-08-06 22:03:15 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-08-06 22:03:15 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-08-06 22:03:12 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2009-08-06 22:03:12 ----A---- C:\WINDOWS\system32\kbdsl.dll
2009-08-06 22:03:12 ----A---- C:\WINDOWS\system32\kbdro.dll
2009-08-06 22:03:12 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2009-08-06 22:03:12 ----A---- C:\WINDOWS\system32\kbdpl.dll
2009-08-06 22:03:12 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2009-08-06 22:03:12 ----A---- C:\WINDOWS\system32\kbdhu.dll
2009-08-06 22:03:11 ----A---- C:\WINDOWS\system32\kbdycl.dll
2009-08-06 22:03:11 ----A---- C:\WINDOWS\system32\kbdcr.dll
2009-08-06 22:03:11 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2009-08-06 22:03:11 ----A---- C:\WINDOWS\system32\irclass.dll
2009-08-06 22:03:11 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-08-06 22:03:10 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-08-06 22:03:10 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-08-06 22:03:10 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-08-06 22:03:08 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-08-06 22:03:08 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-08-06 22:03:08 ----A---- C:\WINDOWS\system32\batt.dll
2009-08-06 22:03:07 ----A---- C:\WINDOWS\system32\storprop.dll
2009-08-06 22:03:07 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-08-06 22:03:00 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2009-08-06 22:02:58 ----RA---- C:\WINDOWS\SET8.tmp
2009-08-06 22:02:56 ----RA---- C:\WINDOWS\SET4.tmp
2009-08-06 22:02:54 ----RA---- C:\WINDOWS\SET3.tmp
2009-08-06 22:02:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-06 22:02:50 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-06 22:02:44 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-08-06 22:02:27 ----A---- C:\WINDOWS\setuplog.txt
2009-08-06 22:02:23 ----D---- C:\Documents and Settings
2009-08-06 22:02:22 ----SHD---- C:\System Volume Information
2009-08-06 22:01:37 ----RSH---- C:\boot.ini
2009-08-06 21:56:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-06 21:56:21 ----RSD---- C:\WINDOWS\Fonts
2009-08-06 21:56:21 ----RD---- C:\WINDOWS\Web
2009-08-06 21:56:21 ----HD---- C:\WINDOWS\inf
2009-08-06 21:56:21 ----D---- C:\WINDOWS\WinSxS
2009-08-06 21:56:21 ----D---- C:\WINDOWS\twain_32
2009-08-06 21:56:21 ----D---- C:\WINDOWS\Temp
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\wins
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\wbem
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\usmt
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\spool
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\ShellExt
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\Setup
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\ras
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\oobe
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\npp
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\mui
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\inetsrv
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\IME
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\icsxml
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\ias
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\export
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\drivers
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\dhcp
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\config
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\3com_dmi
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\3076
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\2052
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\1054
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\1042
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\1041
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\1037
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\1033
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\1031
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\1029
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\1028
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32\1025
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system32
2009-08-06 21:56:21 ----D---- C:\WINDOWS\system
2009-08-06 21:56:21 ----D---- C:\WINDOWS\security
2009-08-06 21:56:21 ----D---- C:\WINDOWS\Resources
2009-08-06 21:56:21 ----D---- C:\WINDOWS\repair
2009-08-06 21:56:21 ----D---- C:\WINDOWS\Provisioning
2009-08-06 21:56:21 ----D---- C:\WINDOWS\pchealth
2009-08-06 21:56:21 ----D---- C:\WINDOWS\PeerNet
2009-08-06 21:56:21 ----D---- C:\WINDOWS\mui
2009-08-06 21:56:21 ----D---- C:\WINDOWS\msapps
2009-08-06 21:56:21 ----D---- C:\WINDOWS\msagent
2009-08-06 21:56:21 ----D---- C:\WINDOWS\Media
2009-08-06 21:56:21 ----D---- C:\WINDOWS\java
2009-08-06 21:56:21 ----D---- C:\WINDOWS\ime
2009-08-06 21:56:21 ----D---- C:\WINDOWS\Help
2009-08-06 21:56:21 ----D---- C:\WINDOWS\ehome
2009-08-06 21:56:21 ----D---- C:\WINDOWS\Driver Cache
2009-08-06 21:56:21 ----D---- C:\WINDOWS\Debug
2009-08-06 21:56:21 ----D---- C:\WINDOWS\Cursors
2009-08-06 21:56:21 ----D---- C:\WINDOWS\Connection Wizard
2009-08-06 21:56:21 ----D---- C:\WINDOWS\Config
2009-08-06 21:56:21 ----D---- C:\WINDOWS\AppPatch
2009-08-06 21:56:21 ----D---- C:\WINDOWS\addins
2009-08-06 21:56:21 ----D---- C:\WINDOWS
2009-08-06 21:04:29 ----D---- C:\Program Files\trend micro
2009-08-06 21:04:28 ----D---- C:\rsit
2009-08-06 20:47:44 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-06 20:44:43 ----RA---- C:\WINDOWS\system32\AsIO.dll
2009-08-06 20:44:41 ----D---- C:\Program Files\ASUS
2009-08-06 20:43:48 ----D---- C:\WINDOWS\system32\AGEIA
2009-08-06 20:43:48 ----D---- C:\Program Files\AGEIA Technologies
2009-08-06 20:43:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-06 20:41:35 ----RA---- C:\WINDOWS\system32\fdco1ins.dll
2009-08-06 20:41:35 ----RA---- C:\WINDOWS\system32\fdco1.dll
2009-08-06 20:41:33 ----A---- C:\WINDOWS\system32\nvunrm.exe
2009-08-06 20:41:32 ----RA---- C:\WINDOWS\system32\nvconrm.dll
2009-08-06 20:41:32 ----RA---- C:\WINDOWS\system32\bdco1ins.dll
2009-08-06 20:41:32 ----RA---- C:\WINDOWS\system32\bdco1.dll
2009-08-06 20:41:29 ----RA---- C:\WINDOWS\system32\nvusmu.exe
2009-08-06 20:41:29 ----RA---- C:\WINDOWS\system32\NVCOSMU.DLL
2009-08-06 20:41:26 ----RA---- C:\WINDOWS\system32\nvusmb.exe
2009-08-06 20:41:26 ----RA---- C:\WINDOWS\system32\NVCOSMB.DLL
2009-08-06 20:40:59 ----A---- C:\WINDOWS\Language_trs.ini
2009-08-06 20:36:09 ----D---- C:\WINDOWS\system32\Lang
2009-08-06 20:30:37 ----D---- C:\WINDOWS\system32\RTCOM
2009-08-06 20:30:35 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-08-06 20:30:10 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-08-06 20:30:09 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2009-08-06 20:30:04 ----A---- C:\WINDOWS\vncutil.exe
2009-08-06 20:30:04 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2009-08-06 20:30:04 ----A---- C:\WINDOWS\SkyTel.exe
2009-08-06 20:30:03 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2009-08-06 20:30:03 ----A---- C:\WINDOWS\RtlUpd.exe
2009-08-06 20:30:03 ----A---- C:\WINDOWS\RtkAudioService.exe
2009-08-06 20:30:00 ----A---- C:\WINDOWS\RTLCPL.EXE
2009-08-06 20:29:54 ----A---- C:\WINDOWS\RTHDCPL.EXE
2009-08-06 20:29:53 ----A---- C:\WINDOWS\MicCal.exe
2009-08-06 20:29:49 ----A---- C:\WINDOWS\ALCMTR.EXE
2009-08-06 20:29:48 ----A---- C:\WINDOWS\ALCWZRD.EXE
2009-08-06 20:29:46 ----D---- C:\Program Files\Realtek
2009-08-06 20:29:43 ----R---- C:\WINDOWS\RtlExUpd.dll
2009-08-06 20:28:18 ----D---- C:\WINDOWS\ASUSInstAll
2009-08-06 20:28:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-08-06 20:28:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-06 20:28:12 ----D---- C:\Program Files\AMD
2009-08-06 20:28:08 ----D---- C:\Documents and Settings\Lukáš\Data aplikací\InstallShield
2009-08-06 20:27:50 ----A---- C:\WINDOWS\Ascd_log.ini
2009-08-06 20:27:19 ----A---- C:\WINDOWS\Ascd_tmp.ini
2009-08-06 20:24:10 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-08-06 20:23:52 ----D---- C:\WINDOWS\nview
2009-08-06 20:23:52 ----A---- C:\WINDOWS\system32\nvuninst.exe
2009-08-06 20:23:52 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-08-06 20:23:36 ----A---- C:\WINDOWS\system32\nwiz.exe
2009-08-06 20:23:36 ----A---- C:\WINDOWS\system32\nvwssr.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwss.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrszht.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrstr.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrsth.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrssv.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrssl.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrssk.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrsru.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrspt.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrspl.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrsno.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrsnl.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrsko.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrsja.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrsit.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrshu.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrshe.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrsfi.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrsesm.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrses.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrseng.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrsel.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrsde.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrsda.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrscs.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwrsar.dll
2009-08-06 20:23:35 ----A---- C:\WINDOWS\system32\nvwimg.dll
2009-08-06 20:23:34 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2009-08-06 20:23:34 ----A---- C:\WINDOWS\system32\nvwddi.dll
2009-08-06 20:23:33 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2009-08-06 20:23:33 ----A---- C:\WINDOWS\system32\nvshell.dll
2009-08-06 20:23:32 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2009-08-06 20:23:31 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2009-08-06 20:23:31 ----A---- C:\WINDOWS\system32\nvmccs.dll
2009-08-06 20:23:30 ----A---- C:\WINDOWS\system32\nview.dll
2009-08-06 20:23:30 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2009-08-06 20:23:25 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2009-08-06 20:23:24 ----A---- C:\WINDOWS\system32\nvcuda.dll
2009-08-06 20:23:24 ----A---- C:\WINDOWS\system32\nvcpluir.dll
2009-08-06 20:23:24 ----A---- C:\WINDOWS\system32\nvcplui.exe
2009-08-06 20:23:22 ----A---- C:\WINDOWS\system32\nvcodins.dll
2009-08-06 20:23:22 ----A---- C:\WINDOWS\system32\nvcod.dll
2009-08-06 20:23:22 ----A---- C:\WINDOWS\system32\nvappbar.exe
2009-08-06 20:23:22 ----A---- C:\WINDOWS\system32\nvapi.dll
2009-08-06 20:23:21 ----A---- C:\WINDOWS\system32\nvvitvsr.dll
2009-08-06 20:23:20 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2009-08-06 20:23:20 ----A---- C:\WINDOWS\system32\nvmoblsr.dll
2009-08-06 20:23:19 ----A---- C:\WINDOWS\system32\nvmobls.dll
2009-08-06 20:23:19 ----A---- C:\WINDOWS\system32\nvmccssr.dll
2009-08-06 20:23:19 ----A---- C:\WINDOWS\system32\nvmccss.dll
2009-08-06 20:23:19 ----A---- C:\WINDOWS\system32\nvgamesr.dll
2009-08-06 20:23:18 ----A---- C:\WINDOWS\system32\nvgames.dll
2009-08-06 20:23:17 ----A---- C:\WINDOWS\system32\nvdispsr.dll
2009-08-06 20:23:15 ----A---- C:\WINDOWS\system32\nvdisps.dll
2009-08-06 20:23:13 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-08-06 20:23:09 ----A---- C:\WINDOWS\system32\keystone.exe
2009-08-06 20:22:58 ----A---- C:\WINDOWS\system32\nvmctray.dll
2009-08-06 20:22:49 ----A---- C:\WINDOWS\system32\nvrszht.dll
2009-08-06 20:22:49 ----A---- C:\WINDOWS\system32\nvcpl.dll
2009-08-06 20:22:49 ----A---- C:\WINDOWS\system32\nvcolor.exe
2009-08-06 20:22:48 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2009-08-06 20:22:48 ----A---- C:\WINDOWS\system32\nvrstr.dll
2009-08-06 20:22:48 ----A---- C:\WINDOWS\system32\nvrsth.dll
2009-08-06 20:22:48 ----A---- C:\WINDOWS\system32\nvrssv.dll
2009-08-06 20:22:48 ----A---- C:\WINDOWS\system32\nvrssl.dll
2009-08-06 20:22:48 ----A---- C:\WINDOWS\system32\nvrssk.dll
2009-08-06 20:22:48 ----A---- C:\WINDOWS\system32\nvrsru.dll
2009-08-06 20:22:48 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2009-08-06 20:22:48 ----A---- C:\WINDOWS\system32\nvrspt.dll
2009-08-06 20:22:48 ----A---- C:\WINDOWS\system32\nvrspl.dll
2009-08-06 20:22:48 ----A---- C:\WINDOWS\system32\nvrsno.dll
2009-08-06 20:22:48 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2009-08-06 20:22:48 ----A---- C:\WINDOWS\system32\nvrsko.dll
2009-08-06 20:22:48 ----A---- C:\WINDOWS\system32\nvrsja.dll
2009-08-06 20:22:48 ----A---- C:\WINDOWS\system32\nvrsit.dll
2009-08-06 20:22:47 ----A---- C:\WINDOWS\system32\nvrshu.dll
2009-08-06 20:22:47 ----A---- C:\WINDOWS\system32\nvrshe.dll
2009-08-06 20:22:47 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2009-08-06 20:22:47 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2009-08-06 20:22:47 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2009-08-06 20:22:47 ----A---- C:\WINDOWS\system32\nvrses.dll
2009-08-06 20:22:47 ----A---- C:\WINDOWS\system32\nvrseng.dll
2009-08-06 20:22:47 ----A---- C:\WINDOWS\system32\nvrsel.dll
2009-08-06 20:22:47 ----A---- C:\WINDOWS\system32\nvrsde.dll
2009-08-06 20:22:47 ----A---- C:\WINDOWS\system32\nvrsda.dll
2009-08-06 20:22:47 ----A---- C:\WINDOWS\system32\nvrscs.dll
2009-08-06 20:22:47 ----A---- C:\WINDOWS\system32\nvrsar.dll
2009-08-06 20:22:36 ----D---- C:\WINDOWS\system32\WinFast
2009-08-06 20:22:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-06 20:18:26 ----D---- C:\Program Files\Common Files\InstallShield
2009-08-06 20:17:00 ----D---- C:\Documents and Settings\Lukáš\Data aplikací\Identities
2009-08-06 20:16:59 ----HD---- C:\Program Files\Uninstall Information
2009-08-06 20:16:54 ----SD---- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft
2009-08-06 20:16:54 ----ASH---- C:\Documents and Settings\Lukáš\Data aplikací\desktop.ini
2009-08-06 20:16:22 ----D---- C:\WINDOWS\SoftwareDistribution
2009-08-06 20:16:20 ----SD---- C:\WINDOWS\system32\Microsoft
2009-08-06 20:16:20 ----D---- C:\WINDOWS\Prefetch
2009-08-06 20:16:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-06 20:13:17 ----D---- C:\WINDOWS\system32\xircom
2009-08-06 20:13:17 ----D---- C:\Program Files\xerox
2009-08-06 20:13:17 ----D---- C:\Program Files\microsoft frontpage
2009-08-06 20:13:01 ----A---- C:\WINDOWS\control.ini
2009-08-06 20:13:01 ----A---- C:\AUTOEXEC.BAT
2009-08-06 20:12:52 ----A---- C:\WINDOWS\OEWABLog.txt
2009-08-06 20:12:48 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-08-06 20:12:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-06 20:12:06 ----RD---- C:\WINDOWS\Offline Web Pages
2009-08-06 20:12:06 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-08-06 20:12:01 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-08-06 20:11:57 ----HD---- C:\Program Files\WindowsUpdate
2009-08-06 20:11:53 ----D---- C:\Program Files\Online Services
2009-08-06 20:11:37 ----D---- C:\WINDOWS\system32\DirectX
2009-08-06 20:11:15 ----A---- C:\WINDOWS\system32\atrace.dll
2009-08-06 20:11:12 ----A---- C:\WINDOWS\system32\desktop.ini
2009-08-06 20:11:12 ----A---- C:\WINDOWS\desktop.ini
2009-08-06 20:11:04 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-08-06 20:11:03 ----A---- C:\WINDOWS\system32\acctres.dll
2009-08-06 20:11:02 ----D---- C:\Program Files\Common Files\Services
2009-08-06 20:10:59 ----SD---- C:\WINDOWS\Tasks
2009-08-06 20:10:59 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-08-06 20:10:58 ----D---- C:\Program Files\Common Files\MSSoap
2009-08-06 20:10:53 ----D---- C:\WINDOWS\srchasst
2009-08-06 20:10:52 ----D---- C:\WINDOWS\system32\Macromed
2009-08-06 20:10:49 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-08-06 20:10:49 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-08-06 20:10:49 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-08-06 20:10:49 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-08-06 20:10:48 ----A---- C:\WINDOWS\system32\wups.dll
2009-08-06 20:10:48 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-08-06 20:10:48 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-08-06 20:10:48 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-08-06 20:10:48 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-08-06 20:10:48 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-08-06 20:10:48 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-08-06 20:10:48 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-08-06 20:10:47 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-08-06 20:10:43 ----D---- C:\Program Files\Movie Maker
2009-08-06 20:10:39 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-08-06 20:10:39 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-08-06 20:10:38 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-08-06 20:10:38 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-08-06 20:10:34 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-08-06 20:10:34 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-08-06 20:10:33 ----D---- C:\WINDOWS\system32\Restore
2009-08-06 20:10:33 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-08-06 20:10:33 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-08-06 20:10:33 ----A---- C:\WINDOWS\system32\srclient.dll
2009-08-06 20:10:32 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-08-06 20:10:32 ----A---- C:\WINDOWS\system32\msconf.dll
2009-08-06 20:10:32 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-08-06 20:10:32 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-08-06 20:10:32 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-08-06 20:10:32 ----A---- C:\WINDOWS\system32\ils.dll
2009-08-06 20:10:28 ----D---- C:\Program Files\NetMeeting
2009-08-06 20:10:28 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-08-06 20:10:28 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-08-06 20:10:27 ----A---- C:\WINDOWS\system32\inetres.dll
2009-08-06 20:10:27 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-08-06 20:10:24 ----D---- C:\Program Files\Outlook Express
2009-08-06 20:10:24 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-08-06 20:10:24 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-08-06 20:10:24 ----A---- C:\WINDOWS\system32\mstask.dll
2009-08-06 20:10:23 ----A---- C:\WINDOWS\system32\isign32.dll
2009-08-06 20:10:23 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-08-06 20:10:23 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-08-06 20:10:23 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-08-06 20:10:17 ----D---- C:\Program Files\Common Files\System
2009-08-06 20:10:15 ----D---- C:\Program Files\Internet Explorer
2009-08-06 20:09:49 ----D---- C:\Program Files\ComPlus Applications
2009-08-06 20:09:47 ----A---- C:\WINDOWS\vbaddin.ini
2009-08-06 20:09:47 ----A---- C:\WINDOWS\vb.ini
2009-08-06 20:09:43 ----D---- C:\WINDOWS\Registration
2009-08-06 20:09:35 ----D---- C:\Program Files\Windows Media Player
2009-08-06 20:09:29 ----D---- C:\Program Files\Messenger
2009-08-06 20:09:25 ----D---- C:\Program Files\MSN Gaming Zone
2009-08-06 20:09:25 ----A---- C:\WINDOWS\system32\write.exe
2009-08-06 20:09:17 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-08-06 20:09:17 ----A---- C:\WINDOWS\system32\hticons.dll
2009-08-06 20:09:16 ----A---- C:\WINDOWS\system32\winchat.exe
2009-08-06 20:09:16 ----A---- C:\WINDOWS\system32\avwav.dll
2009-08-06 20:09:16 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-08-06 20:09:16 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-08-06 20:09:08 ----A---- C:\WINDOWS\system32\charmap.exe
2009-08-06 20:09:08 ----A---- C:\WINDOWS\system32\getuname.dll
2009-08-06 20:09:08 ----A---- C:\WINDOWS\system32\calc.exe
2009-08-06 20:09:07 ----A---- C:\WINDOWS\system32\winmine.exe
2009-08-06 20:09:07 ----A---- C:\WINDOWS\system32\sol.exe
2009-08-06 20:09:07 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-08-06 20:09:06 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-08-06 20:09:06 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-08-06 20:09:06 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-08-06 20:09:06 ----A---- C:\WINDOWS\system32\tskill.exe
2009-08-06 20:09:06 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-08-06 20:09:06 ----A---- C:\WINDOWS\system32\tscon.exe
2009-08-06 20:09:06 ----A---- C:\WINDOWS\system32\shadow.exe
2009-08-06 20:09:06 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-08-06 20:09:06 ----A---- C:\WINDOWS\system32\reset.exe
2009-08-06 20:09:06 ----A---- C:\WINDOWS\system32\regini.exe
2009-08-06 20:09:06 ----A---- C:\WINDOWS\system32\freecell.exe
2009-08-06 20:09:05 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-08-06 20:09:05 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-08-06 20:09:05 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-08-06 20:09:05 ----A---- C:\WINDOWS\system32\msg.exe
2009-08-06 20:09:05 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-08-06 20:09:05 ----A---- C:\WINDOWS\system32\logoff.exe
2009-08-06 20:09:05 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-08-06 20:09:04 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-08-06 20:09:04 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-08-06 20:09:04 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-08-06 20:09:04 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-08-06 20:09:03 ----A---- C:\WINDOWS\system32\stclient.dll
2009-08-06 20:09:03 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-08-06 20:09:03 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-08-06 20:09:03 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-08-06 20:08:58 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-08-06 20:08:57 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-08-06 20:08:56 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-08-06 20:08:56 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-08-06 20:08:56 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-08-06 20:08:55 ----D---- C:\Program Files\Windows NT
2009-08-06 20:08:55 ----A---- C:\WINDOWS\system32\spider.exe
2009-08-06 20:08:55 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-08-06 20:08:55 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-08-06 20:08:54 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-08-06 20:08:54 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-08-06 20:08:53 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-08-06 20:08:53 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-08-06 20:08:53 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-08-06 20:08:53 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-08-06 20:08:53 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-08-06 20:08:53 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-08-06 20:08:53 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-08-06 20:08:52 ----D---- C:\WINDOWS\system32\MsDtc
2009-08-06 20:08:52 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-08-06 20:08:52 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-08-06 20:08:52 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-08-06 20:08:52 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-08-06 20:08:52 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-08-06 20:08:52 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-08-06 20:08:52 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-08-06 20:08:52 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-08-06 20:08:51 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-08-06 20:08:51 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-08-06 20:08:51 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-08-06 20:08:50 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-08-06 20:08:50 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-08-06 20:08:50 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-08-06 20:08:49 ----D---- C:\WINDOWS\system32\Com
2009-08-06 20:08:49 ----A---- C:\WINDOWS\system32\colbact.dll
2009-08-06 20:08:49 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-08-06 20:08:49 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-08-06 20:08:48 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-08-06 20:08:48 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-08-06 20:08:48 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-08-06 20:08:47 ----A---- C:\WINDOWS\system32\comuid.dll
2009-08-06 20:08:47 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-08-06 20:08:41 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-08-06 20:08:40 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-08-06 20:08:40 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-08-06 20:08:40 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2009-08-06 22:03:22 ----A---- C:\WINDOWS\system.ini
2009-08-06 20:49:13 ----A---- C:\WINDOWS\system32\winlogon.exe
2009-08-06 20:13:01 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-18 14848]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-11-25 4952576]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-16 6134240]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2008-08-24 14208]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-18 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 17024]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-16 163908]

-----------------EOF-----------------


info:

info.txt logfile of random's system information tool 1.06 2009-08-06 21:04:31

======Uninstall list======

-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0005 -removeonly
EPU-4 Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}\setup.exe" -l0x9
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x5 -removeonly
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
WinFast(R) Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x5 -removeonly

======System event log======

Computer Name: OSOBN-1440C9985
Event Code: 15007
Message: Rezervace pro obor názvů identifikovaný prefixem adresy URL http://*:2869/ byla úspěšně přidána.

Record Number: 5
Source Name: HTTP
Time Written: 20090806201156.000000+120
Event Type: Informace
User:

Computer Name: OSOBN-1440C9985
Event Code: 6011
Message: Název tohoto počítače v systémech DNS a NetBIOS byl změněn z MACHINENAME na OSOBN-1440C9985.

Record Number: 4
Source Name: EventLog
Time Written: 20090806200749.000000+120
Event Type: Informace
User:

Computer Name: MACHINENAME
Event Code: 2
Message: Během prověřování, zda \Device\Serial0 je skutečně sériový port, byl zjištěn zásobník typu FIFO. Bude použit tento zásobník.

Record Number: 3
Source Name: Serial
Time Written: 20090806220249.000000+120
Event Type: Informace
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: Služba Event Log byla spuštěna.

Record Number: 2
Source Name: EventLog
Time Written: 20090806220231.000000+120
Event Type: Informace
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090806220231.000000+120
Event Type: Informace
User:

=====Application event log=====

Computer Name: OSOBN-1440C9985
Event Code: 1000
Message: Čítače výkonu pro službu MSDTC (MSDTC) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 5
Source Name: LoadPerf
Time Written: 20090806200938.000000+120
Event Type: Informace
User:

Computer Name: OSOBN-1440C9985
Event Code: 1000
Message: Čítače výkonu pro službu TermService (Terminálová služba) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 4
Source Name: LoadPerf
Time Written: 20090806200935.000000+120
Event Type: Informace
User:

Computer Name: OSOBN-1440C9985
Event Code: 1000
Message: Čítače výkonu pro službu RemoteAccess (Směrování a vzdálený přístup) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 3
Source Name: LoadPerf
Time Written: 20090806200833.000000+120
Event Type: Informace
User:

Computer Name: OSOBN-1440C9985
Event Code: 1000
Message: Čítače výkonu pro službu PSched (PSched) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 2
Source Name: LoadPerf
Time Written: 20090806200802.000000+120
Event Type: Informace
User:

Computer Name: OSOBN-1440C9985
Event Code: 1000
Message: Čítače výkonu pro službu RSVP (QoS RSVP) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 1
Source Name: LoadPerf
Time Written: 20090806200801.000000+120
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

[Damned]

Moc tam toho není, je to skoro čistý.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
C:\WINDOWS\SET8.tmp
C:\WINDOWS\SET4.tmp
C:\WINDOWS\SET3.tmp




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače