Hijack This log-zkontrolujte mi ho pls-

[Cowlei]

Zdravím Vás, chtěl bych poprosit o kontrolu tohoto logu. Po zapnutí kompu se mi místo plochy objeví reklamní softwere. Mám zavolat na telefonní číslo a zakoupit ho. Nemůžu to ničím zničit dokonce ani: SmitfraudFix ... Proto Vám posílám můj log z HIjackThis. Doufám, že tam najdete tu chybu. Předem Díky

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:09 odp., on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\locker.exe
C:\Přihlašovací obrazovka\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Práce s obrázky\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\Program Files\changeit\changeit.exe
C:\Přihlašovací obrazovka\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\wl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Přihlašovací obrazovka\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Přihlašovací obrazovka\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hi Jack This\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Xilokit Deskloops BHO - {B0CD151E-D4F1-4474-9BED-7D0173050EAD} - C:\Přihlašovací obrazovka\Deskloops\DLIEHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [License] locker.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKCU\..\Run: [RocketDock] "C:\Přihlašovací obrazovka\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Práce s obrázky\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O4 - HKCU\..\Run: [change!t] C:\Program Files\changeit\changeit.exe /startos
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1757981266-261903793-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Martasek')
O4 - HKUS\S-1-5-21-1757981266-261903793-725345543-1004\..\Run: [UberIcon] "C:\Přihlašovací obrazovka\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" (User 'Martasek')
O4 - HKUS\S-1-5-21-1757981266-261903793-725345543-1004\..\Run: [RocketDock] "C:\Přihlašovací obrazovka\Vista Inspirat 2\RocketDock\RocketDock.exe" (User 'Martasek')
O4 - HKUS\S-1-5-21-1757981266-261903793-725345543-1004\..\Run: [ICQ] "C:\ICQ6\ICQ.exe" silent (User 'Martasek')
O4 - HKUS\S-1-5-21-1757981266-261903793-725345543-1004\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" (User 'Martasek')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = ?
O4 - Startup: Y'z Shadow.lnk = ?
O4 - Global Startup: Nová aplikace.lnk = C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Centrum.cz - {8616B3F0-5B9D-4127-AFAF-DA12BFA2A05E} - C:\Program Files\Opera\turbo.dll (file missing)
O9 - Extra 'Tools' menuitem: Centrum.cz Turbo - {8616B3F0-5B9D-4127-AFAF-DA12BFA2A05E} - C:\Program Files\Opera\turbo.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ6\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ6\ICQ.exe (file missing)
O15 - Trusted Zone: http://s11.travian.cz
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://scripts.dlv4.com/binaries/egacce ... _em_XP.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7845367781
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: libdprin - C:\WINDOWS\system32\libdprin.dll (file missing)
O20 - Winlogon Notify: mprwanp - C:\WINDOWS\system32\mprwanp.dll (file missing)
O20 - Winlogon Notify: wmvmgr - wmvmgr32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)

--
End of file - 12252 bytes

[Reklama]

[paul27]

Tohle zastav ve správci úloh:
C:\WINDOWS\locker.exe
C:\WINDOWS\wl.exe

V hijackthisu fixni tohle:
O4 - HKLM\..\Run: [License] locker.exe
O4 - Startup: TransBar.lnk = ?
O4 - Startup: Y'z Shadow.lnk = ?
O20 - Winlogon Notify: libdprin - C:\WINDOWS\system32\libdprin.dll (file missing)
O20 - Winlogon Notify: mprwanp - C:\WINDOWS\system32\mprwanp.dll (file missing)
O20 - Winlogon Notify: wmvmgr - wmvmgr32.dll (file missing)
O9 - Extra button: Centrum.cz - {8616B3F0-5B9D-4127-AFAF-DA12BFA2A05E} - C:\Program Files\Opera\turbo.dll (file missing)
O9 - Extra 'Tools' menuitem: Centrum.cz Turbo - {8616B3F0-5B9D-4127-AFAF-DA12BFA2A05E} - C:\Program Files\Opera\turbo.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ6\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ6\ICQ.exe (file missing)

Odinstaluj Crawler Toolbar.

+ udělej postup s SDFixem: http://www.paul27.ic.cz/navody.html

pak pošli log z SDFixe a nový hijackthis.

[Cowlei]

Po restartu všechno v pořádku, reklama zmizela.

Report 1.

SDFix: Version 1.122

Run by Tom ç Baýina on st 01/02/2008 at 09:54 odp.

Microsoft Windows XP [Verze 5.1.2600]

Running From: C:\SDfix\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\SYS_DLL.DLL - Deleted
C:\Program Files\Common Files\Yazzle1461OinUninstaller.exe - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\system32\1.tmp - Deleted
C:\WINDOWS\system32\3.tmp - Deleted
C:\WINDOWS\system32\1.tmp - Deleted
C:\WINDOWS\system32\hook.dll - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 21:59:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 Systém nemůže nalézt uvedený soubor.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:40,e4,d6,0a,87,b8,10,1c,ff,01,9d,a6,ca,e0,5c,96,8e,e0,79,15,c8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:89,a5,dd,80,42,37,f6,89,b1,e0,43,02,1f,57,a1,ba,d3,31,e2,99,20,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,28,2a,83,9c,49,90,c3,b5,a0,5d,ff,51,cc,cd,e4,5f,2e,..
"khjeh"=hex:9c,4b,90,f7,c9,d3,fa,cf,91,22,d3,4a,86,e8,f2,86,0f,8e,92,52,8a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:96,ef,14,90,f0,e3,a4,cc,c3,34,38,46,9e,a3,a0,76,44,80,08,39,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:35,68,e3,05,8f,ca,3c,e0,db,a2,c4,7b,1e,92,94,9d,86,27,a8,c1,f1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:35,68,e3,05,8f,ca,3c,e0,db,a2,c4,7b,1e,92,94,9d,86,27,a8,c1,f1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:35,68,e3,05,8f,ca,3c,e0,db,a2,c4,7b,1e,92,94,9d,86,27,a8,c1,f1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:40,e4,d6,0a,87,b8,10,1c,ff,01,9d,a6,ca,e0,5c,96,8e,e0,79,15,c8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:89,a5,dd,80,42,37,f6,89,b1,e0,43,02,1f,57,a1,ba,d3,31,e2,99,20,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,28,2a,83,9c,49,90,c3,b5,a0,5d,ff,51,cc,cd,e4,5f,2e,..
"khjeh"=hex:9c,4b,90,f7,c9,d3,fa,cf,91,22,d3,4a,86,e8,f2,86,0f,8e,92,52,8a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:96,ef,14,90,f0,e3,a4,cc,c3,34,38,46,9e,a3,a0,76,44,80,08,39,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:35,68,e3,05,8f,ca,3c,e0,db,a2,c4,7b,1e,92,94,9d,86,27,a8,c1,f1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:35,68,e3,05,8f,ca,3c,e0,db,a2,c4,7b,1e,92,94,9d,86,27,a8,c1,f1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:35,68,e3,05,8f,ca,3c,e0,db,a2,c4,7b,1e,92,94,9d,86,27,a8,c1,f1,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a941492d5]
"001813670554"=hex:3b,8b,bd,77,10,f8,25,88,5d,93,b6,51,4c,23,ff,51
"00124722e03a"=hex:43,9b,60,4a,12,cc,b2,40,4c,fc,ce,69,2c,f0,fc,e8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:40,e4,d6,0a,87,b8,10,1c,ff,01,9d,a6,ca,e0,5c,96,8e,e0,79,15,c8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e8,d0,ab,02,45,f8,a9,68,b9,88,80,4b,d1,c6,cf,91,43,9a,9d,eb,67,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:9c,4b,90,f7,c9,d3,fa,cf,91,22,d3,4a,86,e8,f2,86,0f,8e,92,52,8a,..
"a0"=hex:20,01,00,00,4a,ac,08,6c,d3,73,6c,71,5e,99,7a,73,3a,c8,3a,dd,6c,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8d,55,8b,bc,ea,93,eb,51,74,de,19,05,2d,06,f3,ff,8a,e7,44,6e,01,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:90,80,07,55,ac,32,4c,80,24,8e,a5,7f,7d,7a,8c,14,88,da,b2,f3,0f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:3c,8a,af,1a,d6,d7,89,9f,f7,31,9e,92,81,b6,93,f1,d3,e6,b8,a7,b3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:3d,71,dc,cb,88,63,ed,f3,e8,47,b5,d2,14,b8,44,a9,29,09,08,fd,f5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a941492d5]
"001813670554"=hex:3b,8b,bd,77,10,f8,25,88,5d,93,b6,51,4c,23,ff,51
"00124722e03a"=hex:43,9b,60,4a,12,cc,b2,40,4c,fc,ce,69,2c,f0,fc,e8
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:40,e4,d6,0a,87,b8,10,1c,ff,01,9d,a6,ca,e0,5c,96,8e,e0,79,15,c8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e8,d0,ab,02,45,f8,a9,68,b9,88,80,4b,d1,c6,cf,91,43,9a,9d,eb,67,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:9c,4b,90,f7,c9,d3,fa,cf,91,22,d3,4a,86,e8,f2,86,0f,8e,92,52,8a,..
"a0"=hex:20,01,00,00,4a,ac,08,6c,d3,73,6c,71,5e,99,7a,73,3a,c8,3a,dd,6c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8d,55,8b,bc,ea,93,eb,51,74,de,19,05,2d,06,f3,ff,8a,e7,44,6e,01,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:90,80,07,55,ac,32,4c,80,24,8e,a5,7f,7d,7a,8c,14,88,da,b2,f3,0f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:3c,8a,af,1a,d6,d7,89,9f,f7,31,9e,92,81,b6,93,f1,d3,e6,b8,a7,b3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:3d,71,dc,cb,88,63,ed,f3,e8,47,b5,d2,14,b8,44,a9,29,09,08,fd,f5,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,
C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,
C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,
C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,
C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,
C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,
C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,
C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,
C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,
C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,
C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,
C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur, C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="9DD6F8B6ACBA034EC5366D4C0D30DEF83A095534CD9687EE7B7
4C416AE7C5C6B5A7A507AE1EED8A1D17B7ADF46BF335D21C80462F5E0D32F4B4A02ED21D08FAA532BC58A
3D92BB38D41F9730FE3A8AEF6839BB2CA505C08BD5464D191B07B1611CC5E4E6DF62957442E896EB4515A1
94FDA73192F751000A285FE08A65660B55808B8C125EBFE37F42811AC81AEB4B738846EE9C7CB8597484F1C
9B9BBDBF793FE206E94C230B74530741AFEF3FB6E7B5F2BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E1
27BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC3
8DE3DA9C6AECB7A5D14078EDD5E5BE2F6E6675B2E713A2C2D2AD91FAF0D8A57C6B3C0521B8BCF14700EC
05D2495E45B157B1034A95373D2677293CED2A8B9EC84C2F1F0B348E6DA1D8CB540020805CCB4827FB15D
937481F57EC73F2764F32688E5B6EE6493BF8B06E1FBAF39F0379E755E4BFDEB7218405CDF5DDC7D6E4FE258
2D7BA1CF2BC778D2BB2906DABA6139BD79D519F52561AEE1E11CEE29E604143C5D14B09BBD928B6C7ABB
717F41101AB9F363D424D574FB947C310C8465F140416D379A70EB57BD82B591F2C052F4D0559D1B5823A11
96E4261309EEB741982BA8B7FAE7C4FEF1F8635EDDE3DB46202C7808A9D2117BC5F01F20CE7BE10A187BA98
691271715C532EF678629720CE6485D32175D2BDF03C28C8207BE1ABD3931DA6D9BD85D23E10742CBCF776B
D59C6C908B380EF8D6A85D3AF28413F2E1D7B7C01157E71655D23163BA97405314007953FFAB63374025165A54
774C2EE91A9BC234775F38FA4E9963D13FA710C671BAA5013E2DB51B548FEDE80A4DC3E651D01BCFD964DADA
2D7BB8030066ED7568A9044FB232F7CA3A7094240B682DCF2E6B2B3AAAA440E0A758F041D643310B971925B9B6
B74BB92C031ECD1612C02B72F009FA54FA274B2DC600058B77924E001BF08B880764E6BF9E6AD6731D65656AE5
9CD28F4B496973D40DDC4F38078407CEAEE7FFE85E33BCA5F07160602F91434F33ED060CC21D55A8439ABE48AE5
EEBC2BEC82D4F522B1C28F31571235FB5B22492522294132B28BC8E4B6A7DEB72AADDB10B3459DA22501371888
DF75E4BA6E956B82BDEB5C923CEA67762D472E504F1D19EDE6D8718D3B545B6BC851ADE1235B2E3C5FA8A7826B
0C775E3D137C67B75080EBA3088F88BB2BCCA47D5A44A860DE3D7D20DA8EAFAC9305C36F95CB940D1EF04DBC0
FF2D55FC5F53E02A20B88D5A99D5AEBE7006FA6ABB1E4B2A338268C70479842D383DB966D9226AC45589E4B8786
46FDB85F369441D05F4998500A06F717351CC31FA2E7B58F2CAA5DF4AE9A8CE51D663B0420C686ED3748D39956D
DA5266F044D16576BEE1308FC8C211DB18ADC9E8AE0B7EB9FF245D399380C408DB2"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Disabled:Konzola Microsoft Management Console"
"D:\\Warcraft III\\War3.exe"="D:\\Warcraft III\\War3.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe"="C:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe:*:Disabled:Medieval_TW"
"D:\\Warcraft III\\Warcraft III.exe"="D:\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"E:\\Warcraft III\\Warcraft III.exe"="E:\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"E:\\Medieval_TW.exe"="E:\\Medieval_TW.exe:*:Enabled:Medieval_TW"
"E:\\Nov slo§ka\\Medieval_TW.exe"="E:\\Nov slo§ka\\Medieval_TW.exe:*:Enabled:Medieval_TW.exe"
"E:\\Mw\\Medieval_TW.exe"="E:\\Mw\\Medieval_TW.exe:*:Enabled:Medieval_TW"
"E:\\FreeCraft\\freecraft.exe"="E:\\FreeCraft\\freecraft.exe:*:Enabled:freecraft"
"E:\\AA2006\\crx.exe"="E:\\AA2006\\crx.exe:*:Enabled:crx"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Program Files\\America's Army\\System\\Server.exe"="C:\\Program Files\\America's Army\\System\\Server.exe:*:Enabled:Server"
"C:\\Documents and Settings\\Martasek.SYSTEM\\Plocha\\Warcraft III.exe"="C:\\Documents and Settings\\Martasek.SYSTEM\\Plocha\\Warcraft III.exe:*:Enabled:Warcraft III"
"E:\\OperationFlashpoint\\OperationFlashpoint\\OperationFlashpoint.exe"="E:\\OperationFlashpoint\\OperationFlashpoint\\OperationFlashpoint.exe:*:
Enabled:Operation Flashpoint"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"E:\\Nov slo§ka\\BF2.exe"="E:\\Nov slo§ka\\BF2.exe:*:Enabled:Battlefield 2"
"E:\\Nov slo§ka\\Bf2_w32ded.exe"="E:\\Nov slo§ka\\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
"E:\\Nov slo§ka\\BF2VoipServer_w32ded.exe"="E:\\Nov slo§ka\\BF2VoipServer_w32ded.exe:*:Enabled:BF2VoipServer_w32ded"
"E:\\Nov slo§ka\\BF2VoipServer.exe"="E:\\Nov slo§ka\\BF2VoipServer.exe:*:Disabled:BF2VoipServer"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"C:\\Valve\\Condition Zero\\czero.exe"="C:\\Valve\\Condition Zero\\czero.exe:*:Enabled:Condition Zero Launcher"
"C:\\Documents and Settings\\Martasek.SYSTEM\\Local Settings\\Temp\\Rar$EX10.1094\\Counter-Strike 1.6\\hlds.exe"="C:\\Documents and Settings\\Martasek.SYSTEM\\Local Settings\\Temp\\Rar$EX10.1094\\Counter-Strike 1.6\\hlds.exe:*:Enabled:HLDS Launcher"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"E:\\Paintball2\\paintball2.exe"="E:\\Paintball2\\paintball2.exe:*:Enabled:paintball2"
"C:\\Documents and Settings\\Martasek.SYSTEM\\Dokumenty\\Counter-Strike 1.6\\hlds.exe"="C:\\Documents and Settings\\Martasek.SYSTEM\\Dokumenty\\Counter-Strike 1.6\\hlds.exe:*:Enabled:HLDS Launcher"
"E:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="E:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"E:\\MTW\\Medieval_TW.exe"="E:\\MTW\\Medieval_TW.exe:*:Enabled:Medieval_TW"
"E:\\Bf\\BF2.exe"="E:\\Bf\\BF2.exe:*:Enabled:BF2"
"E:\\Heroes3\\HEROES3.EXE"="E:\\Heroes3\\HEROES3.EXE:*:Enabled:Heroes of Might and MagicR III"
"E:\\Lotr\\game.dat"="E:\\Lotr\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"E:\\Bf\\Bf2_w32ded.exe"="E:\\Bf\\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\SuperTorrent\\SuperTorrent.exe"="C:\\Program Files\\SuperTorrent\\SuperTorrent.exe:*:Enabled:Warez3"
"E:\\Boiling Point - Cesta do pekel\\XENUS.EXE"="E:\\Boiling Point - Cesta do pekel\\XENUS.EXE:*:Enabled:XENUS"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Disabled:GameSpy Arcade"
"E:\\Call2\\CoD2MP_s.exe"="E:\\Call2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"E:\\Star Wars\\Aphex.exe"="E:\\Star Wars\\Aphex.exe:*:Enabled:GameSpy Arcade"
"E:\\Star Wars\\GameData\\BattlefrontII.exe"="E:\\Star Wars\\GameData\\BattlefrontII.exe:*:Enabled:BattlefrontII"
"E:\\Rome\\RomeTW.exe"="E:\\Rome\\RomeTW.exe:*:Enabled:Rome: Total War"
"E:\\moh\\MOHAA.exe"="E:\\moh\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"E:\\OperationFlashpoint\\OperationFlashpoint\\FlashpointResistance.exe"="E:\\OperationFlashpoint\\OperationFlashpoint\\FlashpointResistance.exe:*:
Enabled:Operation Flashpoint"
"E:\\XIII\\system\\XIII.exe"="E:\\XIII\\system\\XIII.exe:*:Enabled:XIII"
"C:\\Heroes of Might and Magic IV\\heroes4c.exe"="C:\\Heroes of Might and Magic IV\\heroes4c.exe:*:Disabled:Heroes of Might and MagicR IV: Winds of Wart"
"E:\\XII\\XIII\\system\\XIII.exe"="E:\\XII\\XIII\\system\\XIII.exe:*:Enabled:XIII"
"C:\\Documents and Settings\\Martasek.SYSTEM\\Local Settings\\Temp\\Rar$EX01.579\\Counter-Strike 1.6\\hl.exe"="C:\\Documents and Settings\\Martasek.SYSTEM\\Local Settings\\Temp\\Rar$EX01.579\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"E:\\Counter-Strike 1.6 [Lan]\\Counter-Strike 1.6\\hl.exe"="E:\\Counter-Strike 1.6 [Lan]\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4ss.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4ss.exe:*:Enabled:Sunbelt Kerio Firewall Service"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"E:\\Warcraft III\\Warcraft III\\Warcraft III.exe"="E:\\Warcraft III\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe"="C:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe:*:Enabled:i-Speeder"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"E:\\Forces\\swfoc.exe"="E:\\Forces\\swfoc.exe:*:Enabled:Star Wars(TM): Empire at War(TM): Forces of Corruption(TM)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Documents and Settings\\Tom ç Baýina\\Local Settings\\Temp\\Rar$EX04.532\\Arkanoid 3D\\Arkanoid3d.exe"="C:\\Documents and Settings\\Tom ç Baýina\\Local Settings\\Temp\\Rar$EX04.532\\Arkanoid 3D\\Arkanoid3d.exe:*:Enabled:Arkanoid3d"
"E:\\Counter-Strike 1.6 [Lan]\\Counter-Strike 1.6\\Counter-Strike 1.6\\hl.exe"="E:\\Counter-Strike 1.6 [Lan]\\Counter-Strike 1.6\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Documents and Settings\\Martasek.SYSTEM\\Local Settings\\Temp\\Rar$EX29.610\\Counter-Strike 1.6\\hl.exe"="C:\\Documents and Settings\\Martasek.SYSTEM\\Local Settings\\Temp\\Rar$EX29.610\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Documents and Settings\\Martasek.SYSTEM\\Local Settings\\Temp\\Rar$EX14.1782\\Counter-Strike 1.6\\hl.exe"="C:\\Documents and Settings\\Martasek.SYSTEM\\Local Settings\\Temp\\Rar$EX14.1782\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Documents and Settings\\Martasek.SYSTEM\\Local Settings\\Temp\\Rar$EX11.500\\Counter-Strike 1.6\\hl.exe"="C:\\Documents and Settings\\Martasek.SYSTEM\\Local Settings\\Temp\\Rar$EX11.500\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Documents and Settings\\Martasek.SYSTEM\\Local Settings\\Temp\\Rar$EX06.468\\Counter-Strike 1.6\\hl.exe"="C:\\Documents and Settings\\Martasek.SYSTEM\\Local Settings\\Temp\\Rar$EX06.468\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Documents and Settings\\Martasek.SYSTEM\\Dokumenty\\Counter-Strike 1.6\\hl.exe"="C:\\Documents and Settings\\Martasek.SYSTEM\\Dokumenty\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"E:\\Sid Meier's Civilization 4\\Civilization4.exe"="E:\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"E:\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"="E:\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"E:\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"="E:\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"E:\\Counter-Strike 1.6\\hl.exe"="E:\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\Backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"="C:\\Program Files\\Autodesk\\Backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"="C:\\Program Files\\Autodesk\\Backburner\\server.exe:*:Enabled:backburner 2.3 server"
"E:\\Steam\\Steam.exe"="E:\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Documents and Settings\\Martasek.SYSTEM\\Plocha\\FIFA08.exe"="C:\\Documents and Settings\\Martasek.SYSTEM\\Plocha\\FIFA08.exe:*:Enabled:FIFA08"
"E:\\The Battle for Middle-earth\\game.dat"="E:\\The Battle for Middle-earth\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"E:\\Pro Evolution Soccer 2008\\PES2008.exe"="E:\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"E:\\Battlefield 2142\\BF2142.exe"="E:\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\\ICQ6\\ICQ.exe"="C:\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Documents and Settings\\Martasek.SYSTEM\\Plocha\\utorrent.exe"="C:\\Documents and Settings\\Martasek.SYSTEM\\Plocha\\utorrent.exe:*:Enabled:uTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\SDfix\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 15 Oct 2007 5,903,928 A..H. --- "C:\Pr ce s obr zky\Picasa2\setup.exe"
Sun 18 Nov 2007 593 A.SH. --- "C:\WINDOWS\system32\mmf(2)(2).sys"
Sun 18 Nov 2007 593 A.SH. --- "C:\WINDOWS\system32\mmf(2)(3).sys"
Sun 18 Nov 2007 593 A.SH. --- "C:\WINDOWS\system32\mmf(3)(2).sys"
Wed 2 Jan 2008 593 A.SH. --- "C:\WINDOWS\system32\mmf.sys"
Mon 8 Jan 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 24 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT10.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT14.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BITF.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\911362f9031af35c5b51e12ecc909800\BIT11.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ddd366874e802b7f73320d55edd2e34f\BIT13.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e691f694d870764b4c31a5eb30b26139\BIT12.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f3a3b2a2e8ef3845fb7855c997a48858\BIT15.tmp"

Finished!

Report 2.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:14 odp., on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Přihlašovací obrazovka\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Práce s obrázky\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hi Jack This\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Xilokit Deskloops BHO - {B0CD151E-D4F1-4474-9BED-7D0173050EAD} - C:\Přihlašovací obrazovka\Deskloops\DLIEHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKCU\..\Run: [RocketDock] "C:\Přihlašovací obrazovka\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Práce s obrázky\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O4 - HKCU\..\Run: [change!t] C:\Program Files\changeit\changeit.exe /startos
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Nová aplikace.lnk = C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O15 - Trusted Zone: http://s11.travian.cz
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://scripts.dlv4.com/binaries/egacce ... _em_XP.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7845367781
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)

--
End of file - 9580 bytes

Děkuji za radu , myslím, že problém je vyřešen...

[paul27]

Tohle ještě nech otestovat na http://www.virustotal.com nebo pokud znáš a víš, že to není nebezpečný, tak nemusíš:
C:\WINDOWS\locker.exe
C:\WINDOWS\wl.exe

Zatím jsme je jen zastavili ve správci úloh (a jednu položku fixli po spuštění), ale na disku ještě jsou, takže pokud to jsou šmejdi, bylo by dobrý je smazat nadobro.

Jinak smaž všechno, co patří k SDFixu a pročisti CCleanerem. Pro větší kontrolu bych to ještě projel ComboFixem.

Stáhněte a uložte na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

spusťte aplikaci pod účtem s administrátorským oprávněním - následuje licenční ujednání, stiskněte klávesu 1 pro pokračování - začne se testovat (celá akce trvá cca. 5-10 minut, někdy i trochu déle) - během skenu se nepokoušejte spouštět žádne jiné aplikace a neklikejte do okna ComboFixu - po dokončení se automaticky otevře okno poznámkového bloku s textem, který sem pomocí známých klávesových zkratek Ctrl + A (označení celého textu) -> Ctrl + C (uložení do jakési schránky) -> Ctrl + V (vložení textu) zkopírujte - a počkejte na další postup

[Cowlei]

Jasan, takže jsem to projel CCleanerem i ComboFixem. A tady zasílám výpis z komba ...
(Díky za pomoc )

ComboFix 08-01-04.1 - T**** B****** 2008-01-04 9:41:21.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.392 [GMT 1:00]
Running from: C:\Documents and Settings\T****B*****\Plocha\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\dialerexe.ini
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\kzegms.dat
C:\WINDOWS\system32\kzegms.exe
C:\WINDOWS\system32\kzegms_nav.dat
C:\WINDOWS\system32\kzegms_navps.dat
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\win32.dll
C:\WINDOWS\tmlpcert2007

.
((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))
.

2008-01-04 09:39 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 09:31 . 2008-01-04 09:31 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-03 23:09 . 2008-01-03 23:13 <DIR> d-------- C:\Documents and Settings\Tomáš Bařina\mods
2008-01-03 23:09 . 2008-01-03 23:13 <DIR> d-------- C:\Documents and Settings\Tomáš Bařina\mods
2008-01-02 22:27 . 2008-01-02 22:30 <DIR> d-------- C:\WINDOWS\NV39043908.TMP
2008-01-02 21:53 . 2008-01-02 21:53 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-02 14:57 . 2008-01-02 22:10 <DIR> d----c--- C:\Hi Jack This
2008-01-01 23:58 . 2008-01-02 14:32 <DIR> d-------- C:\Program Files\Miranda
2008-01-01 21:10 . 2008-01-01 21:18 <DIR> d----c--- C:\ConverterOutput
2008-01-01 21:09 . 2008-01-01 21:09 <DIR> d-------- C:\Program Files\Cucusoft
2008-01-01 21:09 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-01-01 21:09 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-01-01 21:09 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-01-01 21:09 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-01-01 21:09 . 2003-04-03 00:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-01-01 21:09 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-01-01 21:09 . 2004-09-10 13:50 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2008-01-01 18:53 . 2008-01-01 18:53 <DIR> d-------- C:\Program Files\pspvideo9
2008-01-01 18:47 . 2008-01-01 18:47 <DIR> d----c--- C:\temp
2008-01-01 18:46 . 2008-01-01 18:46 <DIR> d-------- C:\Program Files\PQDVD
2008-01-01 17:37 . 2008-01-01 18:12 <DIR> d-------- C:\Program Files\Badak for Mobile
2008-01-01 17:27 . 2008-01-01 18:12 <DIR> d-------- C:\Program Files\MP4 Converter
2008-01-01 16:42 . 2008-01-01 16:42 3,200,054 --a--c--- C:\FrameWallpaper.bmp
2008-01-01 16:35 . 2008-01-01 16:35 49 -ra------ C:\WINDOWS\amunres.lsl
2008-01-01 16:21 . 2008-01-01 16:21 1,588 --a------ C:\WINDOWS\debugrcfile.ini
2008-01-01 16:20 . 2008-01-01 16:35 <DIR> d-------- C:\Program Files\Recomposit
2007-12-31 13:01 . 2007-12-31 13:01 <DIR> d-------- C:\Documents and Settings\Tomáš Bařina\Data aplikací\ESET
2007-12-31 13:01 . 2007-12-31 13:01 <DIR> d----c--- C:\Documents and Settings\Administrator\Plocha
2007-12-31 13:01 . 2007-12-31 13:01 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-12-31 13:01 . 2007-12-31 13:01 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Okolní síť
2007-12-31 13:01 . 2007-12-31 13:01 <DIR> d----c--- C:\Documents and Settings\Administrator\Oblíbené položky
2007-12-31 13:01 . 2007-12-31 13:01 <DIR> dr---c--- C:\Documents and Settings\Administrator\Nabídka Start
2007-12-31 13:01 . 2007-12-31 13:01 <DIR> d----c--- C:\Documents and Settings\Administrator\Dokumenty
2007-12-31 13:00 . 2007-12-31 13:00 <DIR> d----c--- C:\Documents and Settings\All Users\Data aplikací\Apple
2007-12-31 12:49 . 2007-12-31 13:00 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Šablony
2007-12-31 12:49 . 2007-12-31 13:00 <DIR> dr-h-c--- C:\Documents and Settings\Administrator\Data aplikací
2007-12-31 10:18 . 2007-12-31 10:18 <DIR> d----c--- C:\Documents and Settings\All Users\Data aplikací\ESET
2007-12-29 02:03 . 2007-12-31 13:00 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-28 23:21 . 2007-12-31 13:00 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-28 23:21 . 2007-12-28 23:21 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-27 19:47 . 2007-12-27 20:16 <DIR> d-------- C:\Program Files\ANTIVIR_LPUR
2007-12-27 16:55 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-27 16:26 . 2007-09-05 22:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-27 16:26 . 2006-04-27 15:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-27 16:26 . 2003-06-05 19:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-27 16:26 . 2004-07-31 16:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-27 16:26 . 2007-10-03 22:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-27 11:09 . 2007-12-27 11:09 <DIR> d-------- C:\Program Files\GameSpy
2007-12-26 23:36 . 2007-12-28 22:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-26 23:36 . 2007-12-26 23:36 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-23 14:10 . 2007-12-23 14:54 <DIR> d-------- C:\Program Files\MediaCoder
2007-12-22 21:15 . 2007-12-22 21:15 <DIR> d-------- C:\Program Files\DsNET Corp
2007-12-21 06:45 . 2007-12-27 18:56 <DIR> d-------- C:\Program Files\AdVantage
2007-12-21 06:44 . 2007-12-21 06:46 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2007-12-19 15:52 . 2007-12-19 15:52 221,184 --a------ C:\WINDOWS\locker.exe
2007-12-19 15:19 . 2007-12-19 15:19 38,400 --a------ C:\WINDOWS\wl.exe
2007-12-19 15:13 . 2007-12-19 15:13 73,216 --a------ C:\WINDOWS\WinLockDll.dll
2007-12-19 13:20 . 2007-12-19 13:20 2 --a------ C:\WINDOWS\uid.tmp
2007-12-11 18:19 . 2007-12-28 19:31 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-11 00:19 . 2007-12-19 01:34 <DIR> d-------- C:\Program Files\changeit
2007-12-08 20:48 . 2007-12-08 20:48 <DIR> d-------- C:\Program Files\Fifa Master
2007-12-08 15:10 . 2007-12-08 15:10 <DIR> d-------- C:\Program Files\PandoBar
2007-12-04 15:06 . 2007-12-04 15:06 <DIR> d-------- C:\Program Files\WinCustomize
2007-12-04 11:17 . 2008-01-02 20:48 3,140 --a------ C:\WINDOWS\system32\tmp.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 08:35 --------- dc----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-01-03 21:36 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-03 12:09 --------- dc----w C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-01-02 20:51 661,949 -c--a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-02 02:04 --------- d-----w C:\Program Files\uTorrent
2008-01-01 21:13 --------- d-----w C:\Program Files\ICQToolbar
2008-01-01 20:46 --------- d-----w C:\Program Files\ICQLite
2008-01-01 17:53 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-31 08:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-29 01:08 --------- dc----w C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2007-12-27 10:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 22:45 --------- d-----w C:\Program Files\Real
2007-12-26 22:45 --------- d-----w C:\Program Files\Common Files\Real
2007-12-26 21:53 --------- d-----w C:\Program Files\Opera
2007-12-26 20:38 --------- d-----w C:\Program Files\Common Files\COWON
2007-12-21 15:50 --------- d-----w C:\Program Files\AIMP2
2007-12-21 13:43 --------- d-----w C:\Program Files\7-Zip
2007-12-20 18:05 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-19 00:34 --------- d-----w C:\Program Files\changeit
2007-12-18 16:38 --------- d-----w C:\Program Files\EurotelSMS
2007-12-16 23:09 --------- d-----w C:\Program Files\JAP
2007-12-16 10:17 --------- d-----w C:\Documents and Settings\Tomáš Bařina\Data aplikací\SolidWorks
2007-12-14 19:41 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-14 07:51 --------- dc----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-12-08 01:20 --------- d-----w C:\Documents and Settings\Tomáš Bařina\Data aplikací\Skype
2007-12-06 15:51 --------- d-----w C:\Program Files\MobMapUpdater
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 -c--a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 -c--a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 -c--a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 -c--a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 14:08 9,692,672 ----a-w C:\WINDOWS\system32\logonuiX.exe
2007-12-04 14:06 --------- d-----w C:\Program Files\Common Files\Stardock
2007-12-04 13:56 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 -c--a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-02 15:31 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-11-27 18:47 --------- d-----w C:\Documents and Settings\Tomáš Bařina\Data aplikací\Sierra Entertainment
2007-11-27 13:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-27 13:29 --------- d-----w C:\Program Files\AGEIA Technologies
2007-11-25 11:31 --------- d-----w C:\Program Files\EA GAMES
2007-11-24 21:08 --------- d-----w C:\Program Files\Sony Ericsson
2007-11-24 20:14 --------- d-----w C:\Program Files\varkon_1.18A
2007-11-24 20:10 --------- d-----w C:\Program Files\Google
2007-11-22 16:20 --------- dc----w C:\Documents and Settings\All Users\Data aplikací\DassaultSystemes
2007-11-22 16:20 --------- d-----w C:\Documents and Settings\Tomáš Bařina\Data aplikací\DassaultSystemes
2007-11-18 10:18 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-17 00:00 400 ----a-w C:\WINDOWS\system32\drivers\eaxext_218.set
2007-11-17 00:00 400 ----a-w C:\WINDOWS\system32\drivers\bcompbg705.dat
2007-11-17 00:00 --------- dc----w C:\Documents and Settings\All Users\Data aplikací\McNeel
2007-11-16 23:51 --------- d-----w C:\Program Files\Autodesk
2007-11-16 23:48 --------- dc----w C:\Documents and Settings\All Users\Data aplikací\Autodesk
2007-11-16 23:48 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 05:02 --------- d-----w C:\Program Files\WinUHA
2007-11-11 19:36 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-11-09 22:30 --------- d-----w C:\Program Files\Ultra WMV Converter
2007-11-05 18:24 --------- d-----w C:\Program Files\ICQ6
2007-10-29 22:44 1,290,240 ------w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-15 12:53 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-07 14:28 87,608 -c--a-w C:\Documents and Settings\Tomáš Bařina\Data aplikací\ezpinst.exe
2007-10-07 14:28 47,360 -c--a-w C:\Documents and Settings\Tomáš Bařina\Data aplikací\pcouffin.sys
2007-09-14 18:10 234 --sha-w C:\Program Files\desktop.ini
2007-02-02 16:30 1,475,376 -c--a-w C:\Program Files\GenuineCheck.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Přihlašovací obrazovka\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 30208]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34 128000]
"Picasa Media Detector"="C:\Práce s obrázky\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-10-22 16:45 177400]
"SkinClock"="C:\Program Files\Free Desktop Clock\DesktopClock.exe" [2006-09-15 23:18 1037312]
"change!t"="C:\Program Files\changeit\changeit.exe" [2007-11-14 21:32 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Trust Gaming mouse"="C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe" [2005-06-13 18:17 249856]
"OFFICEKB"="C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2007-01-11 14:17 387584]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SMail"="C:\Program Files\Seznam\Postak\Postak.exe" [2006-05-18 14:36 450560]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-09-01 09:14 2778112]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 15:35 7630848]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 01:56 606208]
"nwiz"="nwiz.exe" [2006-08-16 15:35 1617920 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-16 15:35 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 16:49 30208]
"Picasa Media Detector"="C:\Práce s obrázky\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Nov aplikace.lnk - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-03-16 10:35:22]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Onlinebend"=C:\DOCUME~1\TOMBAI~1\DATAAP~1\TWOFIV~1\settingsplay.exe
"ClocX"=C:\Program Files\ClocX\ClocX.exe
"StahujUpdater"=C:\Program Files\StahujUpdater\PBooter.exe
"Rocket dox"=C:\Přihlašovací obrazovka\RocketDock\RocketDock.exe
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"TransBar"=C:\Přihlašovací obrazovka\Vista Inspirat 2\TransBar\TransBar.exe /s
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
"XPizeSettings"="C:\WINDOWS\XPize\XPizeSettings.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SkyTel"=SkyTel.EXE
"Alcmtr"=ALCMTR.EXE
"FLMOFFICE4DMOUSE"=C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
"helpknobremotemeet"=C:\Documents and Settings\All Users\Data aplikací\debugborehelpknob\PHONETWO.exe
"ASM"="C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" -minimize
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"Picasa Media Detector"=C:\Práce s obrázky\Picasa2\PicasaMediaDetector.exe
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"LiveMonitor"=C:\Program Files\MSI\Live Update 3\LMonitor.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"LogonStudio"="C:\Přihlašovací obrazovka\LogonStudio\logonstudio.exe" /RANDOM

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-03-16 10:35]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-03-16 10:35]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-09-01 09:19]
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2007-05-07 17:05]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-17 16:49]
R3 GMFilter Filter;GMFilter Filter;C:\WINDOWS\system32\Drivers\GMFilter.sys [2005-06-10 18:06]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 00:08]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 00:08]
S3 pohci13F;pohci13F;C:\DOCUME~1\MARTAS~1.SYS\LOCALS~1\Temp\pohci13F.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf035ba2-5fa2-11dc-8c79-001617eac43c}]
\Shell\AutoRun\command - G:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf035ba3-5fa2-11dc-8c79-001617eac43c}]
\Shell\AutoRun\command - H:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf035ba4-5fa2-11dc-8c79-001617eac43c}]
\Shell\AutoRun\command - I:\Installer.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-28 16:15:01 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-01-01 10:07:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-28 17:38:04 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2006-12-15 10:35:30 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 09:46:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 9:48:23
ComboFix-quarantined-files.txt 2008-01-04 08:48:17
.
2008-01-03 15:28:31 --- E O F ---

[paul27]

Tohle nechte prosím otestovat na http://www.virustotal.com:
C:\WINDOWS\amunres.lsl
C:\WINDOWS\debugrcfile.ini
C:\WINDOWS\WinLockDll.dll
C:\WINDOWS\system32\drivers\eaxext_218.set
C:\WINDOWS\system32\drivers\bcompbg705.dat


Otestoval jste C:\WINDOWS\locker.exe a C:\WINDOWS\wl.exe? Jak dopadli?

Až otestujete všechny ty soubory, tak budem mazat, něco tam ještě zůstalo.

[Cowlei]

Takže testování dopadlo následovně:
Soubor amunres.lsl :čistý

Soubor debugrcfile.ini :čistý

Soubor WinLockDll.dll_ : F-Prot objevil W32/Injector.A.gen!Eldorado
: Panda objevila HackTool/WinLock

Soubor eaxext_218.set : čistej

Soubor bcompbg705.dat :čistej

Soubor wl.exe : Výsledek: 3/32 (9.38%)
CAT-QuickHeal - - W32.Wamgin.B
eSafe - - suspicious Trojan/Worm
Panda - - HackTool/WinLock

Soubor locker.exe: Výsledek: 18/32 (56.25%)
AntiVir - - BDS/Delf.ctk
AVG - - SHeur.AIIZ
BitDefender - - Trojan.Ransom.C
CAT-QuickHeal - - Backdoor.Delf.ctk
DrWeb - - Trojan.DownLoader.38426
eSafe - - Win32.Delf.ctk
Fortinet - - W32/Delf.CTK!tr.bdr
F-Secure - - Trojan.Win32.Ransom.a
Ikarus - - Trojan-Spy.Win32.Banker.JU
Kaspersky - - Trojan.Win32.Ransom.a
McAfee - - Ransom-D
Norman - - W32/Delf.BFMW
Panda - - Trj/Agent.HMS
Prevx1 - - Backdoor.IRCBot.gen
Sophos - - Troj/Zlob-AGX
Sunbelt - - Backdoor.Win32.Delf.ctk
VBA32 - - Backdoor.Win32.Delf.ctk
Webwasher-Gateway - - Trojan.Backdoor.Delf.ctk

[paul27]

přesuňte Combofix na plochu (pokud ho tam ještě nemáte) - otevřete si poznámkový blok - do něj zkopírujte text z nasledujícího okna:

File::
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for
C:\WINDOWS\locker.exe
C:\WINDOWS\wl.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\WinLockDll.dll

text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte


Snad jsem na nic nezapoměl, kdyžtak to domažem ještě potom.


\\Edit: Ještě prosím tohle na virustotal:
C:\DOCUME~1\MARTAS~1.SYS\LOCALS~1\Temp\pohci13F.sys

[Cowlei]

C:\DOCUME~1\MARTAS~1.SYS\LOCALS~1\Temp\pohci13F.sys = 0 bytes size received / Se ha recibido un archivo vacio (Tuto hlášku mi to hodilo ve virustota)



Tak a nyní už jen log z komba:
ComboFix 08-01-04.1 - T***** B****** 2008-01-07 12:22:02.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.65 [GMT 1:00]
Running from: C:\Documents and Settings\T*****B******\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\T***** B******\Plocha\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\locker.exe
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\WinLockDll.dll
C:\WINDOWS\wl.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\locker.exe
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\WinLockDll.dll
C:\WINDOWS\wl.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-07 00:26 . 2008-01-07 00:26 <DIR> dr-h----- C:\Documents and Settings\T*****B******\Data aplikací\SecuROM
2008-01-06 18:37 . 2008-01-06 22:04 <DIR> d-------- C:\Program Files\EA GAMES
2008-01-06 17:03 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-01-06 17:03 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-01-06 17:03 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-01-06 17:02 . 2008-01-06 17:04 <DIR> d-------- C:\Program Files\Game Cam
2008-01-06 16:12 . 2003-11-20 14:32 610,304 --a------ C:\WINDOWS\system32\dfxg115.dll
2008-01-06 16:00 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-01-06 16:00 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-01-06 16:00 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-01-06 16:00 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-01-04 15:20 . 2008-01-04 21:25 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-04 15:20 . 2008-01-04 16:32 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-04 15:20 . 2008-01-04 21:25 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-04 15:19 . 2008-01-04 15:19 282 --a------ C:\WINDOWS\game.ini
2008-01-04 13:23 . 2008-01-04 13:23 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-04 11:51 . 2008-01-04 11:51 <DIR> d----c--- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2008-01-04 10:34 . 2008-01-04 10:34 8,704 --ahsc--- C:\Thumbs.db
2008-01-04 10:34 . 2008-01-04 10:34 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-01-04 10:21 . 2008-01-07 00:48 <DIR> d---sc--- C:\Downloads
2008-01-04 10:16 . 2008-01-04 10:16 <DIR> d-------- C:\Program Files\Free Download Manager
2008-01-04 10:16 . 2008-01-07 12:26 <DIR> d-------- C:\Documents and Settings\Tomáš Bařina\Data aplikací\Free Download Manager
2008-01-04 10:16 . 2008-01-04 10:16 <DIR> d----c--- C:\Documents and Settings\All Users\Data aplikací\FreeDownloadManager.ORG
2008-01-04 09:39 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 09:31 . 2008-01-04 09:31 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-03 23:09 . 2008-01-03 23:13 <DIR> d-------- C:\Documents and Settings\Tomáš Bařina\mods
2008-01-03 23:09 . 2008-01-03 23:13 <DIR> d-------- C:\Documents and Settings\Tomáš Bařina\mods
2008-01-02 22:27 . 2008-01-02 22:30 <DIR> d-------- C:\WINDOWS\NV39043908.TMP
2008-01-02 21:53 . 2008-01-02 21:53 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-02 14:57 . 2008-01-04 10:32 <DIR> d---sc--- C:\Hi Jack This
2008-01-01 23:58 . 2008-01-02 14:32 <DIR> d-------- C:\Program Files\Miranda
2008-01-01 21:10 . 2008-01-01 21:18 <DIR> d----c--- C:\ConverterOutput
2008-01-01 21:09 . 2008-01-01 21:09 <DIR> d-------- C:\Program Files\Cucusoft
2008-01-01 21:09 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-01-01 21:09 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-01-01 21:09 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-01-01 21:09 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-01-01 21:09 . 2003-04-03 00:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-01-01 21:09 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-01-01 21:09 . 2004-09-10 13:50 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2008-01-01 18:53 . 2008-01-01 18:53 <DIR> d-------- C:\Program Files\pspvideo9
2008-01-01 18:47 . 2008-01-01 18:47 <DIR> d----c--- C:\temp
2008-01-01 18:46 . 2008-01-01 18:46 <DIR> d-------- C:\Program Files\PQDVD
2008-01-01 17:37 . 2008-01-01 18:12 <DIR> d-------- C:\Program Files\Badak for Mobile
2008-01-01 17:27 . 2008-01-01 18:12 <DIR> d-------- C:\Program Files\MP4 Converter
2008-01-01 16:42 . 2008-01-01 16:42 3,200,054 --a--c--- C:\FrameWallpaper.bmp
2008-01-01 16:35 . 2008-01-01 16:35 49 -ra------ C:\WINDOWS\amunres.lsl
2008-01-01 16:21 . 2008-01-01 16:21 1,588 --a------ C:\WINDOWS\debugrcfile.ini
2008-01-01 16:20 . 2008-01-01 16:35 <DIR> d-------- C:\Program Files\Recomposit
2007-12-31 13:01 . 2007-12-31 13:01 <DIR> d-------- C:\Documents and Settings\Tomáš Bařina\Data aplikací\ESET
2007-12-31 13:01 . 2007-12-31 13:01 <DIR> d----c--- C:\Documents and Settings\Administrator\Plocha
2007-12-31 13:01 . 2007-12-31 13:01 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-12-31 13:01 . 2007-12-31 13:01 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Okolní síť
2007-12-31 13:01 . 2007-12-31 13:01 <DIR> d----c--- C:\Documents and Settings\Administrator\Oblíbené položky
2007-12-31 13:01 . 2007-12-31 13:01 <DIR> dr---c--- C:\Documents and Settings\Administrator\Nabídka Start
2007-12-31 13:01 . 2007-12-31 13:01 <DIR> d----c--- C:\Documents and Settings\Administrator\Dokumenty
2007-12-31 13:00 . 2007-12-31 13:00 <DIR> d----c--- C:\Documents and Settings\All Users\Data aplikací\Apple
2007-12-31 12:49 . 2007-12-31 13:00 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Šablony
2007-12-31 12:49 . 2007-12-31 13:00 <DIR> dr-h-c--- C:\Documents and Settings\Administrator\Data aplikací
2007-12-31 10:18 . 2007-12-31 10:18 <DIR> d----c--- C:\Documents and Settings\All Users\Data aplikací\ESET
2007-12-29 02:03 . 2007-12-31 13:00 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-28 23:21 . 2007-12-31 13:00 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-28 23:21 . 2007-12-28 23:21 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-27 19:47 . 2007-12-27 20:16 <DIR> d-------- C:\Program Files\ANTIVIR_LPUR
2007-12-27 16:55 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-27 16:26 . 2007-09-05 22:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-27 11:09 . 2007-12-27 11:09 <DIR> d-------- C:\Program Files\GameSpy
2007-12-23 14:10 . 2007-12-23 14:54 <DIR> d-------- C:\Program Files\MediaCoder
2007-12-22 21:15 . 2007-12-22 21:15 <DIR> d-------- C:\Program Files\DsNET Corp
2007-12-21 06:45 . 2007-12-27 18:56 <DIR> d-------- C:\Program Files\AdVantage
2007-12-21 06:44 . 2007-12-21 06:46 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2007-12-19 13:20 . 2007-12-19 13:20 2 --a------ C:\WINDOWS\uid.tmp
2007-12-11 18:19 . 2008-01-04 15:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-11 00:19 . 2007-12-19 01:34 <DIR> d-------- C:\Program Files\changeit
2007-12-08 20:48 . 2007-12-08 20:48 <DIR> d-------- C:\Program Files\Fifa Master
2007-12-08 15:10 . 2007-12-08 15:10 <DIR> d-------- C:\Program Files\PandoBar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 21:55 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-06 16:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 10:51 --------- d-----w C:\Program Files\ICQToolbar
2008-01-04 10:46 --------- d-----w C:\Documents and Settings\Tomáš Bařina\Data aplikací\Zoner
2008-01-04 09:33 234 --sha-w C:\Program Files\desktop.ini
2008-01-04 08:35 --------- dc----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-01-03 12:09 --------- dc----w C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-01-02 20:51 661,949 -c--a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-02 02:04 --------- d-----w C:\Program Files\uTorrent
2008-01-01 20:46 --------- d-----w C:\Program Files\ICQLite
2008-01-01 17:53 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-31 08:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-29 01:08 --------- dc----w C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2007-12-26 22:45 --------- d-----w C:\Program Files\Real
2007-12-26 22:45 --------- d-----w C:\Program Files\Common Files\Real
2007-12-26 21:53 --------- d-----w C:\Program Files\Opera
2007-12-26 20:38 --------- d-----w C:\Program Files\Common Files\COWON
2007-12-21 15:50 --------- d-----w C:\Program Files\AIMP2
2007-12-21 13:43 --------- d-----w C:\Program Files\7-Zip
2007-12-20 18:05 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-19 00:34 --------- d-----w C:\Program Files\changeit
2007-12-18 16:38 --------- d-----w C:\Program Files\EurotelSMS
2007-12-16 23:09 --------- d-----w C:\Program Files\JAP
2007-12-16 10:17 --------- d-----w C:\Documents and Settings\Tomáš Bařina\Data aplikací\SolidWorks
2007-12-14 19:41 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-14 07:51 --------- dc----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-12-08 01:20 --------- d-----w C:\Documents and Settings\Tomáš Bařina\Data aplikací\Skype
2007-12-06 15:51 --------- d-----w C:\Program Files\MobMapUpdater
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 -c--a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 -c--a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 -c--a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 -c--a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 14:08 9,692,672 ----a-w C:\WINDOWS\system32\logonuiX.exe
2007-12-04 14:06 --------- d-----w C:\Program Files\WinCustomize
2007-12-04 14:06 --------- d-----w C:\Program Files\Common Files\Stardock
2007-12-04 13:56 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 -c--a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-02 15:31 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-11-27 18:47 --------- d-----w C:\Documents and Settings\Tomáš Bařina\Data aplikací\Sierra Entertainment
2007-11-27 13:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-27 13:29 --------- d-----w C:\Program Files\AGEIA Technologies
2007-11-24 21:08 --------- d-----w C:\Program Files\Sony Ericsson
2007-11-24 20:14 --------- d-----w C:\Program Files\varkon_1.18A
2007-11-24 20:10 --------- d-----w C:\Program Files\Google
2007-11-22 16:20 --------- dc----w C:\Documents and Settings\All Users\Data aplikací\DassaultSystemes
2007-11-22 16:20 --------- d-----w C:\Documents and Settings\Tomáš Bařina\Data aplikací\DassaultSystemes
2007-11-18 10:18 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-17 00:00 400 ----a-w C:\WINDOWS\system32\drivers\eaxext_218.set
2007-11-17 00:00 400 ----a-w C:\WINDOWS\system32\drivers\bcompbg705.dat
2007-11-17 00:00 --------- dc----w C:\Documents and Settings\All Users\Data aplikací\McNeel
2007-11-16 23:51 --------- d-----w C:\Program Files\Autodesk
2007-11-16 23:48 --------- dc----w C:\Documents and Settings\All Users\Data aplikací\Autodesk
2007-11-16 23:48 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 05:02 --------- d-----w C:\Program Files\WinUHA
2007-11-11 19:36 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-11-09 22:30 --------- d-----w C:\Program Files\Ultra WMV Converter
2007-10-29 22:44 1,290,240 ------w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-15 12:53 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-07 14:28 87,608 -c--a-w C:\Documents and Settings\Tomáš Bařina\Data aplikací\ezpinst.exe
2007-10-07 14:28 47,360 -c--a-w C:\Documents and Settings\Tomáš Bařina\Data aplikací\pcouffin.sys
2007-02-02 16:30 1,475,376 -c--a-w C:\Program Files\GenuineCheck.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-04_ 9.47.21,23 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-27 10:22:09 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-01-04 14:22:14 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2007-12-27 10:22:09 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-01-04 14:22:15 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2007-12-27 10:22:10 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-01-04 14:22:15 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2007-12-27 10:21:50 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-04 14:21:58 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-12-27 10:21:52 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-04 14:21:59 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-12-27 10:21:53 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-04 14:22:00 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-12-27 10:21:53 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-04 14:22:01 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-12-27 10:21:55 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-04 14:22:01 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-12-27 10:21:56 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-04 14:22:02 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-12-27 10:21:56 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-04 14:22:02 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-12-27 10:21:57 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-04 14:22:03 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-12-27 10:22:10 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-04 14:22:04 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 13:31:08 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-04 14:22:15 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-12-27 10:22:10 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-01-04 14:22:16 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2007-12-27 10:22:11 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-01-04 14:22:16 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2007-12-27 10:22:11 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-01-04 14:22:16 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2007-12-27 10:22:12 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-01-04 14:22:17 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2007-12-27 10:22:09 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-01-04 14:22:14 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-01-04 20:40:13 10,134 ----a-r C:\WINDOWS\Installer\{3BD633E0-4BF8-4499-9149-88F0767D449C}\ARPPRODUCTICON.exe
+ 2008-01-04 14:18:57 216,358 ----a-r C:\WINDOWS\Installer\{E48469CC-635E-4FD5-A122-1497C286D217}\ARPPRODUCTICON.exe
- 2007-03-12 14:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll
+ 2007-03-12 15:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll
- 2007-05-16 14:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll
+ 2007-05-16 15:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll
- 2007-03-15 14:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll
+ 2007-03-15 15:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll
- 2007-05-16 14:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll
+ 2007-05-16 15:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll
- 2006-11-29 11:06:18 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll
+ 2006-11-29 12:06:18 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll
- 2007-03-12 14:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll
+ 2007-03-12 15:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll
- 2007-05-16 14:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll
+ 2007-05-16 15:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll
- 2007-12-28 01:05:25 404,712 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-04 08:53:03 403,120 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2003-07-22 07:44:16 36,864 ----a-w C:\WINDOWS\system32\MCMM___Q.DLL
+ 2003-07-22 07:44:18 23,552 ----a-w C:\WINDOWS\system32\MGDI32_Q.DLL
+ 2003-07-22 07:44:18 9,728 ----a-w C:\WINDOWS\system32\MICM___Q.DLL
+ 2003-07-22 07:44:18 13,824 ----a-w C:\WINDOWS\system32\MIMF32_Q.DLL
+ 2003-07-22 07:44:18 49,152 ----a-w C:\WINDOWS\system32\MINFIN_Q.EXE
+ 2004-12-07 18:47:52 77,824 ----a-w C:\WINDOWS\system32\MLMON__Q.DLL
+ 2003-07-22 07:44:18 18,848 ----a-w C:\WINDOWS\system32\MLPTDR_Q.SYS
+ 2003-07-22 07:44:18 51,200 ----a-w C:\WINDOWS\system32\MSPOOL_Q.DLL
+ 2004-08-31 18:50:14 1,490,944 ----a-w C:\WINDOWS\system32\MSTMON_Q.DLL
+ 2004-11-26 09:21:48 167,936 ----a-w C:\WINDOWS\system32\MSTMON_Q.EXE
+ 2003-07-22 07:44:20 19,456 ----a-w C:\WINDOWS\system32\MTAG32_Q.DLL
+ 2004-08-30 17:17:00 147,456 ----a-r C:\WINDOWS\system32\MUINST_Q.EXE
+ 2003-07-22 07:44:16 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MCMM___Q.DLL
+ 2004-08-30 16:37:38 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MDDM32_Q.DLL
+ 2003-07-22 07:44:18 118,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MDDMUI_Q.DLL
+ 2003-07-22 07:44:18 23,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MGDI32_Q.DLL
+ 2003-07-22 07:44:18 9,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MICM___Q.DLL
+ 2003-07-22 07:44:18 13,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MIMF32_Q.DLL
+ 2003-11-07 06:18:46 34,816 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MIMFN5_Q.DLL
+ 2003-07-22 07:44:18 10,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MIMFPR_Q.DLL
+ 2003-07-22 07:44:18 126,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MLTSRV_Q.DLL
+ 2003-07-22 07:44:18 28,672 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MNT5UI_Q.DLL
+ 2004-08-30 16:42:14 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MQDPRT_Q.DLL
+ 2004-08-30 16:43:08 77,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSD32__Q.DLL
+ 2003-07-22 07:44:18 32,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSDIMF_Q.DLL
+ 2004-11-26 09:21:22 151,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSDMLT_Q.DLL
+ 2004-08-30 16:55:52 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSPL32_Q.EXE
+ 2003-07-22 07:44:18 51,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSPOOL_Q.DLL
+ 2004-08-30 16:56:46 131,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSR32__Q.DLL
+ 2004-08-30 17:15:14 696,320 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSUMLT_Q.DLL
+ 2003-07-22 07:44:20 19,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MTAG32_Q.DLL
+ 2004-08-30 17:17:00 147,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MUINST_Q.EXE
+ 2003-07-22 07:44:16 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MCMM___Q.DLL
+ 2004-08-30 16:37:38 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MDDM32_Q.DLL
+ 2003-07-22 07:44:18 118,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MDDMUI_Q.DLL
+ 2003-07-22 07:44:18 23,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MGDI32_Q.DLL
+ 2003-07-22 07:44:18 9,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MICM___Q.DLL
+ 2003-07-22 07:44:18 13,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MIMF32_Q.DLL
+ 2003-11-07 06:18:46 34,816 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MIMFN5_Q.DLL
+ 2003-07-22 07:44:18 10,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MIMFPR_Q.DLL
+ 2003-07-22 07:44:18 126,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MLTSRV_Q.DLL
+ 2003-07-22 07:44:18 28,672 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MNT5UI_Q.DLL
+ 2004-08-30 16:42:14 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MQDPRT_Q.DLL
+ 2004-08-30 16:43:08 77,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MSD32__Q.DLL
+ 2003-07-22 07:44:18 32,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MSDIMF_Q.DLL
+ 2004-11-26 09:21:22 151,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MSDMLT_Q.DLL
+ 2004-08-30 16:55:52 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MSPL32_Q.EXE
+ 2003-07-22 07:44:18 51,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MSPOOL_Q.DLL
+ 2004-08-30 16:56:46 131,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MSR32__Q.DLL
+ 2004-08-30 17:15:14 696,320 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MSUMLT_Q.DLL
+ 2003-07-22 07:44:20 19,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MTAG32_Q.DLL
+ 2004-08-30 17:17:00 147,456 ----a-r C:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MUINST_Q.EXE
+ 2003-07-22 07:44:16 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MCMM___Q.DLL
+ 2004-08-30 16:37:38 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MDDM32_Q.DLL
+ 2003-07-22 07:44:18 118,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MDDMUI_Q.DLL
+ 2003-07-22 07:44:18 23,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MGDI32_Q.DLL
+ 2003-07-22 07:44:18 9,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MICM___Q.DLL
+ 2003-07-22 07:44:18 13,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MIMF32_Q.DLL
+ 2003-11-07 06:18:46 34,816 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MIMFN5_Q.DLL
+ 2003-07-22 07:44:18 10,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MIMFPR_Q.DLL
+ 2003-07-22 07:44:18 126,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MLTSRV_Q.DLL
+ 2003-07-22 07:44:18 28,672 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MNT5UI_Q.DLL
+ 2004-08-30 16:42:14 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MQDPRT_Q.DLL
+ 2004-08-30 16:43:08 77,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MSD32__Q.DLL
+ 2003-07-22 07:44:18 32,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MSDIMF_Q.DLL
+ 2004-11-26 09:21:22 151,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MSDMLT_Q.DLL
+ 2003-07-22 07:44:18 51,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MSPOOL_Q.DLL
+ 2004-08-30 16:56:46 131,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MSR32__Q.DLL
+ 2004-08-30 17:15:14 696,320 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MSUMLT_Q.DLL
+ 2003-07-22 07:44:20 19,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MTAG32_Q.DLL
+ 2004-08-30 17:17:00 147,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MUINST_Q.EXE
+ 2003-07-22 07:44:18 10,240 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\MIMFPR_Q.DLL
- 2007-03-05 10:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll
+ 2007-03-05 11:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll
- 2006-12-08 10:02:00 251,672 ----a-w C:\WINDOWS\system32\xactengine2_5.dll
+ 2006-12-08 11:02:00 251,672 ----a-w C:\WINDOWS\system32\xactengine2_5.dll
- 2007-01-24 13:27:30 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll
+ 2007-01-24 14:27:30 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll
- 2007-04-04 16:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
+ 2007-04-04 17:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
- 2007-04-04 16:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
+ 2007-04-04 17:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
+ 2008-01-07 05:47:36 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_110.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Přihlašovací obrazovka\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 30208]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34 128000]
"Picasa Media Detector"="C:\Práce s obrázky\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-10-22 16:45 177400]
"SkinClock"="C:\Program Files\Free Desktop Clock\DesktopClock.exe" [2006-09-15 23:18 1037312]
"change!t"="C:\Program Files\changeit\changeit.exe" [2007-11-14 21:32 131072]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-11-26 14:05 2449455]
"Free Upload Manager"="C:\Program Files\Free Download Manager\fum\fum.exe" [2007-07-29 19:13 253952]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 18:02 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Trust Gaming mouse"="C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe" [2005-06-13 18:17 249856]
"OFFICEKB"="C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2007-01-11 14:17 387584]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SMail"="C:\Program Files\Seznam\Postak\Postak.exe" [2006-05-18 14:36 450560]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2007-09-01 09:14 2778112]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 15:35 7630848]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 01:56 606208]
"nwiz"="nwiz.exe" [2006-08-16 15:35 1617920 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-16 15:35 86016]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="C:\WINDOWS\system32\MSTMON_Q.EXE" [2004-11-26 10:21 167936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 16:49 30208]
"Picasa Media Detector"="C:\Práce s obrázky\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Nov aplikace.lnk - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-03-16 10:35:22]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Onlinebend"=C:\DOCUME~1\TOMBAI~1\DATAAP~1\TWOFIV~1\settingsplay.exe
"ClocX"=C:\Program Files\ClocX\ClocX.exe
"StahujUpdater"=C:\Program Files\StahujUpdater\PBooter.exe
"Rocket dox"=C:\Přihlašovací obrazovka\RocketDock\RocketDock.exe
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"TransBar"=C:\Přihlašovací obrazovka\Vista Inspirat 2\TransBar\TransBar.exe /s
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
"XPizeSettings"="C:\WINDOWS\XPize\XPizeSettings.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SkyTel"=SkyTel.EXE
"Alcmtr"=ALCMTR.EXE
"FLMOFFICE4DMOUSE"=C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
"helpknobremotemeet"=C:\Documents and Settings\All Users\Data aplikací\debugborehelpknob\PHONETWO.exe
"ASM"="C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" -minimize
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"Picasa Media Detector"=C:\Práce s obrázky\Picasa2\PicasaMediaDetector.exe
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"LiveMonitor"=C:\Program Files\MSI\Live Update 3\LMonitor.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"LogonStudio"="C:\Přihlašovací obrazovka\LogonStudio\logonstudio.exe" /RANDOM

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-03-16 10:35]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-03-16 10:35]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-09-01 09:19]
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2007-05-07 17:05]
R2 MLPTDR_Q;MLPTDR_Q;C:\WINDOWS\system32\MLPTDR_Q.SYS [2003-07-22 08:44]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-17 16:49]
R3 GMFilter Filter;GMFilter Filter;C:\WINDOWS\system32\Drivers\GMFilter.sys [2005-06-10 18:06]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 00:08]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 00:08]
S3 pohci13F;pohci13F;C:\DOCUME~1\MARTAS~1.SYS\LOCALS~1\Temp\pohci13F.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf035ba2-5fa2-11dc-8c79-001617eac43c}]
\Shell\AutoRun\command - G:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf035ba3-5fa2-11dc-8c79-001617eac43c}]
\Shell\AutoRun\command - H:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf035ba4-5fa2-11dc-8c79-001617eac43c}]
\Shell\AutoRun\command - I:\Installer.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 16:15:03 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-01-01 10:07:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-04 14:01:07 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2006-12-15 10:35:30 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 12:29:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-07 12:31:16
ComboFix-quarantined-files.txt 2008-01-07 11:31:08
ComboFix2.txt 2008-01-04 08:48:25
.
2008-01-06 22:42:08 --- E O F ---