PC-HELP.CZ

Prosím o kontrolu logu HJT. Občas některý program nečekaně spadne a nejde mi najet Správce úloh.
Výpis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:44:40, on 6.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\TC UP\totalcmd.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O4 - Global Startup: Zástupce - daemon.lnk = C:\Program Files\DAEMON Tools Lite\daemon.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c99b98f91fb050) (gupdate1c99b98f91fb050) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ubersoldier 2 Drivers Auto Removal (pr2anmue) (pr2anmue) - City Interactive Sp z o.o. - C:\WINDOWS\system32\pr2anmue.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8641 bytes

Odinstaluj: AskTBar

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1825
Windows 5.1.2600 Service Pack 3

7.3.2009 2:33:08
mbam-log-2009-03-07 (02-33-02).txt

Typ skenu: Rychlý sken
Objektu skenováno: 74693
Uplynulý cas: 5 minute(s), 12 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\clean.cmd (Trojan.Agent) -> No action taken.

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log + nový log z HJT.
+info o chování compu.

Ahoj,tak jsem to udělal podle Tvých pokynů. Ze Správce úloh jde postit pouze okno se zobrazením úkolů a jeho stavu (spuštěno/ neodpovídá). Správce nejce přepnout do jiného okna.
Když dám: Start/spustit/msconfig a chci zobrazit programy po startu, ukáže se mi: systém Windows nemůže nalézt msconfig. To mi nešlo už předtím a nejde pořád.

Výpisy Z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:31, on 7.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O4 - Global Startup: Zástupce - daemon.lnk = C:\Program Files\DAEMON Tools Lite\daemon.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c99b98f91fb050) (gupdate1c99b98f91fb050) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ubersoldier 2 Drivers Auto Removal (pr2anmue) (pr2anmue) - City Interactive Sp z o.o. - C:\WINDOWS\system32\pr2anmue.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8497 bytes


VÝPIS Z Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1825
Windows 5.1.2600 Service Pack 3

7.3.2009 19:56:29
mbam-log-2009-03-07 (19-56-29).txt

Typ skenu: Rychlý sken
Objektu skenováno: 74657
Uplynulý cas: 4 minute(s), 10 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Dík za odpověď.

Vypni štít u Windows Defender.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

ComboFix 09-03-06.02 - David a Gábina 2009-03-07 20:44:42.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1023.611 [GMT 1:00]
Spuštěný z: c:\documents and settings\David a Gábina\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.51 *On-access scanning enabled* (Outdated)
* Resident AV is active

.

((((((((((((((((((((((((( Soubory vytvořené od 2009-02-07 do 2009-03-07 )))))))))))))))))))))))))))))))
.

2009-03-07 14:36 . 2009-03-07 20:29 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\FarmFrenzy-PizzaParty
2009-03-07 14:35 . 2009-03-07 14:35 <DIR> d-------- c:\windows\Farm Frenzy Pizza Party
2009-03-07 14:35 . 2009-03-07 14:35 <DIR> d-------- c:\program files\Farm Frenzy Pizza Party
2009-03-07 14:17 . 2009-03-07 14:17 <DIR> d-------- c:\program files\Alawar.ru
2009-03-07 14:17 . 2009-03-07 14:17 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\AlawarWrapper
2009-03-07 10:39 . 2009-03-07 10:39 120 --a------ c:\windows\KA.ini
2009-03-07 10:38 . 2009-03-07 10:38 <DIR> d-------- c:\program files\Barbie(TM)
2009-03-07 10:38 . 2009-03-07 10:44 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Vivendi Universal Games
2009-03-07 10:21 . 2009-03-07 10:21 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\GameHouse
2009-03-07 09:52 . 2009-03-07 09:52 <DIR> d-------- c:\documents and settings\Verča\Data aplikací\Malwarebytes
2009-03-07 09:52 . 2009-03-07 09:52 <DIR> d-------- c:\documents and settings\Verča\Data aplikací\Malwarebytes
2009-03-07 02:22 . 2009-03-07 02:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-07 02:22 . 2009-03-07 02:22 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Malwarebytes
2009-03-07 02:22 . 2009-03-07 02:22 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Malwarebytes
2009-03-07 02:22 . 2009-03-07 02:22 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Malwarebytes
2009-03-07 02:22 . 2009-03-07 02:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-07 02:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-07 02:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-06 08:24 . 2009-03-06 08:24 <DIR> d-------- c:\documents and settings\Verča\Data aplikací\Grass Valley
2009-03-06 08:24 . 2009-03-06 08:24 <DIR> d-------- c:\documents and settings\Verča\Data aplikací\Grass Valley
2009-03-06 00:03 . 2009-03-06 00:03 <DIR> d-------- c:\program files\Common Files\Snell & Wilcox Shared
2009-03-06 00:03 . 2009-03-06 00:03 <DIR> d-------- c:\program files\Common Files\Grass Valley
2009-03-06 00:03 . 2008-01-16 13:06 864,338 --a------ c:\windows\system32\csempeg3.dll
2009-03-06 00:03 . 2007-09-18 10:18 380,928 --a------ c:\windows\system32\palm2.ax
2009-03-06 00:03 . 2008-01-16 13:07 188,482 -ra------ c:\windows\system32\helixprodctrl.dll
2009-03-06 00:03 . 2008-01-16 13:06 84,992 --a------ c:\windows\csejpeg.dll
2009-03-06 00:03 . 2007-12-07 01:01 4,608 --a------ c:\windows\hasp_windows.dll
2009-03-05 23:50 . 2000-12-28 16:21 288,880 --a------ c:\windows\WMSysPrx.prx
2009-03-05 23:50 . 2004-09-03 19:41 212,992 --a------ c:\windows\system32\DVCONFIG.DLL
2009-03-05 23:50 . 2004-09-30 18:13 155,648 --a------ c:\windows\system32\DVConfig.lng
2009-03-05 23:50 . 2004-08-30 15:40 102,400 --a------ c:\windows\system32\PCDV32.dll
2009-03-05 23:50 . 2003-03-14 10:00 90,112 --a------ c:\windows\system32\dxodvin.ax
2009-03-05 23:50 . 2003-11-21 15:29 86,016 --a------ c:\windows\system32\dxodvout.ax
2009-03-05 23:50 . 2003-02-12 17:00 73,728 --a------ c:\windows\system32\dxo.dll
2009-03-05 23:50 . 2004-07-15 22:57 61,440 --a------ c:\windows\system32\pcdvcodc.dll
2009-03-05 23:50 . 1999-09-27 16:11 20,992 --a------ c:\windows\system32\pcdvdd.dll
2009-03-05 07:50 . 2009-03-05 07:50 <DIR> d-------- c:\documents and settings\Verča\Data aplikací\Canopus
2009-03-05 07:50 . 2009-03-05 07:50 <DIR> d-------- c:\documents and settings\Verča\Data aplikací\Canopus
2009-03-05 00:25 . 2009-03-05 00:25 47,616 --a------ c:\windows\system32\drivers\Haspnt.sys
2009-03-05 00:25 . 2009-03-05 00:25 6,656 --a------ c:\windows\system32\haspvdd.dll
2009-03-05 00:25 . 2009-01-04 00:34 2,504 --a------ c:\windows\system32\config.hsp
2009-03-05 00:25 . 2009-03-05 00:25 383 --a------ c:\windows\system32\haspdos.sys
2009-03-04 23:48 . 2009-03-04 23:48 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\CrystalIdea Software
2009-03-04 23:45 . 2009-03-04 23:46 <DIR> d-------- c:\program files\Uninstall Tool
2009-03-04 00:12 . 2009-03-04 00:12 17 --a------ c:\windows\MovingPicture.ini
2009-03-03 23:58 . 2009-03-03 23:58 <DIR> d-------- c:\program files\proDAD
2009-03-03 23:57 . 2009-03-03 23:57 <DIR> d-------- c:\program files\AdorageI-SAL
2009-03-03 23:57 . 2009-03-03 23:57 <DIR> d-------- c:\program files\AdorageI-GfxDatas
2009-03-03 22:57 . 2009-03-03 22:57 <DIR> d-------- c:\program files\SmartSound Software
2009-03-03 22:57 . 2009-03-03 22:57 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SmartSound Software Inc
2009-03-03 22:55 . 2004-07-16 16:47 14,165 --a------ c:\windows\system32\drivers\Pclepci.sys
2009-03-03 22:53 . 2002-01-05 04:36 964,608 --a------ c:\windows\system32\MFC70U.DLL
2009-03-03 22:52 . 2002-01-05 04:48 974,848 --a------ c:\windows\system32\MFC70.DLL
2009-03-03 22:52 . 2004-01-23 17:44 49,152 --a------ c:\windows\system32\PCLEGetGuid.dll
2009-03-03 22:40 . 2009-03-03 22:53 <DIR> d-------- c:\program files\Pinnacle
2009-03-03 22:40 . 2009-03-03 22:40 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Pinnacle
2009-03-03 20:47 . 2009-03-03 20:47 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Apple Computer
2009-03-03 20:47 . 2009-03-03 20:47 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Apple Computer
2009-03-03 20:47 . 2009-03-03 20:47 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Apple Computer
2009-03-03 20:46 . 2009-03-03 20:46 <DIR> d-------- c:\program files\QuickTime
2009-03-03 20:46 . 2009-03-03 20:46 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-03-03 20:45 . 2009-03-03 20:45 <DIR> d-------- c:\program files\Apple Software Update
2009-03-03 20:45 . 2009-03-03 20:45 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Apple
2009-03-03 20:40 . 2009-03-03 20:40 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Grass Valley
2009-03-03 20:40 . 2009-03-03 20:40 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Grass Valley
2009-03-03 20:40 . 2009-03-03 20:40 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Grass Valley
2009-03-03 20:39 . 2009-03-03 20:39 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Grass Valley
2009-03-03 01:44 . 2009-03-03 01:44 <DIR> d-------- c:\program files\Common Files\xing shared
2009-03-03 01:43 . 2009-03-03 01:43 <DIR> d-------- c:\program files\Real
2009-03-02 21:22 . 2009-03-03 01:44 <DIR> d-------- c:\program files\Common Files\Real
2009-03-01 23:17 . 2009-03-01 23:17 <DIR> d-------- c:\program files\CCleaner
2009-03-01 22:00 . 2001-05-16 01:48 33,820 --a------ c:\windows\WMPrfDeu.prx
2009-03-01 22:00 . 2001-05-16 01:49 23,304 --a------ c:\windows\WMPrfJpn.prx
2009-03-01 22:00 . 2001-05-16 01:49 22,338 --a------ c:\windows\WMPrfKor.prx
2009-03-01 22:00 . 2001-05-16 01:48 136 --a------ c:\windows\WMPrfCHS.prx
2009-03-01 22:00 . 2001-05-16 01:48 132 --a------ c:\windows\WMPrfCHT.prx
2009-03-01 21:59 . 2009-03-05 23:32 <DIR> d-------- c:\program files\Canopus
2009-03-01 21:59 . 2008-01-16 13:07 462,848 -ra------ c:\windows\system32\pavapi.dll
2009-03-01 21:59 . 2008-01-16 13:07 4,096 -ra------ c:\windows\system32\paveno.dll
2009-02-28 12:53 . 2001-09-05 21:00 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2009-02-28 12:53 . 2009-02-28 12:58 228 --a------ c:\windows\MCDB.ini
2009-02-28 12:52 . 2009-02-28 12:53 <DIR> d-------- c:\program files\CorresBurn
2009-02-25 01:07 . 2009-02-25 01:07 <DIR> d-------- c:\program files\City Interactive
2009-02-24 09:49 . 2009-03-07 14:58 4,096 --a------ c:\windows\system32\crash
2009-02-23 00:46 . 2009-02-23 00:46 <DIR> d-------- c:\windows\Build a lot 3 Passport to Europe
2009-02-23 00:46 . 2009-02-23 00:47 <DIR> d-------- c:\program files\Build a lot 3 Passport to Europe
2009-02-23 00:28 . 2009-02-23 00:28 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DivoGames
2009-02-23 00:26 . 2009-02-23 00:26 <DIR> d-------- c:\windows\Be Rich
2009-02-23 00:26 . 2009-02-23 00:27 <DIR> d-------- c:\program files\Be Rich
2009-02-22 00:27 . 2009-02-22 00:27 <DIR> d-------- c:\program files\The Learning Company
2009-02-22 00:27 . 2001-05-17 04:18 190,976 --a------ c:\windows\RRKW.POL
2009-02-20 09:21 . 2009-02-20 09:21 0 --a------ c:\windows\SETUP32.INI
2009-02-17 16:21 . 2009-03-05 22:50 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Canopus
2009-02-15 00:34 . 2009-03-07 13:22 591 --a------ c:\windows\Ultra EDIT.INI
2009-02-15 00:33 . 2004-07-14 12:54 676,864 --a------ c:\windows\system32\drivers\hardlock.sys
2009-02-15 00:20 . 2009-02-15 00:25 848 --ahs---- c:\windows\system32\KGyGaAvL.sys
2009-02-15 00:12 . 2009-02-20 08:27 <DIR> d-------- c:\program files\DivX
2009-02-15 00:09 . 2007-12-26 18:20 1,085,520 --a------ c:\windows\system32\csedvh.dll
2009-02-15 00:09 . 2002-06-10 18:48 376,832 --a------ c:\windows\system32\hlcdvc.dll
2009-02-14 23:57 . 2009-03-05 23:20 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Canopus
2009-02-14 23:57 . 2009-03-05 23:20 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Canopus
2009-02-14 23:57 . 2009-03-05 23:20 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Canopus
2009-02-14 23:50 . 2009-02-14 23:50 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\QuickTime
2009-02-14 23:50 . 1999-11-10 12:05 86,016 --a------ c:\windows\unvise32qt.exe
2009-02-14 23:50 . 2009-03-03 20:53 27 --a------ c:\windows\DVCONFIG.INI
2009-02-14 23:50 . 2003-07-10 10:31 10 --a------ c:\windows\Let's EDIT.INI
2009-02-14 23:49 . 2007-03-14 07:54 69,632 --a------ c:\windows\system32\cdvccodc.dll
2009-02-14 23:48 . 2009-03-05 23:50 <DIR> d-------- c:\program files\Common Files\Canopus Shared
2009-02-14 23:48 . 2002-10-31 19:11 385,108 --a------ c:\windows\system32\csedv.dll
2009-02-14 23:48 . 2002-10-29 11:29 159,832 --a------ c:\windows\system32\csccdvc.dll
2009-02-14 23:48 . 2002-05-29 12:20 147,456 --a------ c:\windows\system32\csccdvcx.dll
2009-02-14 23:48 . 2000-02-02 16:30 22,528 --a------ c:\windows\system32\csthread.dll
2009-02-14 23:48 . 2009-03-07 13:22 433 --a------ c:\windows\canopus.ini
2009-02-14 20:30 . 2009-02-14 20:36 <DIR> d-------- c:\program files\EasyPicture2Icon
2009-02-11 10:12 . 2009-03-06 00:36 116 --a------ c:\windows\NeroDigital.ini
2009-02-11 00:49 . 2009-02-11 00:49 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\My Games
2009-02-11 00:49 . 2009-02-11 00:49 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\My Games
2009-02-11 00:49 . 2009-02-11 00:49 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\My Games
2009-02-11 00:49 . 2009-02-11 00:49 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Trymedia
2009-02-11 00:47 . 2009-02-11 00:49 <DIR> d-------- C:\GameHouse Games
2009-02-10 22:44 . 2009-02-10 22:51 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Mysteryville2
2009-02-10 22:44 . 2009-02-10 22:51 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Mysteryville2
2009-02-10 22:44 . 2009-02-10 22:51 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Mysteryville2
2009-02-10 22:43 . 2009-02-14 21:33 <DIR> d-------- c:\program files\RealArcade
2009-02-10 22:43 . 2009-02-10 22:43 <DIR> d-------- c:\program files\GameHouse

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 19:49 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-07 19:41 --------- d-----w c:\program files\PeerGuardian2
2009-03-07 13:35 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\uTorrent
2009-03-07 13:35 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\uTorrent
2009-03-07 13:35 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\uTorrent
2009-03-07 09:19 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\MiniLyrics
2009-03-07 09:19 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\MiniLyrics
2009-03-07 09:19 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\MiniLyrics
2009-03-05 22:50 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-03 16:44 --------- d-----w c:\program files\Ashtons Family Resort
2009-02-19 06:38 --------- d-----w c:\program files\Rockstar Games
2009-02-13 20:30 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-13 20:30 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2009-02-12 20:46 --------- d-----w c:\program files\Common Files\Adobe
2009-02-07 19:08 --------- d-----w c:\program files\Pohadka
2009-02-07 06:18 --------- d-----w c:\program files\ICQ6Toolbar
2009-02-06 16:45 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\ICQ
2009-02-06 16:45 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\ICQ
2009-02-06 16:45 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\ICQ
2009-02-06 16:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\ICQ
2009-02-05 14:45 --------- d-----w c:\program files\Ahead
2009-02-05 14:44 --------- d-----w c:\program files\Common Files\Ahead
2009-02-05 14:43 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ahead
2009-02-04 01:05 --------- d-----w c:\program files\Jane's Hotel Family Hero
2009-02-04 01:05 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\Jane s Hotel Family Hero
2009-02-04 01:05 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\Jane s Hotel Family Hero
2009-02-04 01:05 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\Jane s Hotel Family Hero
2009-02-03 15:51 682,280 ----a-w c:\windows\system32\pbsvc.exe
2009-02-03 15:51 22,328 ----a-w c:\documents and settings\David a Gábina\Data aplikací\PnkBstrK.sys
2009-02-03 15:51 22,328 ----a-w c:\documents and settings\David a Gábina\Data aplikací\PnkBstrK.sys
2009-02-03 15:51 22,328 ----a-w c:\documents and settings\David a Gábina\Data aplikací\PnkBstrK.sys
2009-02-03 15:45 --------- d-----w c:\program files\Activision
2009-02-02 22:59 4,608 ----a-w c:\windows\system32\w95inf32.dll
2009-02-02 22:59 2,272 ----a-w c:\windows\system32\w95inf16.dll
2009-02-02 22:02 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\Ahead
2009-02-02 22:02 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\Ahead
2009-02-02 22:02 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\Ahead
2009-02-01 12:44 --------- d-----w c:\program files\MSECache
2009-01-29 06:55 --------- d-----w c:\documents and settings\Verča\Data aplikací\Ashtons. Family Resort
2009-01-29 06:55 --------- d-----w c:\documents and settings\Verča\Data aplikací\Ashtons. Family Resort
2009-01-28 22:44 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\Ashtons. Family Resort
2009-01-28 22:44 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\Ashtons. Family Resort
2009-01-28 22:44 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\Ashtons. Family Resort
2009-01-28 22:43 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ashtons. Family Resort
2009-01-28 09:39 --------- d-----w c:\documents and settings\Verča\Data aplikací\AidemMedia
2009-01-28 09:39 --------- d-----w c:\documents and settings\Verča\Data aplikací\AidemMedia
2009-01-27 15:45 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\InstallShield
2009-01-27 15:45 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\InstallShield
2009-01-27 15:45 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\InstallShield
2009-01-27 15:01 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\AidemMedia
2009-01-27 15:01 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\AidemMedia
2009-01-27 15:01 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\AidemMedia
2009-01-27 14:58 --------- d-----w c:\program files\AidemMedia
2009-01-26 22:12 --------- d-----w c:\documents and settings\All Users\Data aplikací\HipSoft
2009-01-26 22:10 --------- d-----w c:\program files\LeeGTs Games
2009-01-25 23:00 --------- d-----w c:\program files\Farm Mania
2009-01-24 22:31 --------- d-----w c:\program files\Youdagames
2009-01-24 08:31 --------- d-----w c:\documents and settings\Verča\Data aplikací\Microsoft Games
2009-01-24 08:31 --------- d-----w c:\documents and settings\Verča\Data aplikací\Microsoft Games
2009-01-22 20:50 --------- d-----w c:\program files\AskTBar
2009-01-21 21:31 --------- d-----w c:\documents and settings\Verča\Data aplikací\DAEMON Tools
2009-01-21 21:31 --------- d-----w c:\documents and settings\Verča\Data aplikací\DAEMON Tools
2009-01-21 21:31 --------- d-----w c:\documents and settings\Verča\Data aplikací\ATI
2009-01-21 21:31 --------- d-----w c:\documents and settings\Verča\Data aplikací\ATI
2009-01-21 21:08 --------- d-----w c:\program files\Electronic Arts
2009-01-20 07:18 29,480 ------w c:\windows\system32\msxml3a.dll
2009-01-20 07:16 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\CyberLink
2009-01-20 07:16 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\CyberLink
2009-01-20 07:16 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\CyberLink
2009-01-20 07:13 --------- d-----w c:\program files\CyberLink
2009-01-20 07:13 --------- d-----w c:\program files\Common Files\CyberLink
2009-01-20 07:13 --------- d-----w c:\documents and settings\All Users\Data aplikací\CyberLink
2009-01-18 11:15 --------- d-----w c:\program files\Alcohol Soft
2009-01-18 11:14 --------- d-----w c:\program files\Winamp
2009-01-14 20:30 --------- d-----w c:\program files\ATI Tray Tools
2009-01-14 20:30 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\atitray
2009-01-14 20:30 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\atitray
2009-01-14 20:30 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\atitray
2009-01-14 20:21 --------- d-----w c:\program files\ATITool
2009-01-14 20:20 --------- d-----w c:\program files\Ray Adams
2009-01-14 19:39 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\XnView
2009-01-14 19:39 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\XnView
2009-01-14 19:39 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\XnView
2009-01-11 02:17 --------- d-----w c:\program files\EA GAMES
2009-01-10 00:09 --------- d-----w c:\program files\Minilyrics
2009-01-09 22:40 --------- d-----w c:\program files\Eset
2009-01-09 22:12 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ulead Systems
2009-01-09 21:43 --------- d-----w c:\program files\TC UP
2009-01-09 20:18 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\SumatraPDF
2009-01-09 20:18 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\SumatraPDF
2009-01-09 20:18 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\SumatraPDF
2009-01-09 14:48 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\HEXelon
2009-01-09 14:48 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\HEXelon
2009-01-09 14:48 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\HEXelon
2009-01-09 14:43 --------- d-----w c:\program files\totalcmd
2009-01-09 14:10 --------- d-----w c:\program files\WinFast
2009-01-09 14:10 --------- d-----w c:\program files\Common Files\Ulead Systems
2009-01-08 19:22 --------- d-----w c:\documents and settings\All Users\Data aplikací\Adobe Systems
2009-01-08 16:13 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-01-07 21:56 --------- d-----w c:\program files\ATI
2009-02-10 21:42 135,168 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"a235f"="c:\program files\Izrhnockivjnj\pwnfvbc.exe" [2006-02-15 1431201]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-01-04 917504]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-22 32881]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2005-07-15 69632]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-09-30 319488]
"a235f"="c:\program files\Izrhnockivjnj\pwnfvbc.exe" [2006-02-15 1431201]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-03 198160]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"NexusServer"="c:\program files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" [2008-01-16 520192]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\David a G bina\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2009-01-04 585728]
Z stupce - daemon.lnk - c:\program files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"vidc.CDVC"= cdvccodc.dll
"vids.CDVC"= cdvccodc.dll
"vidc.dvsd"= hldvsd.dll
"vidc.cmic"= cmiccodc.dll
"vidc.CDVH"= cdvhcodc.dll
"vidc.CUVC"= cuvccodc.dll
"vidc.CLLC"= cllccodc.dll
"vidc.CDV5"= cdv5codc.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\uTorrent\\utorrent.exe"=
"e:\\emule\\emule.exe"=
"e:\\uTorrent\\uTorrent\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\CorresBurn\\CorresBurn.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

R0 pe3anmue;Ubersoldier 2 Environment Driver (pe3anmue);c:\windows\system32\drivers\pe3anmue.sys [2008-02-21 65152]
R0 ps7anmue;Ubersoldier 2 Synchronization Driver (ps7anmue);c:\windows\system32\drivers\ps7anmue.sys [2008-02-21 68744]
R1 atitray;atitray;c:\program files\ATI Tray Tools\atitray.sys [2007-05-22 18088]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-01-13 15872]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-10-07 20:31:38 61424]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [2009-01-04 193792]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [2009-01-04 9600]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [2009-01-04 37120]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-04-14 69120]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [2009-01-09 9446]
S2 gupdate1c99b98f91fb050;Služba Google Update (gupdate1c99b98f91fb050);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 133104]
S2 pr2anmue;Ubersoldier 2 Drivers Auto Removal (pr2anmue);c:\windows\system32\pr2anmue.exe svc --> c:\windows\system32\pr2anmue.exe svc [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - HELPSVC
*NewlyCreated* - PGFILTER

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{843c30f6-dc2f-11dd-8796-0014853e6049}]
\Shell\AutoRun\command - G:\autorun.exe
\Shell\readme\command - notepad readme.txt
\Shell\Setup\command - G:\setup.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\David a Gábina\Data aplikací\Mozilla\Firefox\Profiles\wo54vkrg.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJPI142_04.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPOJI610.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 20:50:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\windows\system32\msmunaer4.dll 118784 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1292428093-2000478354-682003330-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A2A1BB06-65AE-B418-D78E-048631AB10FF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jadikhcijpbkeijkdgam"=hex:62,61,70,63,00,00
"jadikhcijpbkeijkdgel"=hex:62,61,66,67,00,00
"iadhomjkehiiegiagn"=hex:6b,61,61,67,70,70,66,6e,67,6e,63,65,66,6a,65,6a,6f,63,
6e,63,6b,64,00,00
"hapeojjpnnnneoec"=hex:6b,61,67,68,61,70,6a,62,61,69,62,65,68,6f,6a,62,68,6a,
62,65,68,69,00,00
"jaoedkhfbhnabaieapgb"=hex:6f,61,65,69,6d,65,69,70,62,66,6f,69,67,6f,6c,6e,6a,
6b,6d,6b,64,6e,6c,6c,6a,6b,64,64,62,6f,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,80,96,45,e5,fc,
8d,d8,9d,e2,63,26,f1,3f,c8,ff,68,c9,6c,f5,35,a8,99,b7,b2,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,8e,e0,1d,9c,77,
3e,e0,c5,6a,9c,d6,61,af,45,84,18,f2,8f,c0,5c,a2,6e,93,77,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,e5,14,cc,55,6c,
ae,8b,ac,ff,7c,85,e0,43,d4,0e,fe,1a,44,17,5c,69,33,0b,1f,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,b1,b1,80,60,71,
58,73,f2,86,8c,21,01,be,91,eb,e7,c0,37,5f,d4,55,49,9a,c5,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,cd,bb,9e,28,d2,
12,a9,e4,f5,1d,4d,73,a8,13,5c,05,97,db,8e,7d,76,9c,81,2e,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,48,2f,85,28,26,
ca,ab,62,df,20,58,62,78,6b,cf,c8,db,10,b0,3e,05,86,86,0b,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A2A1BB06-65AE-B418-D78E-048631AB10FF}\InProcServer32*]
"kabhmpahldcheogimkkcoi"=hex:62,61,62,67,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,07,4f,46,3f,6b,
88,94,fe,fb,a7,78,e6,12,2f,9a,ea,94,8f,04,e3,1d,ee,91,08,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,d0,24,e9,f8,9b,
e9,40,23,01,3a,48,fc,e8,04,4a,f1,89,97,bd,06,19,94,76,d1,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,50,4c,63,28,3d,
11,50,47,f6,0f,4e,58,98,5b,89,c9,e1,8f,1a,71,48,b9,39,e2,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,ef,78,ff,d6,dc,
28,7f,39,3d,ce,ea,26,2d,45,aa,78,07,0d,14,5d,88,63,b6,54,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,e6,dd,55,30,a7,
1d,b8,e3,2a,b7,cc,b5,b9,7f,41,e7,c0,71,e0,2d,e5,5a,62,d6,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,4f,a2,e3,2e,7b,
54,73,3b,6c,43,2d,1e,aa,22,2f,9c,ca,fe,eb,d3,ed,1d,4e,85,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•6~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1084)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2009-03-07 20:53:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-03-07 19:53:52

Před spuštěním: Volných bajtů: 13 429 460 992
Po spuštění: Volných bajtů: 24,443,535,360

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

471

znáš tuto složku: c:\program files\Izrhnockivjnj\ ?

Toto otestuj na Virustotal
c:\program files\Izrhnockivjnj\pwnfvbc.exe
c:\windows\system32\msmunaer4.dll
Vlož sem pak odkazy výsledků.

Najdi a smaž tuto složku: c:\program files\AskTBar

Ahoj,tak jsem smazal - c:\program files\AskTBar.
Soubory: c:\program files\Izrhnockivjnj\pwnfvbc.exe
c:\windows\system32\msmunaer4.dll nemůžu bohužel najít,ani když povolím zobrazení skrytých souborů a složek a systémových složek.Nenajdu je průzkumníkem Windows,TCM,ani ručně.

Přikládám výpisy zHJT a MBAM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:52, on 8.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TC UP\totalcmd.exe
c:\Program Files\Eset\nod32kui.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O4 - Global Startup: Zástupce - daemon.lnk = C:\Program Files\DAEMON Tools Lite\daemon.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c99b98f91fb050) (gupdate1c99b98f91fb050) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ubersoldier 2 Drivers Auto Removal (pr2anmue) (pr2anmue) - City Interactive Sp z o.o. - C:\WINDOWS\system32\pr2anmue.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7662 bytes




Malwarebytes' Anti-Malware 1.34
Verze databáze: 1825
Windows 5.1.2600 Service Pack 3

8.3.2009 20:34:06
mbam-log-2009-03-08 (20-34-06).txt

Typ skenu: Rychlý sken
Objektu skenováno: 71745
Uplynulý cas: 2 minute(s), 13 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Takže tu složku neznáš..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

ComboFix 09-03-06.02 - David a Gábina 2009-03-09 18:56:30.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1023.716 [GMT 1:00]
Spuštěný z: c:\documents and settings\David a Gábina\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\David a Gábina\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.51 *On-access scanning enabled* (Updated)
* Resident AV is active


FILE ::
c:\program files\Izrhnockivjnj\pwnfvbc.exe
c:\windows\system32\msmunaer4.dll
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Izrhnockivjnj
c:\program files\Izrhnockivjnj\help.chm
c:\program files\Izrhnockivjnj\Log\Text\aiotxt.dat
c:\program files\Izrhnockivjnj\Log\Text\aioweb.dat
c:\program files\Izrhnockivjnj\Log\Visual\03072009.dat
c:\program files\Izrhnockivjnj\Log\Visual\03082009.dat
c:\program files\Izrhnockivjnj\Log\Visual\03092009.dat
c:\program files\Izrhnockivjnj\pwnfvbc.exe
c:\program files\Izrhnockivjnj\tips
c:\program files\Izrhnockivjnj\unins000.dat
c:\program files\Izrhnockivjnj\unins000.exe
c:\windows\system32\msmunaer4.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-09 do 2009-03-09 )))))))))))))))))))))))))))))))
.

2009-03-09 17:08 . 2009-03-09 17:08 <DIR> d-------- c:\program files\Games
2009-03-08 23:26 . 2009-03-08 23:26 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\OpenOffice.org
2009-03-08 23:26 . 2009-03-08 23:26 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\OpenOffice.org
2009-03-08 23:26 . 2009-03-08 23:26 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\OpenOffice.org
2009-03-08 23:23 . 2009-03-08 23:23 <DIR> d-------- c:\program files\OpenOffice.org 3
2009-03-07 14:36 . 2009-03-07 20:29 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\FarmFrenzy-PizzaParty
2009-03-07 14:17 . 2009-03-07 14:17 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\AlawarWrapper
2009-03-07 10:39 . 2009-03-07 10:39 120 --a------ c:\windows\KA.ini
2009-03-07 10:38 . 2009-03-07 10:38 <DIR> d-------- c:\program files\Barbie(TM)
2009-03-07 10:38 . 2009-03-07 10:44 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Vivendi Universal Games
2009-03-07 10:21 . 2009-03-07 10:21 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\GameHouse
2009-03-07 09:52 . 2009-03-07 09:52 <DIR> d-------- c:\documents and settings\Verča\Data aplikací\Malwarebytes
2009-03-07 09:52 . 2009-03-07 09:52 <DIR> d-------- c:\documents and settings\Verča\Data aplikací\Malwarebytes
2009-03-07 02:22 . 2009-03-07 02:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-07 02:22 . 2009-03-07 02:22 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Malwarebytes
2009-03-07 02:22 . 2009-03-07 02:22 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Malwarebytes
2009-03-07 02:22 . 2009-03-07 02:22 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Malwarebytes
2009-03-07 02:22 . 2009-03-07 02:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-07 02:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-07 02:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-06 08:24 . 2009-03-06 08:24 <DIR> d-------- c:\documents and settings\Verča\Data aplikací\Grass Valley
2009-03-06 08:24 . 2009-03-06 08:24 <DIR> d-------- c:\documents and settings\Verča\Data aplikací\Grass Valley
2009-03-06 00:03 . 2009-03-06 00:03 <DIR> d-------- c:\program files\Common Files\Snell & Wilcox Shared
2009-03-06 00:03 . 2009-03-06 00:03 <DIR> d-------- c:\program files\Common Files\Grass Valley
2009-03-06 00:03 . 2008-01-16 13:06 864,338 --a------ c:\windows\system32\csempeg3.dll
2009-03-06 00:03 . 2007-09-18 10:18 380,928 --a------ c:\windows\system32\palm2.ax
2009-03-06 00:03 . 2008-01-16 13:07 188,482 -ra------ c:\windows\system32\helixprodctrl.dll
2009-03-06 00:03 . 2008-01-16 13:06 84,992 --a------ c:\windows\csejpeg.dll
2009-03-06 00:03 . 2007-12-07 01:01 4,608 --a------ c:\windows\hasp_windows.dll
2009-03-05 23:50 . 2000-12-28 16:21 288,880 --a------ c:\windows\WMSysPrx.prx
2009-03-05 23:50 . 2004-09-03 19:41 212,992 --a------ c:\windows\system32\DVCONFIG.DLL
2009-03-05 23:50 . 2004-09-30 18:13 155,648 --a------ c:\windows\system32\DVConfig.lng
2009-03-05 23:50 . 2004-08-30 15:40 102,400 --a------ c:\windows\system32\PCDV32.dll
2009-03-05 23:50 . 2003-03-14 10:00 90,112 --a------ c:\windows\system32\dxodvin.ax
2009-03-05 23:50 . 2003-11-21 15:29 86,016 --a------ c:\windows\system32\dxodvout.ax
2009-03-05 23:50 . 2003-02-12 17:00 73,728 --a------ c:\windows\system32\dxo.dll
2009-03-05 23:50 . 2004-07-15 22:57 61,440 --a------ c:\windows\system32\pcdvcodc.dll
2009-03-05 23:50 . 1999-09-27 16:11 20,992 --a------ c:\windows\system32\pcdvdd.dll
2009-03-05 07:50 . 2009-03-05 07:50 <DIR> d-------- c:\documents and settings\Verča\Data aplikací\Canopus
2009-03-05 07:50 . 2009-03-05 07:50 <DIR> d-------- c:\documents and settings\Verča\Data aplikací\Canopus
2009-03-05 00:25 . 2009-03-05 00:25 47,616 --a------ c:\windows\system32\drivers\Haspnt.sys
2009-03-05 00:25 . 2009-03-05 00:25 6,656 --a------ c:\windows\system32\haspvdd.dll
2009-03-05 00:25 . 2009-01-04 00:34 2,504 --a------ c:\windows\system32\config.hsp
2009-03-05 00:25 . 2009-03-05 00:25 383 --a------ c:\windows\system32\haspdos.sys
2009-03-04 23:48 . 2009-03-04 23:48 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\CrystalIdea Software
2009-03-04 23:45 . 2009-03-04 23:46 <DIR> d-------- c:\program files\Uninstall Tool
2009-03-04 00:12 . 2009-03-04 00:12 17 --a------ c:\windows\MovingPicture.ini
2009-03-03 23:58 . 2009-03-03 23:58 <DIR> d-------- c:\program files\proDAD
2009-03-03 23:57 . 2009-03-03 23:57 <DIR> d-------- c:\program files\AdorageI-SAL
2009-03-03 23:57 . 2009-03-03 23:57 <DIR> d-------- c:\program files\AdorageI-GfxDatas
2009-03-03 22:57 . 2009-03-03 22:57 <DIR> d-------- c:\program files\SmartSound Software
2009-03-03 22:57 . 2009-03-03 22:57 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SmartSound Software Inc
2009-03-03 22:55 . 2004-07-16 16:47 14,165 --a------ c:\windows\system32\drivers\Pclepci.sys
2009-03-03 22:53 . 2002-01-05 04:36 964,608 --a------ c:\windows\system32\MFC70U.DLL
2009-03-03 22:52 . 2002-01-05 04:48 974,848 --a------ c:\windows\system32\MFC70.DLL
2009-03-03 22:52 . 2004-01-23 17:44 49,152 --a------ c:\windows\system32\PCLEGetGuid.dll
2009-03-03 22:40 . 2009-03-03 22:53 <DIR> d-------- c:\program files\Pinnacle
2009-03-03 22:40 . 2009-03-03 22:40 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Pinnacle
2009-03-03 20:47 . 2009-03-03 20:47 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Apple Computer
2009-03-03 20:47 . 2009-03-03 20:47 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Apple Computer
2009-03-03 20:47 . 2009-03-03 20:47 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Apple Computer
2009-03-03 20:46 . 2009-03-03 20:46 <DIR> d-------- c:\program files\QuickTime
2009-03-03 20:46 . 2009-03-03 20:46 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-03-03 20:45 . 2009-03-03 20:45 <DIR> d-------- c:\program files\Apple Software Update
2009-03-03 20:45 . 2009-03-03 20:45 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Apple
2009-03-03 20:40 . 2009-03-03 20:40 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Grass Valley
2009-03-03 20:40 . 2009-03-03 20:40 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Grass Valley
2009-03-03 20:40 . 2009-03-03 20:40 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Grass Valley
2009-03-03 20:39 . 2009-03-03 20:39 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Grass Valley
2009-03-03 01:44 . 2009-03-03 01:44 <DIR> d-------- c:\program files\Common Files\xing shared
2009-03-03 01:43 . 2009-03-03 01:43 <DIR> d-------- c:\program files\Real
2009-03-02 21:22 . 2009-03-03 01:44 <DIR> d-------- c:\program files\Common Files\Real
2009-03-01 23:17 . 2009-03-01 23:17 <DIR> d-------- c:\program files\CCleaner
2009-03-01 22:00 . 2001-05-16 01:48 33,820 --a------ c:\windows\WMPrfDeu.prx
2009-03-01 22:00 . 2001-05-16 01:49 23,304 --a------ c:\windows\WMPrfJpn.prx
2009-03-01 22:00 . 2001-05-16 01:49 22,338 --a------ c:\windows\WMPrfKor.prx
2009-03-01 22:00 . 2001-05-16 01:48 136 --a------ c:\windows\WMPrfCHS.prx
2009-03-01 22:00 . 2001-05-16 01:48 132 --a------ c:\windows\WMPrfCHT.prx
2009-03-01 21:59 . 2009-03-05 23:32 <DIR> d-------- c:\program files\Canopus
2009-03-01 21:59 . 2008-01-16 13:07 462,848 -ra------ c:\windows\system32\pavapi.dll
2009-03-01 21:59 . 2008-01-16 13:07 4,096 -ra------ c:\windows\system32\paveno.dll
2009-02-28 12:53 . 2001-09-05 21:00 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2009-02-28 12:53 . 2009-02-28 12:58 228 --a------ c:\windows\MCDB.ini
2009-02-28 12:52 . 2009-02-28 12:53 <DIR> d-------- c:\program files\CorresBurn
2009-02-25 01:07 . 2009-02-25 01:07 <DIR> d-------- c:\program files\City Interactive
2009-02-24 09:49 . 2009-03-08 08:17 4,096 --a------ c:\windows\system32\crash
2009-02-23 00:46 . 2009-02-23 00:46 <DIR> d-------- c:\windows\Build a lot 3 Passport to Europe
2009-02-23 00:46 . 2009-02-23 00:47 <DIR> d-------- c:\program files\Build a lot 3 Passport to Europe
2009-02-23 00:28 . 2009-02-23 00:28 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DivoGames
2009-02-23 00:26 . 2009-02-23 00:26 <DIR> d-------- c:\windows\Be Rich
2009-02-23 00:26 . 2009-02-23 00:27 <DIR> d-------- c:\program files\Be Rich
2009-02-22 00:27 . 2009-02-22 00:27 <DIR> d-------- c:\program files\The Learning Company
2009-02-22 00:27 . 2001-05-17 04:18 190,976 --a------ c:\windows\RRKW.POL
2009-02-20 09:21 . 2009-02-20 09:21 0 --a------ c:\windows\SETUP32.INI
2009-02-17 16:21 . 2009-03-05 22:50 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Canopus
2009-02-15 00:34 . 2009-03-07 13:22 591 --a------ c:\windows\Ultra EDIT.INI
2009-02-15 00:33 . 2004-07-14 12:54 676,864 --a------ c:\windows\system32\drivers\hardlock.sys
2009-02-15 00:20 . 2009-02-15 00:25 848 --ahs---- c:\windows\system32\KGyGaAvL.sys
2009-02-15 00:12 . 2009-02-20 08:27 <DIR> d-------- c:\program files\DivX
2009-02-15 00:09 . 2007-12-26 18:20 1,085,520 --a------ c:\windows\system32\csedvh.dll
2009-02-15 00:09 . 2002-06-10 18:48 376,832 --a------ c:\windows\system32\hlcdvc.dll
2009-02-14 23:57 . 2009-03-05 23:20 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Canopus
2009-02-14 23:57 . 2009-03-05 23:20 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Canopus
2009-02-14 23:57 . 2009-03-05 23:20 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Canopus
2009-02-14 23:50 . 2009-02-14 23:50 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\QuickTime
2009-02-14 23:50 . 1999-11-10 12:05 86,016 --a------ c:\windows\unvise32qt.exe
2009-02-14 23:50 . 2009-03-03 20:53 27 --a------ c:\windows\DVCONFIG.INI
2009-02-14 23:50 . 2003-07-10 10:31 10 --a------ c:\windows\Let's EDIT.INI
2009-02-14 23:49 . 2007-03-14 07:54 69,632 --a------ c:\windows\system32\cdvccodc.dll
2009-02-14 23:48 . 2009-03-05 23:50 <DIR> d-------- c:\program files\Common Files\Canopus Shared
2009-02-14 23:48 . 2002-10-31 19:11 385,108 --a------ c:\windows\system32\csedv.dll
2009-02-14 23:48 . 2002-10-29 11:29 159,832 --a------ c:\windows\system32\csccdvc.dll
2009-02-14 23:48 . 2002-05-29 12:20 147,456 --a------ c:\windows\system32\csccdvcx.dll
2009-02-14 23:48 . 2000-02-02 16:30 22,528 --a------ c:\windows\system32\csthread.dll
2009-02-14 23:48 . 2009-03-07 13:22 433 --a------ c:\windows\canopus.ini
2009-02-14 20:30 . 2009-02-14 20:36 <DIR> d-------- c:\program files\EasyPicture2Icon
2009-02-11 10:12 . 2009-03-06 00:36 116 --a------ c:\windows\NeroDigital.ini
2009-02-11 00:49 . 2009-02-11 00:49 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\My Games
2009-02-11 00:49 . 2009-02-11 00:49 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\My Games
2009-02-11 00:49 . 2009-02-11 00:49 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\My Games
2009-02-11 00:49 . 2009-02-11 00:49 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Trymedia
2009-02-11 00:47 . 2009-02-11 00:49 <DIR> d-------- C:\GameHouse Games
2009-02-10 22:44 . 2009-02-10 22:51 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Mysteryville2
2009-02-10 22:44 . 2009-02-10 22:51 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Mysteryville2
2009-02-10 22:44 . 2009-02-10 22:51 <DIR> d-------- c:\documents and settings\David a Gábina\Data aplikací\Mysteryville2

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 17:59 --------- d-----w c:\program files\PeerGuardian2
2009-03-09 16:04 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\uTorrent
2009-03-09 16:04 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\uTorrent
2009-03-09 16:04 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\uTorrent
2009-03-09 15:31 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-08 00:26 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-07 09:19 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\MiniLyrics
2009-03-07 09:19 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\MiniLyrics
2009-03-07 09:19 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\MiniLyrics
2009-03-05 22:50 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-03 16:44 --------- d-----w c:\program files\Ashtons Family Resort
2009-02-19 06:38 --------- d-----w c:\program files\Rockstar Games
2009-02-13 20:30 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-13 20:30 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2009-02-12 20:46 --------- d-----w c:\program files\Common Files\Adobe
2009-02-07 19:08 --------- d-----w c:\program files\Pohadka
2009-02-07 07:37 --------- d-----w c:\documents and settings\Verča\Data aplikací\MiniLyrics
2009-02-07 07:37 --------- d-----w c:\documents and settings\Verča\Data aplikací\MiniLyrics
2009-02-07 06:18 --------- d-----w c:\program files\ICQ6Toolbar
2009-02-06 16:45 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\ICQ
2009-02-06 16:45 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\ICQ
2009-02-06 16:45 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\ICQ
2009-02-06 16:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\ICQ
2009-02-05 14:45 --------- d-----w c:\program files\Ahead
2009-02-05 14:44 --------- d-----w c:\program files\Common Files\Ahead
2009-02-05 14:43 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ahead
2009-02-04 01:05 --------- d-----w c:\program files\Jane's Hotel Family Hero
2009-02-04 01:05 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\Jane s Hotel Family Hero
2009-02-04 01:05 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\Jane s Hotel Family Hero
2009-02-04 01:05 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\Jane s Hotel Family Hero
2009-02-03 15:51 682,280 ----a-w c:\windows\system32\pbsvc.exe
2009-02-03 15:51 22,328 ----a-w c:\documents and settings\David a Gábina\Data aplikací\PnkBstrK.sys
2009-02-03 15:51 22,328 ----a-w c:\documents and settings\David a Gábina\Data aplikací\PnkBstrK.sys
2009-02-03 15:51 22,328 ----a-w c:\documents and settings\David a Gábina\Data aplikací\PnkBstrK.sys
2009-02-03 15:45 --------- d-----w c:\program files\Activision
2009-02-02 22:59 4,608 ----a-w c:\windows\system32\w95inf32.dll
2009-02-02 22:59 2,272 ----a-w c:\windows\system32\w95inf16.dll
2009-02-02 22:02 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\Ahead
2009-02-02 22:02 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\Ahead
2009-02-02 22:02 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\Ahead
2009-02-01 12:44 --------- d-----w c:\program files\MSECache
2009-01-29 06:55 --------- d-----w c:\documents and settings\Verča\Data aplikací\Ashtons. Family Resort
2009-01-29 06:55 --------- d-----w c:\documents and settings\Verča\Data aplikací\Ashtons. Family Resort
2009-01-28 22:44 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\Ashtons. Family Resort
2009-01-28 22:44 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\Ashtons. Family Resort
2009-01-28 22:44 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\Ashtons. Family Resort
2009-01-28 22:43 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ashtons. Family Resort
2009-01-28 09:39 --------- d-----w c:\documents and settings\Verča\Data aplikací\AidemMedia
2009-01-28 09:39 --------- d-----w c:\documents and settings\Verča\Data aplikací\AidemMedia
2009-01-27 15:45 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\InstallShield
2009-01-27 15:45 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\InstallShield
2009-01-27 15:45 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\InstallShield
2009-01-27 15:01 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\AidemMedia
2009-01-27 15:01 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\AidemMedia
2009-01-27 15:01 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\AidemMedia
2009-01-27 14:58 --------- d-----w c:\program files\AidemMedia
2009-01-26 22:12 --------- d-----w c:\documents and settings\All Users\Data aplikací\HipSoft
2009-01-26 22:10 --------- d-----w c:\program files\LeeGTs Games
2009-01-25 23:00 --------- d-----w c:\program files\Farm Mania
2009-01-24 22:31 --------- d-----w c:\program files\Youdagames
2009-01-24 08:31 --------- d-----w c:\documents and settings\Verča\Data aplikací\Microsoft Games
2009-01-24 08:31 --------- d-----w c:\documents and settings\Verča\Data aplikací\Microsoft Games
2009-01-21 21:31 --------- d-----w c:\documents and settings\Verča\Data aplikací\DAEMON Tools
2009-01-21 21:31 --------- d-----w c:\documents and settings\Verča\Data aplikací\DAEMON Tools
2009-01-21 21:31 --------- d-----w c:\documents and settings\Verča\Data aplikací\ATI
2009-01-21 21:31 --------- d-----w c:\documents and settings\Verča\Data aplikací\ATI
2009-01-21 21:08 --------- d-----w c:\program files\Electronic Arts
2009-01-20 07:18 29,480 ------w c:\windows\system32\msxml3a.dll
2009-01-20 07:16 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\CyberLink
2009-01-20 07:16 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\CyberLink
2009-01-20 07:16 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\CyberLink
2009-01-20 07:13 --------- d-----w c:\program files\CyberLink
2009-01-20 07:13 --------- d-----w c:\program files\Common Files\CyberLink
2009-01-20 07:13 --------- d-----w c:\documents and settings\All Users\Data aplikací\CyberLink
2009-01-18 11:15 --------- d-----w c:\program files\Alcohol Soft
2009-01-18 11:14 --------- d-----w c:\program files\Winamp
2009-01-14 20:30 --------- d-----w c:\program files\ATI Tray Tools
2009-01-14 20:30 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\atitray
2009-01-14 20:30 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\atitray
2009-01-14 20:30 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\atitray
2009-01-14 20:21 --------- d-----w c:\program files\ATITool
2009-01-14 20:20 --------- d-----w c:\program files\Ray Adams
2009-01-14 19:39 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\XnView
2009-01-14 19:39 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\XnView
2009-01-14 19:39 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\XnView
2009-01-11 02:17 --------- d-----w c:\program files\EA GAMES
2009-01-10 00:09 --------- d-----w c:\program files\Minilyrics
2009-01-09 22:40 --------- d-----w c:\program files\Eset
2009-01-09 22:12 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ulead Systems
2009-01-09 21:43 --------- d-----w c:\program files\TC UP
2009-01-09 20:18 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\SumatraPDF
2009-01-09 20:18 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\SumatraPDF
2009-01-09 20:18 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\SumatraPDF
2009-01-09 14:48 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\HEXelon
2009-01-09 14:48 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\HEXelon
2009-01-09 14:48 --------- d-----w c:\documents and settings\David a Gábina\Data aplikací\HEXelon
2009-01-09 14:43 --------- d-----w c:\program files\totalcmd
2009-01-09 14:10 --------- d-----w c:\program files\WinFast
2009-01-09 14:10 --------- d-----w c:\program files\Common Files\Ulead Systems
2009-01-06 23:48 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-10 21:42 135,168 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-07_20.53.25.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-08 22:24:03 64,000 ----a-w c:\windows\assembly\GAC_32\cli_cppuhelper\1.0.15.0__ce2cb7e279207b9e\cli_cppuhelper.dll
+ 2009-03-08 22:24:12 3,072 ----a-w c:\windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\15.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
+ 2009-03-08 22:23:42 11,264 ----a-w c:\windows\assembly\GAC_MSIL\cli_basetypes\1.0.12.0__ce2cb7e279207b9e\cli_basetypes.dll
+ 2009-03-08 22:24:04 823,296 ----a-w c:\windows\assembly\GAC_MSIL\cli_oootypes\1.0.1.0__ce2cb7e279207b9e\cli_oootypes.dll
+ 2009-03-08 22:23:42 7,680 ----a-w c:\windows\assembly\GAC_MSIL\cli_ure\1.0.15.0__ce2cb7e279207b9e\cli_ure.dll
+ 2009-03-08 22:23:42 114,688 ----a-w c:\windows\assembly\GAC_MSIL\cli_uretypes\1.0.1.0__ce2cb7e279207b9e\cli_uretypes.dll
+ 2009-03-08 22:23:42 3,072 ----a-w c:\windows\assembly\GAC_MSIL\policy.1.0.cli_basetypes\12.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
+ 2009-03-08 22:24:12 3,072 ----a-w c:\windows\assembly\GAC_MSIL\policy.1.0.cli_oootypes\1.1.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
+ 2009-03-08 22:23:42 3,072 ----a-w c:\windows\assembly\GAC_MSIL\policy.1.0.cli_ure\15.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
+ 2009-03-08 22:23:42 3,072 ----a-w c:\windows\assembly\GAC_MSIL\policy.1.0.cli_uretypes\1.1.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
- 2009-03-03 22:30:16 143,624 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-09 15:24:12 161,136 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2007-09-28 19:46:06 9,845 ----a-w c:\windows\system32\mswen0obe.dll
+ 2006-06-29 01:13:19 9,845 ----a-w c:\windows\system32\mswen0obe.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-01-04 917504]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-22 32881]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2005-07-15 69632]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-09-30 319488]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-03 198160]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"NexusServer"="c:\program files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" [2008-01-16 520192]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\David a G bina\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2009-01-04 585728]
Z stupce - daemon.lnk - c:\program files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"vidc.CDVC"= cdvccodc.dll
"vids.CDVC"= cdvccodc.dll
"vidc.dvsd"= hldvsd.dll
"vidc.cmic"= cmiccodc.dll
"vidc.CDVH"= cdvhcodc.dll
"vidc.CUVC"= cuvccodc.dll
"vidc.CLLC"= cllccodc.dll
"vidc.CDV5"= cdv5codc.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\uTorrent\\utorrent.exe"=
"e:\\emule\\emule.exe"=
"e:\\uTorrent\\uTorrent\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\CorresBurn\\CorresBurn.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

R0 pe3anmue;Ubersoldier 2 Environment Driver (pe3anmue);c:\windows\system32\drivers\pe3anmue.sys [2008-02-21 65152]
R0 ps7anmue;Ubersoldier 2 Synchronization Driver (ps7anmue);c:\windows\system32\drivers\ps7anmue.sys [2008-02-21 68744]
R1 atitray;atitray;c:\program files\ATI Tray Tools\atitray.sys [2007-05-22 18088]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-01-13 15872]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-10-07 20:31:38 61424]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [2009-01-04 193792]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [2009-01-04 9600]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [2009-01-04 37120]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-04-14 69120]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [2009-01-09 9446]
S2 gupdate1c99b98f91fb050;Služba Google Update (gupdate1c99b98f91fb050);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 133104]
S2 pr2anmue;Ubersoldier 2 Drivers Auto Removal (pr2anmue);c:\windows\system32\pr2anmue.exe svc --> c:\windows\system32\pr2anmue.exe svc [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - PGFILTER

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{843c30f6-dc2f-11dd-8796-0014853e6049}]
\Shell\AutoRun\command - G:\autorun.exe
\Shell\readme\command - notepad readme.txt
\Shell\Setup\command - G:\setup.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\David a Gábina\Data aplikací\Mozilla\Firefox\Profiles\wo54vkrg.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJPI142_04.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPOJI610.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 19:15:35
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1292428093-2000478354-682003330-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A2A1BB06-65AE-B418-D78E-048631AB10FF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jadikhcijpbkeijkdgam"=hex:62,61,70,63,00,00
"jadikhcijpbkeijkdgel"=hex:62,61,66,67,00,00
"iadhomjkehiiegiagn"=hex:6b,61,61,67,70,70,66,6e,67,6e,63,65,66,6a,65,6a,6f,63,
6e,63,6b,64,00,00
"hapeojjpnnnneoec"=hex:6b,61,67,68,61,70,6a,62,61,69,62,65,68,6f,6a,62,68,6a,
62,65,68,69,00,00
"jaoedkhfbhnabaieapgb"=hex:6f,61,65,69,6d,65,69,70,62,66,6f,69,67,6f,6c,6e,6a,
6b,6d,6b,64,6e,6c,6c,6a,6b,64,64,62,6f,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,80,96,45,e5,fc,
8d,d8,9d,e2,63,26,f1,3f,c8,ff,68,c9,6c,f5,35,a8,99,b7,b2,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,8e,e0,1d,9c,77,
3e,e0,c5,6a,9c,d6,61,af,45,84,18,f2,8f,c0,5c,a2,6e,93,77,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,e5,14,cc,55,6c,
ae,8b,ac,ff,7c,85,e0,43,d4,0e,fe,1a,44,17,5c,69,33,0b,1f,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,b1,b1,80,60,71,
58,73,f2,86,8c,21,01,be,91,eb,e7,c0,37,5f,d4,55,49,9a,c5,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,cd,bb,9e,28,d2,
12,a9,e4,f5,1d,4d,73,a8,13,5c,05,97,db,8e,7d,76,9c,81,2e,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,48,2f,85,28,26,
ca,ab,62,df,20,58,62,78,6b,cf,c8,db,10,b0,3e,05,86,86,0b,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A2A1BB06-65AE-B418-D78E-048631AB10FF}\InProcServer32*]
"kabhmpahldcheogimkkcoi"=hex:62,61,62,67,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,07,4f,46,3f,6b,
88,94,fe,fb,a7,78,e6,12,2f,9a,ea,94,8f,04,e3,1d,ee,91,08,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,d0,24,e9,f8,9b,
e9,40,23,01,3a,48,fc,e8,04,4a,f1,89,97,bd,06,19,94,76,d1,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,50,4c,63,28,3d,
11,50,47,f6,0f,4e,58,98,5b,89,c9,e1,8f,1a,71,48,b9,39,e2,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,ef,78,ff,d6,dc,
28,7f,39,3d,ce,ea,26,2d,45,aa,78,07,0d,14,5d,88,63,b6,54,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,e6,dd,55,30,a7,
1d,b8,e3,2a,b7,cc,b5,b9,7f,41,e7,c0,71,e0,2d,e5,5a,62,d6,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,4f,a2,e3,2e,7b,
54,73,3b,6c,43,2d,1e,aa,22,2f,9c,ca,fe,eb,d3,ed,1d,4e,85,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•6~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1084)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2009-03-09 19:18:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-03-09 18:18:51
ComboFix2.txt 2009-03-08 18:38:59

Před spuštěním: Volných bajtů: 24 055 799 808
Po spuštění: Volných bajtů: 24,045,391,872

500






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:37, on 9.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O4 - Global Startup: Zástupce - daemon.lnk = C:\Program Files\DAEMON Tools Lite\daemon.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c99b98f91fb050) (gupdate1c99b98f91fb050) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ubersoldier 2 Drivers Auto Removal (pr2anmue) (pr2anmue) - City Interactive Sp z o.o. - C:\WINDOWS\system32\pr2anmue.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7765 bytes

Toto otestuj na Virustotal
c:\windows\system32\mswen0obe.dll
Vlož sem pak odkaz výsledku.