Prosím o kontrolu logu

[Helma]

Mám podezření, že mám v PC nějaký maras. Programy nic nenašly, tak se obracím na Vás s prozbou.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:57:19, on 27.5.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svehost.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
D:\Downloads\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {129FA2A1-408C-4824-83A4-5001581FD01E} - C:\WINDOWS\system32\ljJYRJaA.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78DA8600-9221-43B7-8FA3-41E13D34A20F}: NameServer = 10.152.40.4,10.152.16.116
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ljJYRJaA - C:\WINDOWS\SYSTEM32\ljJYRJaA.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 10991 bytes

[Reklama]

[fredik]

Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Helma]

OK až příjdu z práce jdu na to.

[Helma]

Zasílám výpis z combofixu.
ComboFix 08-05-27.4 - Michal 2008-05-28 19:55:17.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.939 [GMT 2:00]
Running from: D:\Downloads\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Dvbpws.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\ssqNEtRj.dll
C:\WINDOWS\system32\tmp55.tmp
C:\WINDOWS\system32\wpcap.dll
.
---- Previous Run -------
.
C:\WINDOWS\msvrc20.dll
C:\WINDOWS\system32\svehost.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))
.

2008-05-28 19:29 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-28 19:29 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-26 18:45 . 2008-05-26 18:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-26 18:30 . 2008-05-26 18:30 59,392 --a------ C:\WINDOWS\system32\ljJYRJaA.dll
2008-05-26 18:30 . 2008-05-26 18:30 59,392 --a------ C:\WINDOWS\system32\cbXPjKBs.dll
2008-05-18 10:37 . 2008-05-18 10:37 <DIR> d-------- C:\Program Files\DIFX
2008-05-18 10:37 . 2008-05-18 10:37 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-05-18 10:37 . 2008-05-18 10:37 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-05-18 10:36 . 2008-05-18 10:36 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-08 18:14 . 2008-05-25 00:26 <DIR> d-------- C:\Program Files\WinFlip
2008-05-08 18:14 . 2008-05-08 19:28 <DIR> d-------- C:\Program Files\VisualTaskTips
2008-05-08 18:14 . 2008-05-08 18:14 <DIR> d-------- C:\Program Files\VistaDriveIcon
2008-05-08 18:14 . 2008-05-08 18:14 <DIR> d-------- C:\Program Files\TrueTransparency
2008-05-08 18:14 . 2008-05-08 18:27 <DIR> d-------- C:\Program Files\Thoosje Sidebar V2.3
2008-05-08 18:14 . 2008-05-08 18:14 <DIR> d-------- C:\Program Files\Styler
2008-05-08 18:14 . 2008-05-08 18:14 <DIR> d-------- C:\Program Files\glass2k
2008-05-08 18:14 . 2008-05-08 18:14 <DIR> d-------- C:\Program Files\Blaero Start Orb
2008-05-08 16:41 . 2008-05-08 16:41 <DIR> d-------- C:\WINDOWS\system32\cs
2008-05-08 16:41 . 2008-05-08 16:41 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-08 16:41 . 2008-05-08 16:41 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-08 16:38 . 2008-05-08 16:42 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-08 16:34 . 2008-04-13 22:04 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-05-08 16:32 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003541_.tmp
2008-05-05 18:09 . 2008-05-05 18:09 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro
2008-05-05 17:29 . 2008-05-05 17:29 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 17:35 --------- d-----w C:\Program Files\Java
2008-05-26 17:29 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-26 17:20 --------- d-----w C:\Program Files\Hemera Products
2008-05-26 16:06 --------- d-----w C:\Program Files\Lavasoft
2008-05-25 19:40 --------- d-----w C:\Program Files\SpeedFan
2008-05-24 21:16 --------- d-----w C:\Program Files\Registry Clean Expert
2008-05-24 20:54 --------- d-----w C:\Program Files\IObit
2008-05-18 18:15 --------- d-----w C:\Program Files\Strong
2008-05-13 07:34 --------- d-----w C:\Program Files\MSN Messenger
2008-04-28 19:52 --------- d-----w C:\Program Files\ATI Technologies
2008-04-17 05:28 --------- d-----w C:\Program Files\ICQ6
2008-04-14 06:53 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 06:53 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 06:53 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 06:53 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 06:52 69,632 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 06:52 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 06:52 351,232 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 06:52 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 06:52 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 06:52 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 06:52 268,800 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 06:52 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 06:52 1,552,384 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 06:11 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 06:10 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 06:10 68,736 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 06:10 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 06:10 120,064 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 06:01 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 06:00 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 05:59 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 05:59 14,592 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 05:57 37,248 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 05:56 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 05:55 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
2008-04-14 05:55 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 05:51 64,256 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 05:49 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 05:45 272,896 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 05:44 58,496 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 05:43 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 05:42 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 05:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 05:40 326,912 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 05:38 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 05:38 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 05:36 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 05:36 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 05:35 188,288 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 22:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 22:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 22:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 22:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 22:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 22:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 22:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 22:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 22:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 22:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 22:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 22:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 22:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 22:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 22:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 22:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 22:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 22:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 22:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 22:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 22:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 22:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 22:21 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
.

------- Sigcheck -------

2006-10-23 17:35 665600 6f6877035d64fa0177a9faa33442c163 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll
2007-01-04 16:05 666112 614d523873176fd5e044df4692a42b28 C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\wininet.dll
2007-03-07 20:40 823296 26385a8fef4bfb1fe968d91a2e64363a C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
2007-04-25 11:33 823808 54788092197f979ed036cc5a30f167a5 C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 17:14 824320 a374cf2ee24ea633d6243ed4460d6ac1 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 12:50 825344 da2fa7dbca39c906354bcd7f53d8e796 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 01:41 825344 3c48d8efa3ffa68f7aeaaaffab6b9cb3 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:59 825344 32cc73f851f377b035a5b8216cac63ce C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:35 827392 46a1a52eb6c86344c6ebf65b17404c90 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2004-08-17 14:49 657408 50d263e3454e8357d13bb598129185ad C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
2006-10-23 17:19 659968 20bc7682e65644e445a00b75f74fe7e6 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
2007-01-04 15:58 659968 b2b67a6182c0e17e6a21619bf7f1aad8 C:\WINDOWS\ie7\wininet.dll
2006-11-07 22:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 10:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll
2007-03-07 20:42 822784 f2c6fab63ef6c45ca34d7f8dfc967622 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 10:43 822784 72423fa15617a2d6c4a6cee1e978f380 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 17:10 823808 ad8142c3a9383f48545b7dbc1280cf28 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 13:02 824832 050fe6ee7604df5d5101ac2618d73d65 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:50 824832 c543cc3d7a05fb0d23107c89115811a0 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:14 926208 71236b0628f381dd765faf5e1132db10 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 15:02 927744 0bb517976bbab46cda5837a21909b5b8 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-03-01 15:02 927744 0bb517976bbab46cda5837a21909b5b8 C:\WINDOWS\system32\wininet.dll
2008-03-01 15:02 927744 0bb517976bbab46cda5837a21909b5b8 C:\WINDOWS\system32\dllcache\wininet.dll
2008-03-01 15:02 826368 4b0d8a282e0bef3e52b8b6449d8473dd C:\WINDOWS\VistaMizer\old\wininet.dll

2004-08-17 14:49 541696 96112b362a1f419384ce57e5d92c6267 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-14 08:52 547328 471341d353962a35da3c6324d59d09c4 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-14 08:52 547328 471341d353962a35da3c6324d59d09c4 C:\WINDOWS\system32\winlogon.exe
2008-04-14 08:52 507904 cddb1f8e1aea356f3ad106f2cf9b7fea C:\WINDOWS\VistaMizer\old\winlogon.exe

2005-03-02 20:14 2059008 9355304dd565e23f8ee294720b2c03e5 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 20:47 2061568 c709e82bc1566dacb28173c64e370e49 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 19:09 2061568 a873ff1754e2a81cb1a34588cab363d6 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 19:04 2275328 892a3e52256ddf5727dd3e6e1cd265e7 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-17 14:57 2017280 7715eddd01edfef9ef335d29c6dfe212 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:08 2017280 d6c6c7c38ab140251baf5392b50f2fb6 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 20:24 2017792 cd795c1cf2c29904ff54b3bbac99164d C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-14 08:06 2283520 160a38f8d31ae8b7702f363432556741 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 08:06 2283520 160a38f8d31ae8b7702f363432556741 C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 08:06 2025984 9f12e026dc0b0c43f521114efb3a3acc C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2005-03-02 20:14 2181632 7fabe135eac02a4bc8094b831adc0cc3 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 20:47 2184192 1414c27ccdb54974c1c51d4236fc6ff1 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 19:09 2184320 d40b4f66d877802ec5e655b91b5490fa C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 19:04 2395648 698e57eb4d72d85ee4c7b91729256096 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-17 14:45 2150400 84fef6be553acc66729f5d4113f53310 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:08 2137600 a97a571360eeee9d1443a155d6b70cf8 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 20:24 2138112 b2557ceb28ef1720cfcbdf81ef68b1e1 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-14 08:06 2404864 d132f083d135ad60372d9a635f1d09f1 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 08:06 2404864 d132f083d135ad60372d9a635f1d09f1 C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 08:06 2147328 27c7a7aed8a477f6a0c7d3ad00ab9419 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2008-04-14 08:52 1552384 137a31c90841db6ef71abe912e72121e C:\WINDOWS\explorer.exe
2007-06-13 16:12 1033728 9b32416bd5988c97b6397ce0b02caf97 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 16:23 1551872 3ac47eac2bd0b93621b55dcd4c547956 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-17 14:49 1032704 53114d57ab73a406ac7f602227781a99 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 08:52 1552384 137a31c90841db6ef71abe912e72121e C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 08:52 1034240 27afd587c462e280ee046b8cca3c2cd1 C:\WINDOWS\VistaMizer\old\explorer.exe

2004-08-17 14:49 25088 5050a0b550ccf3ffbc3dad33524a4dc1 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 08:52 25088 d8152865f2a59d765af8317e38aa5fb4 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 08:52 25088 d8152865f2a59d765af8317e38aa5fb4 C:\WINDOWS\system32\ctfmon.exe
2008-04-14 08:52 15360 a756b8f0f7bafba6dfe39f7d169f2519 C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{129FA2A1-408C-4824-83A4-5001581FD01E}]
2008-05-26 18:30 59392 --a------ C:\WINDOWS\system32\ljJYRJaA.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 14:31 22880040]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:52 25088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ashampoo FireWall PRO"="C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" [2006-12-21 03:10 3543552]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 12:13 988584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 08:52 25088]
"Nokia.PCSync"="D:\NOKIA\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{129FA2A1-408C-4824-83A4-5001581FD01E}"= C:\WINDOWS\system32\ljJYRJaA.dll [2008-05-26 18:30 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJYRJaA]
ljJYRJaA.dll 2008-05-26 18:30 59392 C:\WINDOWS\system32\ljJYRJaA.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-08-24 22:10 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-01-21 12:17 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"WEBTRAN"=
"OEXPRESS"=
"pdfSaver3"="C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"pdfSaver3"=
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2006-06-14 21:44]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2007-09-19 12:09]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2000-10-24 01:00]
R2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys [2007-09-19 14:37]
R2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys [2007-09-19 12:10]
R3 PAC7311;Phenix-Q8;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 12:48]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-14 00:26]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 00:15]
R3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 00:15]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-01-26 12:18]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys [2007-09-19 12:09]
R3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-01-26 12:17]
S3 DrvFltIp;DrvFltIp;C:\Documents and Settings\Michal\Local Settings\TEMP\DrvFltIp []
S3 TVICHW32;TVICHW32;C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 00:15]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 17:55]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-05 20:29:13 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- C:\Program Files\Microsoft IntelliType Pro\itype.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 20:01:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\Documents and Settings\Michal\Local Settings\TEMP\ASFWHide"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\C:\Documents and Settings\Michal\Local Settings\TEMP\DrvFltIp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ljJYRJaA.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-05-28 20:06:21 - machine was rebooted [Michal]
ComboFix-quarantined-files.txt 2008-05-28 18:06:13

Adresářů: 10, Volných bajtů: 5,745,107,456
Adres ý…: 14, Volněch bajt…: 5,631,717,376

346 --- E O F --- 2008-05-16 20:57:43

[fredik]

Je potřeba pro následující postup, aby jsi přesunul ComboFIx na plochu, což momentálně nemáš.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pak si otevři Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

File::
C:\WINDOWS\system32\ljJYRJaA.dll
C:\WINDOWS\system32\cbXPjKBs.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{129FA2A1-408C-4824-83A4-5001581FD01E}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{129FA2A1-408C-4824-83A4-5001581FD01E}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJYRJaA]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

- opět pozastav NOD a Kerio
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix (Pc se ti pak restartuje tak se nelekni)
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Helma]

Log z Comboxixu:
ComboFix 08-05-27.4 - Michal 2008-05-28 23:01:25.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.967 [GMT 2:00]
Running from: C:\Documents and Settings\Michal\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michal\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\cbXPjKBs.dll
C:\WINDOWS\system32\ljJYRJaA.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cbXPjKBs.dll
C:\WINDOWS\system32\ljJYRJaA.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))
.

2008-05-28 19:29 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-28 19:29 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-26 18:45 . 2008-05-26 18:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-18 10:37 . 2008-05-18 10:37 <DIR> d-------- C:\Program Files\DIFX
2008-05-18 10:37 . 2008-05-18 10:37 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-05-18 10:37 . 2008-05-18 10:37 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-05-18 10:36 . 2008-05-18 10:36 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-08 18:14 . 2008-05-25 00:26 <DIR> d-------- C:\Program Files\WinFlip
2008-05-08 18:14 . 2008-05-08 19:28 <DIR> d-------- C:\Program Files\VisualTaskTips
2008-05-08 18:14 . 2008-05-08 18:14 <DIR> d-------- C:\Program Files\VistaDriveIcon
2008-05-08 18:14 . 2008-05-08 18:14 <DIR> d-------- C:\Program Files\TrueTransparency
2008-05-08 18:14 . 2008-05-08 18:27 <DIR> d-------- C:\Program Files\Thoosje Sidebar V2.3
2008-05-08 18:14 . 2008-05-08 18:14 <DIR> d-------- C:\Program Files\Styler
2008-05-08 18:14 . 2008-05-08 18:14 <DIR> d-------- C:\Program Files\glass2k
2008-05-08 18:14 . 2008-05-08 18:14 <DIR> d-------- C:\Program Files\Blaero Start Orb
2008-05-08 16:41 . 2008-05-08 16:41 <DIR> d-------- C:\WINDOWS\system32\cs
2008-05-08 16:41 . 2008-05-08 16:41 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-08 16:41 . 2008-05-08 16:41 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-08 16:38 . 2008-05-08 16:42 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-08 16:34 . 2008-04-13 22:04 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-05-08 16:32 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003541_.tmp
2008-05-05 18:09 . 2008-05-05 18:09 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro
2008-05-05 17:29 . 2008-05-05 17:29 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 17:35 --------- d-----w C:\Program Files\Java
2008-05-26 17:29 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-26 17:20 --------- d-----w C:\Program Files\Hemera Products
2008-05-26 16:06 --------- d-----w C:\Program Files\Lavasoft
2008-05-25 19:40 --------- d-----w C:\Program Files\SpeedFan
2008-05-24 21:16 --------- d-----w C:\Program Files\Registry Clean Expert
2008-05-24 20:54 --------- d-----w C:\Program Files\IObit
2008-05-18 18:15 --------- d-----w C:\Program Files\Strong
2008-05-13 07:34 --------- d-----w C:\Program Files\MSN Messenger
2008-04-28 19:52 --------- d-----w C:\Program Files\ATI Technologies
2008-04-17 05:28 --------- d-----w C:\Program Files\ICQ6
2008-04-14 06:53 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 06:53 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 06:53 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 06:53 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 06:52 69,632 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 06:52 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 06:52 351,232 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 06:52 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 06:52 268,800 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 06:52 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 06:52 1,552,384 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 06:11 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 06:10 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 06:10 68,736 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 06:10 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 06:10 120,064 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 06:01 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 06:00 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 05:59 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 05:59 14,592 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 05:57 37,248 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 05:56 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 05:55 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
2008-04-14 05:55 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 05:51 64,256 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 05:49 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 05:45 272,896 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 05:44 58,496 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 05:43 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 05:42 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 05:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 05:40 326,912 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 05:38 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 05:38 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 05:36 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 05:36 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 05:35 188,288 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 22:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 22:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 22:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 22:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 22:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 22:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 22:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 22:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 22:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 22:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 22:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 22:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 22:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 22:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 22:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 22:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 22:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 22:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 22:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 22:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 22:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 22:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 22:21 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 22:17 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 22:15 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
.

------- Sigcheck -------

2006-10-23 17:35 665600 6f6877035d64fa0177a9faa33442c163 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll
2007-01-04 16:05 666112 614d523873176fd5e044df4692a42b28 C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\wininet.dll
2007-03-07 20:40 823296 26385a8fef4bfb1fe968d91a2e64363a C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
2007-04-25 11:33 823808 54788092197f979ed036cc5a30f167a5 C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 17:14 824320 a374cf2ee24ea633d6243ed4460d6ac1 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 12:50 825344 da2fa7dbca39c906354bcd7f53d8e796 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 01:41 825344 3c48d8efa3ffa68f7aeaaaffab6b9cb3 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:59 825344 32cc73f851f377b035a5b8216cac63ce C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:35 827392 46a1a52eb6c86344c6ebf65b17404c90 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2004-08-17 14:49 657408 50d263e3454e8357d13bb598129185ad C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
2006-10-23 17:19 659968 20bc7682e65644e445a00b75f74fe7e6 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
2007-01-04 15:58 659968 b2b67a6182c0e17e6a21619bf7f1aad8 C:\WINDOWS\ie7\wininet.dll
2006-11-07 22:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 10:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll
2007-03-07 20:42 822784 f2c6fab63ef6c45ca34d7f8dfc967622 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 10:43 822784 72423fa15617a2d6c4a6cee1e978f380 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 17:10 823808 ad8142c3a9383f48545b7dbc1280cf28 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 13:02 824832 050fe6ee7604df5d5101ac2618d73d65 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:50 824832 c543cc3d7a05fb0d23107c89115811a0 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:14 926208 71236b0628f381dd765faf5e1132db10 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 15:02 927744 0bb517976bbab46cda5837a21909b5b8 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-03-01 15:02 927744 0bb517976bbab46cda5837a21909b5b8 C:\WINDOWS\system32\wininet.dll
2008-03-01 15:02 927744 0bb517976bbab46cda5837a21909b5b8 C:\WINDOWS\system32\dllcache\wininet.dll
2008-03-01 15:02 826368 4b0d8a282e0bef3e52b8b6449d8473dd C:\WINDOWS\VistaMizer\old\wininet.dll

2004-08-17 14:49 541696 96112b362a1f419384ce57e5d92c6267 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-14 08:52 547328 471341d353962a35da3c6324d59d09c4 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-14 08:52 547328 471341d353962a35da3c6324d59d09c4 C:\WINDOWS\system32\winlogon.exe
2008-04-14 08:52 507904 cddb1f8e1aea356f3ad106f2cf9b7fea C:\WINDOWS\VistaMizer\old\winlogon.exe

2005-03-02 20:14 2059008 9355304dd565e23f8ee294720b2c03e5 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 20:47 2061568 c709e82bc1566dacb28173c64e370e49 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 19:09 2061568 a873ff1754e2a81cb1a34588cab363d6 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 19:04 2275328 892a3e52256ddf5727dd3e6e1cd265e7 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-17 14:57 2017280 7715eddd01edfef9ef335d29c6dfe212 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:08 2017280 d6c6c7c38ab140251baf5392b50f2fb6 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 20:24 2017792 cd795c1cf2c29904ff54b3bbac99164d C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-14 08:06 2283520 160a38f8d31ae8b7702f363432556741 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 08:06 2283520 160a38f8d31ae8b7702f363432556741 C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 08:06 2025984 9f12e026dc0b0c43f521114efb3a3acc C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2005-03-02 20:14 2181632 7fabe135eac02a4bc8094b831adc0cc3 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 20:47 2184192 1414c27ccdb54974c1c51d4236fc6ff1 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 19:09 2184320 d40b4f66d877802ec5e655b91b5490fa C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 19:04 2395648 698e57eb4d72d85ee4c7b91729256096 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-17 14:45 2150400 84fef6be553acc66729f5d4113f53310 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:08 2137600 a97a571360eeee9d1443a155d6b70cf8 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 20:24 2138112 b2557ceb28ef1720cfcbdf81ef68b1e1 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-14 08:06 2404864 d132f083d135ad60372d9a635f1d09f1 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 08:06 2404864 d132f083d135ad60372d9a635f1d09f1 C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 08:06 2147328 27c7a7aed8a477f6a0c7d3ad00ab9419 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2008-04-14 08:52 1552384 137a31c90841db6ef71abe912e72121e C:\WINDOWS\explorer.exe
2007-06-13 16:12 1033728 9b32416bd5988c97b6397ce0b02caf97 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 16:23 1551872 3ac47eac2bd0b93621b55dcd4c547956 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-17 14:49 1032704 53114d57ab73a406ac7f602227781a99 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 08:52 1552384 137a31c90841db6ef71abe912e72121e C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 08:52 1034240 27afd587c462e280ee046b8cca3c2cd1 C:\WINDOWS\VistaMizer\old\explorer.exe

2004-08-17 14:49 25088 5050a0b550ccf3ffbc3dad33524a4dc1 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 08:52 25088 d8152865f2a59d765af8317e38aa5fb4 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 08:52 25088 d8152865f2a59d765af8317e38aa5fb4 C:\WINDOWS\system32\ctfmon.exe
2008-04-14 08:52 15360 a756b8f0f7bafba6dfe39f7d169f2519 C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-28_20.05.42.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 18:00:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-28 21:05:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-09-15 15:25:18 3,611,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2007-08-28 22:19:32 136,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\CONTAB32.DLL
+ 2007-08-24 03:49:12 89,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\DLGSETP.DLL
+ 2007-10-05 19:37:38 17,927,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\EXCEL.EXE
+ 2007-08-24 03:49:40 342,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MIMEDIR.DLL
+ 2007-08-28 22:38:10 500,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MORPH9.DLL
+ 2007-08-28 22:38:46 9,584,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSPUB.EXE
+ 2007-08-28 22:20:20 2,949,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OLMAPI32.DLL
+ 2007-08-24 04:42:40 663,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OMSMAIN.DLL
+ 2007-08-24 04:42:44 195,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OMSXP32.DLL
+ 2007-08-28 22:20:44 600,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OUTLMIME.DLL
+ 2007-09-06 17:01:10 12,836,728 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OUTLOOK.EXE
+ 2007-08-28 22:22:04 180,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OUTLPH.DLL
+ 2007-08-24 02:43:28 138,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PRTF9.DLL
+ 2007-08-24 03:51:48 416,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PSTPRX32.DLL
+ 2007-08-28 22:39:14 625,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PTXT9.DLL
+ 2007-08-24 02:43:36 593,296 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PUBCONV.DLL
+ 2007-08-24 03:52:08 266,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SCNPST32.DLL
+ 2007-08-24 03:52:10 275,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SCNPST64.DLL
+ 2007-08-28 22:16:00 350,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-09-06 17:03:02 4,280,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WRD12CNV.DLL
+ 2007-08-28 23:07:58 24,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WRD12EXE.EXE
+ 2007-09-06 16:56:32 17,490,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WWLIB.DLL
+ 2007-10-02 19:00:06 14,708,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XL12CNV.EXE
+ 2007-08-24 04:14:14 13,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XLCALL32.DLL
- 2008-02-25 20:10:58 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-05-28 20:32:02 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-02-25 20:11:02 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-28 20:32:04 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-02-25 20:10:59 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-05-28 20:32:03 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-02-25 20:10:59 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-05-28 20:32:03 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-02-25 20:11:02 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-28 20:32:03 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-02-25 20:11:03 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-28 20:32:04 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-02-25 20:11:04 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-28 20:32:04 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-02-25 20:11:00 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-05-28 20:32:03 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-02-25 20:11:01 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-28 20:32:03 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-02-25 20:11:02 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-05-28 20:32:04 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-02-25 20:11:03 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-28 20:32:04 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-02-25 20:10:59 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-28 20:32:03 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-28 21:05:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6a0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 14:31 22880040]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:52 25088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ashampoo FireWall PRO"="C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" [2006-12-21 03:10 3543552]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 12:13 988584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 08:52 25088]
"Nokia.PCSync"="D:\NOKIA\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-08-24 22:10 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-01-21 12:17 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"WEBTRAN"=
"OEXPRESS"=
"pdfSaver3"="C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"pdfSaver3"=
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2006-06-14 21:44]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2007-09-19 12:09]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2000-10-24 01:00]
R2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys [2007-09-19 14:37]
R2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys [2007-09-19 12:10]
R3 DrvFltIp;DrvFltIp;C:\Documents and Settings\Michal\Local Settings\TEMP\DrvFltIp [2006-12-21 03:34]
R3 PAC7311;Phenix-Q8;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 12:48]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-14 00:26]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 00:15]
R3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 00:15]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-01-26 12:18]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys [2007-09-19 12:09]
R3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-01-26 12:17]
S3 TVICHW32;TVICHW32;C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 00:15]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 17:55]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-05 20:29:13 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- C:\Program Files\Microsoft IntelliType Pro\itype.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 23:06:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\Documents and Settings\Michal\Local Settings\TEMP\ASFWHide"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\C:\Documents and Settings\Michal\Local Settings\TEMP\DrvFltIp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-05-28 23:08:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-28 21:08:23
ComboFix2.txt 2008-05-28 18:06:22

Adresářů: 10, Volných bajtů: 5,212,139,008
Adres ý…: 14, Volněch bajt…: 5,203,429,888

391 --- E O F --- 2008-05-28 20:32:14

[Helma]

Tady je log z HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:10, on 2008-05-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1926435437
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78DA8600-9221-43B7-8FA3-41E13D34A20F}: NameServer = 10.152.40.4,10.152.16.116
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 10259 bytes

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
po zaškrtnutí klikni na tlačítko Fix Checked


Doporučil bych ti aktualizovat Javu:
- Stáhni si poslední verzi Java Runtime Environment (JRE) 6 Update 6
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 6 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation

a ulož si ho na disk

- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u6-windows-i586-p.exe, který sis stáhl na začátku.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Máš ještě nějaké problémy?

[Helma]

Mockrát děkuji za pomoc. Zatím je vše OK budu dále testovat. Problém je vyřešen.

[fredik]

Nemáš za co , kdyby byl nějaký problém tak dej vědět.