HiJackThis - Celkem pomalý nově instal. Win Vyřešeno

[CZechBoY]

Tak tady je log z MbAM, ten strašnej SeeKapp já věděl že to nemám mít... ale bylo to samo s programem PF Auto-Typer, aspoň myslím. Asi ve 4 tu bude Combo

Malwarebytes' Anti-Malware 1.36
Verze databáze: 2082
Windows 5.1.2600 Service Pack 3

7.5.2009 6:44:36
mbam-log-2009-05-07 (06-44-36).txt

Typ skenu: Úplný sken (C:\|D:\|E:\|)
Objektu skenováno: 191428
Uplynulý cas: 38 minute(s), 58 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 6
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 1
Infikované soubory: 5

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c62c7cf-8ffd-326f-8f6a-93175fe5fc5d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c62c7cf-8ffd-326f-8f6a-93175fe5fc5d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{bd54b840-4671-333a-8220-7cebd74602c3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1be5577b-e96e-3eb7-9767-5c0de7cbe0c6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8c62c7cf-8ffd-326f-8f6a-93175fe5fc5d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
C:\Documents and Settings\All Users\Data aplikací\Seekapp (Adware.Seekapp) -> Quarantined and deleted successfully.

Infikované soubory:
C:\WINDOWS\system32\xwr36868.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Seekapp\seekapp122.exe (Adware.SeekApp) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6768789D-8619-42C3-B3C3-79F49F841305}\RP25\A0005927.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wr36868.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

[Reklama]

[CZechBoY]

OK, je tu combo, ale při spuštění po prví mi to asi ukázalo Black Screen, dal jsem tvrdej restart a šlo to

ComboFix 09-05-06.02 - CZechBoY 07.05.2009 6:55.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1916.1496 [GMT 2:00]
Spuštěný z: c:\documents and settings\CZechBoY\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
FW: Avira Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mdm.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-07 do 2009-05-07 )))))))))))))))))))))))))))))))
.

2009-05-06 13:41 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-06 13:41 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 13:41 . 2009-05-06 13:41 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-02 08:00 . 2009-05-02 08:10 -------- d-----w c:\program files\Microsoft Bootvis
2009-05-01 17:18 . 2009-05-01 17:19 -------- d-----w c:\program files\PF Auto-Typer
2009-04-30 15:56 . 2008-04-17 10:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-30 15:56 . 2009-03-19 14:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-30 15:55 . 2009-04-30 15:55 -------- d-----w c:\program files\iPod
2009-04-30 15:55 . 2009-04-30 15:56 -------- d-----w c:\program files\iTunes
2009-04-30 15:55 . 2009-04-30 15:55 -------- d-----w c:\program files\QuickTime
2009-04-30 15:55 . 2009-04-30 15:55 -------- d-----w c:\program files\Apple Software Update
2009-04-30 15:54 . 2009-04-30 15:55 -------- d-----w c:\program files\Common Files\Apple
2009-04-29 17:37 . 2002-06-06 12:38 139264 ----a-w c:\windows\system32\eax.dll
2009-04-29 17:37 . 2009-04-29 17:37 -------- d-----w c:\program files\Creative
2009-04-29 15:57 . 2009-04-29 15:57 -------- d-----w c:\program files\Hex Workshop v6
2009-04-29 14:39 . 2009-04-29 14:39 -------- d-----w c:\program files\Common Files\EZB Systems
2009-04-29 14:39 . 2009-04-29 14:39 -------- d-----w c:\program files\UltraISO
2009-04-29 14:31 . 2009-04-29 14:31 -------- d-----w c:\program files\Burn4Free
2009-04-29 14:15 . 2009-04-29 16:30 319488 ----a-r c:\windows\system32\MafiaSetup.exe
2009-04-29 14:11 . 2008-04-14 06:51 82432 ----a-w c:\windows\system32\CNBJMON2.DLL
2009-04-28 17:05 . 2008-10-16 12:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-28 17:05 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-28 13:55 . 2009-04-28 13:55 -------- d-sh--w C:\$RECYCLE.BIN
2009-04-28 13:16 . 2009-04-28 14:21 -------- d-sh--w C:\Boot
2009-04-28 12:18 . 2009-04-28 12:18 -------- d-----w c:\program files\VideoLAN
2009-04-28 11:49 . 2009-04-28 12:57 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-27 16:03 . 2009-04-27 16:04 -------- d-----w c:\program files\MediaCoder
2009-04-27 14:42 . 2009-04-28 11:53 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-24 17:09 . 2009-05-05 12:10 -------- d-----w C:\Fraps
2009-04-24 16:54 . 2006-11-29 11:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-04-24 16:02 . 1998-10-29 14:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-24 16:02 . 2009-04-24 16:02 -------- d-----w c:\documents and settings\CZechBoY\WINDOWS
2009-04-23 19:36 . 2009-04-23 19:36 -------- d-----w c:\program files\Web Publish
2009-04-23 18:12 . 2009-04-23 18:12 14361616 ----a-w c:\windows\system32\xa8466031.exe
2009-04-23 18:12 . 2009-04-23 18:12 14361616 ----a-w c:\windows\system32\xa8464250.exe
2009-04-23 15:45 . 2009-04-27 13:46 97480 ----a-w c:\windows\system32\drivers\avfwot.sys
2009-04-23 15:45 . 2009-02-24 10:06 69632 ----a-w c:\windows\system32\drivers\avfwim.sys
2009-04-23 14:09 . 2009-04-23 14:09 -------- d-----w c:\program files\Desktop Sidebar
2009-04-22 19:23 . 2009-02-20 17:13 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-22 19:23 . 2009-02-20 17:13 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll
2009-04-22 19:23 . 2009-02-20 10:20 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
2009-04-22 19:23 . 2009-02-20 17:13 268288 -c----w c:\windows\system32\dllcache\iertutil.dll
2009-04-22 19:23 . 2009-02-20 17:13 6066176 -c----w c:\windows\system32\dllcache\ieframe.dll
2009-04-22 19:23 . 2008-07-09 14:25 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
2009-04-22 19:23 . 2009-02-20 17:13 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
2009-04-22 19:23 . 2009-02-20 17:13 63488 -c----w c:\windows\system32\dllcache\icardie.dll
2009-04-22 15:08 . 2009-04-22 15:06 737280 ----a-w c:\windows\iun6002.exe
2009-04-22 15:08 . 2009-04-22 15:08 -------- d-----w c:\program files\Codec Pack - All In 1
2009-04-22 14:30 . 2009-05-07 05:02 -------- d-----w c:\windows\system32\CatRoot2
2009-04-22 14:21 . 2009-04-22 14:22 -------- d-----w c:\program files\3DMark2001 SE
2009-04-22 13:52 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-22 13:52 . 2009-02-09 11:26 2191232 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-22 13:52 . 2009-03-06 14:23 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-22 13:52 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-22 13:52 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-22 13:52 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-22 13:52 . 2009-02-09 10:56 684032 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-22 13:52 . 2009-02-09 10:56 728064 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-22 13:52 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-22 13:52 . 2009-02-09 10:56 709632 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-22 13:52 . 2009-02-09 11:26 2147328 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-22 13:52 . 2009-02-09 11:26 2025984 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-21 19:17 . 2009-05-05 15:10 -------- d-----w c:\windows\system32\oodag
2009-04-21 17:18 . 2009-04-21 17:18 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-21 17:18 . 2009-04-21 17:18 -------- d-----w c:\windows\system32\drivers\UMDF
2009-04-21 17:18 . 2009-05-02 08:09 -------- d-----w c:\windows\system32\LogFiles
2009-04-21 17:00 . 2009-04-21 17:01 -------- d-----w c:\program files\Scorpions WinCheater
2009-04-21 16:59 . 2009-04-23 18:18 -------- d-----w c:\program files\OO Software
2009-04-21 16:59 . 2009-04-21 16:59 14361616 ----a-w c:\windows\system32\xa11424484.exe
2009-04-21 16:59 . 2009-04-21 16:59 14361616 ----a-w c:\windows\system32\xa11423765.exe
2009-04-21 16:38 . 2009-04-21 16:38 -------- d-----w c:\program files\Lavalys
2009-04-21 16:36 . 2006-10-26 17:58 30512 ----a-w c:\windows\system32\mdimon.dll
2009-04-21 16:36 . 2009-04-21 16:36 -------- d-----w c:\program files\Microsoft Works
2009-04-21 16:33 . 2009-04-21 16:35 -------- d-----w c:\windows\SHELLNEW
2009-04-21 16:33 . 2009-04-21 16:33 -------- d--h--r C:\MSOCache
2009-04-21 15:12 . 2009-04-27 13:46 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-21 15:12 . 2009-04-21 15:12 -------- d-----w c:\program files\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 05:02 . 2009-04-21 12:45 16608 ----a-w c:\windows\gdrv.sys
2009-05-02 08:10 . 2001-10-25 12:00 46196 ----a-w c:\windows\system32\perfc005.dat
2009-05-02 08:10 . 2001-10-25 12:00 309990 ----a-w c:\windows\system32\perfh005.dat
2009-04-24 16:11 . 2009-04-21 13:53 -------- d-----w c:\program files\CamStudio
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w c:\windows\java\Packages\Data\O0MHBX3F.DAT
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w c:\windows\java\Packages\Data\YA7HBZR7.DAT
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w c:\windows\java\Packages\Data\K7RFZZFP.DAT
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w c:\windows\java\Packages\Data\4PBV3NR5.DAT
2009-04-23 16:19 . 2001-10-25 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-22 14:22 . 2009-04-21 12:46 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-22 14:21 . 2009-04-21 12:46 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-21 14:45 . 2009-04-21 14:45 -------- d-----r c:\program files\Skype
2009-04-21 14:32 . 2009-04-21 14:32 -------- d-----w c:\program files\CCleaner
2009-04-21 13:58 . 2009-04-21 13:54 -------- d-----w c:\program files\QIP Infium
2009-04-21 13:53 . 2009-04-21 13:53 -------- d-----w c:\program files\Opera
2009-04-21 13:39 . 2009-04-21 12:35 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-21 12:54 . 2009-04-21 12:50 -------- d-----w c:\program files\Realtek
2009-04-21 12:50 . 2009-04-21 12:50 319488 ----a-w c:\windows\HideWin.exe
2009-04-21 12:46 . 2009-04-21 12:46 -------- d-----w c:\program files\Intel
2009-04-21 12:46 . 2009-04-21 12:46 -------- d-----w c:\program files\GIGABYTE
2009-04-21 12:35 . 2009-04-21 12:35 -------- d-----w c:\program files\microsoft frontpage
2009-04-21 12:33 . 2009-04-21 12:33 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-07 23:41 . 2009-04-07 23:41 1316096 ----a-w c:\windows\system32\ooscrsav.scr
2009-04-07 23:41 . 2009-04-07 23:41 730368 ----a-w c:\windows\system32\oodsvct.exe
2009-04-07 23:40 . 2009-04-07 23:40 1377536 ----a-w c:\windows\system32\oodag.exe
2009-04-07 23:39 . 2009-04-07 23:39 2553088 ----a-w c:\windows\system32\oodtray.exe
2009-04-07 23:39 . 2009-04-07 23:39 194816 ----a-w c:\windows\system32\oodbs.exe
2009-04-07 23:35 . 2009-04-07 23:35 951552 ----a-w c:\windows\system32\oodtrrs.dll
2009-04-07 23:35 . 2009-04-07 23:35 541952 ----a-w c:\windows\system32\oodssrs.dll
2009-04-07 23:34 . 2009-04-07 23:34 9984 ----a-w c:\windows\system32\oodbsrs.dll
2009-04-07 23:34 . 2009-04-07 23:34 8448 ----a-w c:\windows\system32\OODAGRS.DLL
2009-04-07 23:34 . 2009-04-07 23:34 15616 ----a-w c:\windows\system32\OODAGMG.DLL
2009-04-07 12:59 . 2009-04-07 12:59 15104 ----a-w c:\windows\system32\ootmapi.dll
2009-03-16 12:18 . 2009-04-24 16:55 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-24 16:55 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-24 16:55 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-24 16:55 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 13:27 . 2009-04-24 16:55 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-04-24 16:55 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 13:27 . 2009-04-24 16:55 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-08 12:18 . 2009-03-08 12:18 2796196 ------w c:\windows\inf\SET476.tmp
2009-03-08 12:09 . 2009-03-08 12:09 391536 ------w c:\windows\system32\SET485.tmp
2009-03-08 02:41 . 2009-03-08 02:41 5937152 ------w c:\windows\system32\SET491.tmp
2009-03-08 02:35 . 2009-03-08 02:35 385024 ------w c:\windows\system32\SET480.tmp
2009-03-08 02:34 . 2009-03-08 02:34 914944 ------w c:\windows\system32\SET49F.tmp
2009-03-08 02:34 . 2009-03-08 02:34 1206784 ------w c:\windows\system32\SET49C.tmp
2009-03-08 02:34 . 2009-03-08 02:34 1469440 ------w c:\windows\system32\SET48B.tmp
2009-03-08 02:34 . 2009-03-08 02:34 236544 ------w c:\windows\system32\SET49E.tmp
2009-03-08 02:34 . 2009-03-08 02:34 43008 ------w c:\windows\system32\SET48F.tmp
2009-03-08 02:34 . 2009-03-08 02:34 105984 ------w c:\windows\system32\SET49B.tmp
2009-03-08 02:34 . 2009-03-08 02:34 193536 ------w c:\windows\system32\SET496.tmp
2009-03-08 02:34 . 2009-03-08 02:34 109568 ------w c:\windows\system32\SET498.tmp
2009-03-08 02:33 . 2009-03-08 02:33 18944 ------w c:\windows\system32\SET47D.tmp
2009-03-08 02:33 . 2009-03-08 02:33 25600 ------w c:\windows\system32\SET48E.tmp
2009-03-08 02:33 . 2009-03-08 02:33 726528 ------w c:\windows\system32\SET48D.tmp
2009-03-08 02:33 . 2009-03-08 02:33 229376 ------w c:\windows\system32\SET483.tmp
2009-03-08 02:33 . 2009-03-08 02:33 420352 ------w c:\windows\system32\SET49D.tmp
2009-03-08 02:33 . 2009-03-08 02:33 125952 ------w c:\windows\system32\SET482.tmp
2009-03-08 02:32 . 2009-03-08 02:32 72704 ------w c:\windows\system32\SET47B.tmp
2009-03-08 02:32 . 2009-03-08 02:32 173056 ------w c:\windows\system32\SET481.tmp
2009-03-08 02:32 . 2009-03-08 02:32 163840 ------w c:\windows\system32\SET484.tmp
2009-03-08 02:32 . 2009-03-08 02:32 71680 ------w c:\windows\system32\SET488.tmp
2009-03-08 02:32 . 2009-03-08 02:32 55808 ------w c:\windows\system32\SET487.tmp
2009-03-08 02:32 . 2009-03-08 02:32 128512 ------w c:\windows\system32\SET47C.tmp
2009-03-08 02:32 . 2009-03-08 02:32 94720 ------w c:\windows\system32\SET48C.tmp
2009-03-08 02:32 . 2009-03-08 02:32 611840 ------w c:\windows\system32\SET497.tmp
2009-03-08 02:31 . 2009-03-08 02:31 183808 ------w c:\windows\system32\SET486.tmp
2009-03-08 02:31 . 2009-03-08 02:31 348160 ------w c:\windows\system32\SET47E.tmp
2009-03-08 02:31 . 2009-03-08 02:31 34816 ------w c:\windows\system32\SET48A.tmp
2009-03-08 02:31 . 2009-03-08 02:31 216064 ------w c:\windows\system32\SET47F.tmp
2009-03-08 02:31 . 2009-03-08 02:31 46592 ------w c:\windows\system32\SET499.tmp
2009-03-08 02:31 . 2009-03-08 02:31 66560 ------w c:\windows\system32\SET493.tmp
2009-03-08 02:31 . 2009-03-08 02:31 48128 ------w c:\windows\system32\SET494.tmp
2009-03-08 02:31 . 2009-03-08 02:31 45568 ------w c:\windows\system32\SET490.tmp
2009-03-08 02:31 . 2009-03-08 02:31 1638912 ------w c:\windows\system32\SET492.tmp
2009-03-08 02:30 . 2009-03-08 02:30 66560 ------w c:\windows\system32\SET49A.tmp
2009-03-08 02:22 . 2009-03-08 02:22 156160 ------w c:\windows\system32\SET495.tmp
2009-03-08 02:15 . 2009-03-08 02:15 57667 ------w c:\windows\system32\SET489.tmp
2009-03-06 14:23 . 2004-08-17 13:49 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2004-08-17 13:49 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-27 16:12 . 2009-02-27 16:12 62989 ------w c:\windows\Help\SET472.tmp
2009-02-25 00:48 . 2009-02-25 00:48 610228 ------w c:\windows\Help\SET475.tmp
2009-02-23 18:05 . 2009-02-23 18:05 37896 ----a-w c:\windows\system32\drivers\oobctm.sys
2009-02-20 17:13 . 2007-08-13 16:45 78336 ------w c:\windows\system32\ieencode.dll
2009-02-18 22:46 . 2009-02-18 22:46 14319 ------w c:\windows\Help\SET474.tmp
2009-02-18 22:46 . 2009-02-18 22:46 13028 ------w c:\windows\Help\SET473.tmp
2009-02-09 14:07 . 2004-08-17 13:44 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:26 . 2004-08-17 15:45 2025984 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:26 . 2004-08-17 13:45 2147328 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2004-08-17 13:49 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2004-08-17 13:49 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2004-08-17 13:49 728064 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2004-08-17 13:49 684032 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2004-08-17 13:48 709632 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2001-10-25 12:00 35328 ----a-w c:\windows\system32\sc.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-04-30 1562352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SIDEBAR"="c:\program files\Desktop Sidebar\dsidebar.exe" [2006-07-09 1777664]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-03-25 5245440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-04-07 2553088]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ooccctrl.exe"="c:\program files\OO Software\CleverCache\ooccctrl.exe" [2007-02-23 1911568]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-23 16804864]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Strong DC++(2.22)\\StrongDC.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [23.4.2009 17:45 97480]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [23.4.2009 17:45 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [23.4.2009 17:45 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23.4.2009 17:45 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [23.4.2009 17:45 432897]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [21.4.2009 14:46 80392]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [23.4.2009 17:45 69632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [21.4.2009 14:50 110080]
R3 OOTextMode;OOTextMode;c:\windows\system32\drivers\oobctm.sys [23.2.2009 20:05 37896]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [3.8.2004 23:04 69120]
.
Obsah adresáře 'Naplánované úlohy'

2009-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {C641B42D-570A-40CD-B895-55D9E003CC32} = 192.168.15.1,192.168.68.16
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 07:02
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="C4E8AF421ACD75288B413D803115FA77A9CFCAE715ABC3F3A1B008DADA25A86C0E1103ED0A01C0BBEE341D02E17D076758FC5DE65B6B48CEDB1D7D130C986269D4B9DDE9D14F5897793A3296CCDE2E7BBF9195E92FB29EEE14A7D8D8D57F187959C732FE3A7E8C67FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3DC46B416062B85E065813F6595B9430474C8258C9C90EF84201F9A11F0C0EF8BF8FD14CD272F22921546EC0EC3042157140C5489B16FA71047EEBD8D820E99121EA3AADA0D09829435281AD3C5EC5D9698A492610AC709476D326CF0CA0724B98911A2C98B3AB704EC9082B2566B846F27FB3A238FB4402DD50571A9B0759BA8D6F48DF0E4155A96BE4A0F40C3EDEB995A60C41A7676FECC2F892A16C437006A8267F385696620F8301D120D9CF1CA31E3A415BF743919972854CA168B82D68590CDEF5CD44C0F0C7B18312F777F88A1C2C249AC55AE9E27E6360ABFDBCACB1D1A96BAFD0CC06B5A93D028658842307E31EEB01306B61383DB38D261D9DACC4873E0B4E43296954E19E7D0BEC3E69478D682FDFDC27FE9AC5C874463D96909934390A8F0DC546586B838A84AD5C438A75966DDFF4B3F2A1762D9D1C565DDE3AD7C1970697019DE2044EA127968DC8A83C6708FD252C8EF5F09D72876797C246B130C717D0B192A830169E7F28EFB709454FC1089C1E47D51988403CF0610BF14B92907C2C9C6D713626C36B641CEEA93875C724128A379597143BC3F948AB84EC2B4D442180999822FBB29DD297741B83B525483C681C9A5B18F87B8A503958246EBE4F290CA711C1C9F49E0262F084D39ECBC05922D7DD15A27493B1716F5C4407085542E3CADBA97778C67E6B321D21F3112CA91570EE39720B9001152F956350AFDDF11E5B13311E8BC6DC98A734212EAE01F014106F81FB004B0D9A781ADADD22C73B495563F10DE32035C3E729CF784105F76405966A6879F17055F4154A75ADC32C65590B4B4798A9A238A971EEB24B548C40BF2DB5158103488BEC45120E075A516529E06182A78F45B74C97026F31DEFED4571369110753B679510059D745623DB02ECB9BA8F04FC0784E3750F6BCE82346853ACCA2DB8EE1CE342A8933E20B87A3F4C7A35AB7BBBCA1D68467C39C0952A8A7286DBF38AFF0AB4BC152363F564B102BE5E968A57C64512E411686DFACE906C0F69D17B30694A9F3D3252A1F99A5B7A74A2259478B679740C871A2FC91C85EF456F1894FB8FCD22C03370CA87E3AD3602C41E78C387AFA9E07D0AECE4D5421100743A9EA3F60A61689838D68822F8F7059838349245473FD7F517790C675377FE02F404F67F618F8304815CCF7300C1A3268"
"OOCC06.00.00.01WSSV"="6C01661F7868FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D6794232A45B10212E22B28DA944CA1693FDCE89AB210C829B3EBF1F20DA53ADB2B6A0F777AC419B81E14A04D34CB25ED33EAC2BA21E44C792E6640C6EB3C7D13B1B455F36BCA61AC500248F85BA54DF16AE0CB9AE66B91EEE231AE8A7EB51C321AA06CDA82235C88C3B97281B8EA05CB848453691806173A63302E946064BE5E0A55FD4E7F317F8F54C227F251AFB0F6B2DDDE3A9E1A49AD598D5E9E7D9D00E5BF3E6A51765E33257469A1B7FA0D258EBBB9A78135918D3F7DB8164A983DF1378A8AC1CC4A9354D2A83DCFA2649FACD6792A191B6FD9398BA063DD1AC6A297E64FAC4D0DB9C2B4448B9357E98A8705B4D905D346AF6417502503F2F5F12EE72C84DC054252DE184C49038FA4C269E031E0E12DA230A767F004D148A8D8495164B896990175DEB95FA36902D2346E67FB231F2DB9FC1CDBF347CF01E10CDCB18E8B97EB415BBEC395EE66F0D35AC32FE54B5D10F276409D848D3CF8B4F1D6DD4E31E314600E7FD92C155DCE6E869849651881471FD215C4710B20BD9944AB9EEBF1C1DA9D6D238F051476C1CBDA23B614DAB476709921E2AE0743106A10D0ADD22ABDBF9FABB0EDA27C2027F8CF9AEDAFFB64F5FBA7EC79D05CB4646739C23E93C826F5EB4E37F23072078D6731BCD71AF24252BCAE070014FA4765B4F27DF161D30EE1EFB1C18EF93222396C9E495359CF42CD1132816258659071D74886E194634CA07D8468267006A821C18B063297B41FDABB8CF07E9EB36A183E97E09929237D00C6C8BF1329D095F004403BBAA2D7D3A3E2E8EF278F90732035911B98BFD30080E55664A2DB08AA87B55935A6EC82A30490C89AA4F3BB8D8372BB41D49AC876DAD656F594E633EBF93BC3C4248A94938BB38194B13D875FEE0CF166B4226BC8F979C9199FC9F1208EDEC6BD5538FE6B7F9E3B81FBFBDCD1437C5F2294633721791201F36B2BF354C04D787A50D0C838D888728CA8E8359417A5878EC48CBD6F2FC9A43315D27E5A411944D59E588C4CC389F7E3CC5E219934C8BE4A8973A1E79F2DAD85AEAD6CC372366A323F73F6BC20A1723774DA4395978EB078990F9C7F86AB6D1FBC4C2969ECFEFE73236D4C62843457BD9D81D2847381593E23F97971519A84B8B764B6E77A306902B033615A3786F5AF3D191C232C910D4844F599BE23B16A0C8CCE2B1F1CEBE5CA42D6218635C1EE4C390DFC74DB126EC311E6F02AD18D6A599D872EB305B7033EA50D0A8A3076B5D3EC6BE93ECF3BF7E39253083969AF23E43F307E8D1DFAA5519C322DCF0C16938D2667E90B0AA679DFC468F939277A0776BA8D6C58FE06"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1156)
c:\program files\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(3572)
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\oodag.exe
c:\program files\OO Software\CleverCache\ooccag.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-05-07 7:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-05-07 05:03

Před spuštěním: 9 947 820 032
Po spuštění: 7 879 692 288

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

294 --- E O F --- 2009-04-28 19:45

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený červeně:

File::
c:\windows\system32\xa8466031.exe
c:\windows\system32\xa8464250.exe
c:\windows\system32\xa11424484.exe
c:\windows\system32\xa11423765.exe
c:\windows\inf\SET476.tmp
c:\windows\system32\SET485.tmp
c:\windows\system32\SET491.tmp
c:\windows\system32\SET480.tmp
c:\windows\system32\SET49F.tmp
c:\windows\system32\SET49C.tmp
c:\windows\system32\SET48B.tmp
c:\windows\system32\SET49E.tmp
c:\windows\system32\SET48F.tmp
c:\windows\system32\SET49B.tmp
c:\windows\system32\SET496.tmp
c:\windows\system32\SET498.tmp
c:\windows\system32\SET47D.tmp
c:\windows\system32\SET48E.tmp
c:\windows\system32\SET48D.tmp
c:\windows\system32\SET483.tmp
c:\windows\system32\SET49D.tmp
c:\windows\system32\SET482.tmp
c:\windows\system32\SET47B.tmp
c:\windows\system32\SET481.tmp
c:\windows\system32\SET484.tmp
c:\windows\system32\SET488.tmp
c:\windows\system32\SET487.tmp
c:\windows\system32\SET47C.tmp
c:\windows\system32\SET48C.tmp
c:\windows\system32\SET497.tmp
c:\windows\system32\SET486.tmp
c:\windows\system32\SET47E.tmp
c:\windows\system32\SET48A.tmp
c:\windows\system32\SET47F.tmp
c:\windows\system32\SET499.tmp
c:\windows\system32\SET493.tmp
c:\windows\system32\SET494.tmp
c:\windows\system32\SET490.tmp
c:\windows\system32\SET492.tmp
c:\windows\system32\SET49A.tmp
c:\windows\system32\SET495.tmp
c:\windows\system32\SET489.tmp
c:\windows\Help\SET472.tmp
c:\windows\Help\SET475.tmp
c:\windows\Help\SET474.tmp
c:\windows\Help\SET473.tmp

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[CZechBoY]

ComboFix 09-05-07.03 - CZechBoY 07.05.2009 20:31.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1916.1454 [GMT 2:00]
Spuštěný z: c:\documents and settings\CZechBoY\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\CZechBoY\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
FW: Avira Firewall *disabled*

FILE ::
c:\windows\Help\SET472.tmp
c:\windows\Help\SET473.tmp
c:\windows\Help\SET474.tmp
c:\windows\Help\SET475.tmp
c:\windows\inf\SET476.tmp
c:\windows\system32\SET47B.tmp
c:\windows\system32\SET47C.tmp
c:\windows\system32\SET47D.tmp
c:\windows\system32\SET47E.tmp
c:\windows\system32\SET47F.tmp
c:\windows\system32\SET480.tmp
c:\windows\system32\SET481.tmp
c:\windows\system32\SET482.tmp
c:\windows\system32\SET483.tmp
c:\windows\system32\SET484.tmp
c:\windows\system32\SET485.tmp
c:\windows\system32\SET486.tmp
c:\windows\system32\SET487.tmp
c:\windows\system32\SET488.tmp
c:\windows\system32\SET489.tmp
c:\windows\system32\SET48A.tmp
c:\windows\system32\SET48B.tmp
c:\windows\system32\SET48C.tmp
c:\windows\system32\SET48D.tmp
c:\windows\system32\SET48E.tmp
c:\windows\system32\SET48F.tmp
c:\windows\system32\SET490.tmp
c:\windows\system32\SET491.tmp
c:\windows\system32\SET492.tmp
c:\windows\system32\SET493.tmp
c:\windows\system32\SET494.tmp
c:\windows\system32\SET495.tmp
c:\windows\system32\SET496.tmp
c:\windows\system32\SET497.tmp
c:\windows\system32\SET498.tmp
c:\windows\system32\SET499.tmp
c:\windows\system32\SET49A.tmp
c:\windows\system32\SET49B.tmp
c:\windows\system32\SET49C.tmp
c:\windows\system32\SET49D.tmp
c:\windows\system32\SET49E.tmp
c:\windows\system32\SET49F.tmp
c:\windows\system32\xa11423765.exe
c:\windows\system32\xa11424484.exe
c:\windows\system32\xa8464250.exe
c:\windows\system32\xa8466031.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Help\SET472.tmp
c:\windows\Help\SET473.tmp
c:\windows\Help\SET474.tmp
c:\windows\Help\SET475.tmp
c:\windows\inf\SET476.tmp
c:\windows\system32\SET47B.tmp
c:\windows\system32\SET47C.tmp
c:\windows\system32\SET47D.tmp
c:\windows\system32\SET47E.tmp
c:\windows\system32\SET47F.tmp
c:\windows\system32\SET480.tmp
c:\windows\system32\SET481.tmp
c:\windows\system32\SET482.tmp
c:\windows\system32\SET483.tmp
c:\windows\system32\SET484.tmp
c:\windows\system32\SET485.tmp
c:\windows\system32\SET486.tmp
c:\windows\system32\SET487.tmp
c:\windows\system32\SET488.tmp
c:\windows\system32\SET489.tmp
c:\windows\system32\SET48A.tmp
c:\windows\system32\SET48B.tmp
c:\windows\system32\SET48C.tmp
c:\windows\system32\SET48D.tmp
c:\windows\system32\SET48E.tmp
c:\windows\system32\SET48F.tmp
c:\windows\system32\SET490.tmp
c:\windows\system32\SET491.tmp
c:\windows\system32\SET492.tmp
c:\windows\system32\SET493.tmp
c:\windows\system32\SET494.tmp
c:\windows\system32\SET495.tmp
c:\windows\system32\SET496.tmp
c:\windows\system32\SET497.tmp
c:\windows\system32\SET498.tmp
c:\windows\system32\SET499.tmp
c:\windows\system32\SET49A.tmp
c:\windows\system32\SET49B.tmp
c:\windows\system32\SET49C.tmp
c:\windows\system32\SET49D.tmp
c:\windows\system32\SET49E.tmp
c:\windows\system32\SET49F.tmp
c:\windows\system32\xa11423765.exe
c:\windows\system32\xa11424484.exe
c:\windows\system32\xa8464250.exe
c:\windows\system32\xa8466031.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-07 do 2009-05-07 )))))))))))))))))))))))))))))))
.

2009-05-07 16:13 . 2008-04-13 22:09 5504 -c--a-w c:\windows\system32\dllcache\mstee.sys
2009-05-07 16:13 . 2008-04-13 22:09 5504 ----a-w c:\windows\system32\drivers\MSTEE.sys
2009-05-07 16:13 . 2008-04-13 22:16 10880 -c--a-w c:\windows\system32\dllcache\ndisip.sys
2009-05-07 16:13 . 2008-04-13 22:16 10880 ----a-w c:\windows\system32\drivers\NdisIP.sys
2009-05-07 16:13 . 2008-04-13 22:16 15232 -c--a-w c:\windows\system32\dllcache\streamip.sys
2009-05-07 16:13 . 2008-04-13 22:16 15232 ----a-w c:\windows\system32\drivers\StreamIP.sys
2009-05-07 16:13 . 2008-04-13 22:16 11136 -c--a-w c:\windows\system32\dllcache\slip.sys
2009-05-07 16:13 . 2008-04-13 22:16 11136 ----a-w c:\windows\system32\drivers\SLIP.sys
2009-05-07 16:13 . 2008-04-13 22:16 19200 -c--a-w c:\windows\system32\dllcache\wstcodec.sys
2009-05-07 16:13 . 2008-04-13 22:16 19200 ----a-w c:\windows\system32\drivers\WSTCODEC.SYS
2009-05-07 16:13 . 2008-04-13 22:16 85248 -c--a-w c:\windows\system32\dllcache\nabtsfec.sys
2009-05-07 16:13 . 2008-04-13 22:16 85248 ----a-w c:\windows\system32\drivers\NABTSFEC.sys
2009-05-07 16:12 . 2008-04-13 22:16 17024 -c--a-w c:\windows\system32\dllcache\ccdecode.sys
2009-05-07 16:12 . 2008-04-13 22:16 17024 ----a-w c:\windows\system32\drivers\CCDECODE.sys
2009-05-07 16:12 . 2008-04-14 06:52 54272 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll
2009-05-07 16:12 . 2008-04-14 06:52 54272 ----a-w c:\windows\system32\vfwwdm32.dll
2009-05-07 16:12 . 2007-10-12 02:00 490008 ----a-w c:\windows\system32\LVUI2.dll
2009-05-07 16:12 . 2007-10-12 01:57 195096 ----a-w c:\windows\system32\lvci1150.dll
2009-05-07 16:12 . 2007-10-12 01:57 416280 ----a-w c:\windows\system32\lvcodec2.dll
2009-05-07 16:12 . 2007-10-12 02:00 465432 ----a-w c:\windows\system32\LVUI2RC.dll
2009-05-07 16:12 . 2007-10-12 02:00 41752 ----a-w c:\windows\system32\drivers\LVUSBSta.sys
2009-05-07 16:12 . 2007-10-12 01:18 21138 ----a-w c:\windows\system32\Repository.reg
2009-05-07 16:12 . 2007-10-12 01:56 490776 ----a-w c:\windows\system32\drivers\LV561AV.SYS
2009-05-07 16:11 . 2009-05-07 16:20 -------- d-----w c:\program files\Common Files\LogiShrd
2009-05-07 16:00 . 2009-05-07 16:01 -------- d-----w c:\program files\Common Files\Logitech
2009-05-07 16:00 . 2009-05-07 16:00 -------- d-----w c:\program files\Windows Media Components
2009-05-07 16:00 . 2009-05-07 16:04 -------- d--h--w c:\windows\msdownld.tmp
2009-05-07 15:59 . 2009-05-07 16:20 -------- d-----w c:\program files\Logitech
2009-05-06 13:41 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-06 13:41 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 13:41 . 2009-05-06 13:41 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-02 08:00 . 2009-05-02 08:10 -------- d-----w c:\program files\Microsoft Bootvis
2009-05-01 17:18 . 2009-05-01 17:19 -------- d-----w c:\program files\PF Auto-Typer
2009-04-30 15:56 . 2008-04-17 10:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-30 15:56 . 2009-03-19 14:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-30 15:55 . 2009-04-30 15:55 -------- d-----w c:\program files\iPod
2009-04-30 15:55 . 2009-04-30 15:56 -------- d-----w c:\program files\iTunes
2009-04-30 15:55 . 2009-04-30 15:55 -------- d-----w c:\program files\QuickTime
2009-04-30 15:55 . 2009-04-30 15:55 -------- d-----w c:\program files\Apple Software Update
2009-04-30 15:54 . 2009-04-30 15:55 -------- d-----w c:\program files\Common Files\Apple
2009-04-29 17:37 . 2002-06-06 12:38 139264 ----a-w c:\windows\system32\eax.dll
2009-04-29 17:37 . 2009-04-29 17:37 -------- d-----w c:\program files\Creative
2009-04-29 15:57 . 2009-04-29 15:57 -------- d-----w c:\program files\Hex Workshop v6
2009-04-29 14:39 . 2009-04-29 14:39 -------- d-----w c:\program files\Common Files\EZB Systems
2009-04-29 14:39 . 2009-04-29 14:39 -------- d-----w c:\program files\UltraISO
2009-04-29 14:31 . 2009-04-29 14:31 -------- d-----w c:\program files\Burn4Free
2009-04-29 14:15 . 2009-04-29 16:30 319488 ----a-r c:\windows\system32\MafiaSetup.exe
2009-04-29 14:11 . 2008-04-14 06:51 82432 ----a-w c:\windows\system32\CNBJMON2.DLL
2009-04-28 17:05 . 2008-10-16 12:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-28 17:05 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-28 13:55 . 2009-04-28 13:55 -------- d-sh--w C:\$RECYCLE.BIN
2009-04-28 13:16 . 2009-04-28 14:21 -------- d-sh--w C:\Boot
2009-04-28 12:18 . 2009-04-28 12:18 -------- d-----w c:\program files\VideoLAN
2009-04-28 11:49 . 2009-04-28 12:57 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-27 16:03 . 2009-04-27 16:04 -------- d-----w c:\program files\MediaCoder
2009-04-27 14:42 . 2009-04-28 11:53 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-24 17:09 . 2009-05-05 12:10 -------- d-----w C:\Fraps
2009-04-24 16:54 . 2006-11-29 11:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-04-24 16:02 . 1998-10-29 14:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-24 16:02 . 2009-04-24 16:02 -------- d-----w c:\documents and settings\CZechBoY\WINDOWS
2009-04-23 19:36 . 2009-04-23 19:36 -------- d-----w c:\program files\Web Publish
2009-04-23 15:45 . 2009-04-27 13:46 97480 ----a-w c:\windows\system32\drivers\avfwot.sys
2009-04-23 15:45 . 2009-02-24 10:06 69632 ----a-w c:\windows\system32\drivers\avfwim.sys
2009-04-23 14:09 . 2009-04-23 14:09 -------- d-----w c:\program files\Desktop Sidebar
2009-04-22 19:23 . 2009-02-20 17:13 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-22 19:23 . 2009-02-20 17:13 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll
2009-04-22 19:23 . 2009-02-20 10:20 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
2009-04-22 19:23 . 2009-02-20 17:13 268288 -c----w c:\windows\system32\dllcache\iertutil.dll
2009-04-22 19:23 . 2009-02-20 17:13 6066176 -c----w c:\windows\system32\dllcache\ieframe.dll
2009-04-22 19:23 . 2008-07-09 14:25 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
2009-04-22 19:23 . 2009-02-20 17:13 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
2009-04-22 19:23 . 2009-02-20 17:13 63488 -c----w c:\windows\system32\dllcache\icardie.dll
2009-04-22 15:08 . 2009-04-22 15:06 737280 ----a-w c:\windows\iun6002.exe
2009-04-22 15:08 . 2009-04-22 15:08 -------- d-----w c:\program files\Codec Pack - All In 1
2009-04-22 14:30 . 2009-05-07 18:36 -------- d-----w c:\windows\system32\CatRoot2
2009-04-22 14:21 . 2009-04-22 14:22 -------- d-----w c:\program files\3DMark2001 SE
2009-04-22 13:52 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-22 13:52 . 2009-02-09 11:26 2191232 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-22 13:52 . 2009-03-06 14:23 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-22 13:52 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-22 13:52 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-22 13:52 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-22 13:52 . 2009-02-09 10:56 684032 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-22 13:52 . 2009-02-09 10:56 728064 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-22 13:52 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-22 13:52 . 2009-02-09 10:56 709632 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-22 13:52 . 2009-02-09 11:26 2147328 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-22 13:52 . 2009-02-09 11:26 2025984 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-21 19:17 . 2009-05-05 15:10 -------- d-----w c:\windows\system32\oodag
2009-04-21 17:18 . 2009-04-21 17:18 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-21 17:18 . 2009-04-21 17:18 -------- d-----w c:\windows\system32\drivers\UMDF
2009-04-21 17:18 . 2009-05-02 08:09 -------- d-----w c:\windows\system32\LogFiles
2009-04-21 17:00 . 2009-04-21 17:01 -------- d-----w c:\program files\Scorpions WinCheater
2009-04-21 16:59 . 2009-04-23 18:18 -------- d-----w c:\program files\OO Software
2009-04-21 16:38 . 2009-04-21 16:38 -------- d-----w c:\program files\Lavalys
2009-04-21 16:36 . 2006-10-26 17:58 30512 ----a-w c:\windows\system32\mdimon.dll
2009-04-21 16:36 . 2009-04-21 16:36 -------- d-----w c:\program files\Microsoft Works
2009-04-21 16:33 . 2009-04-21 16:35 -------- d-----w c:\windows\SHELLNEW
2009-04-21 16:33 . 2009-04-21 16:33 -------- d--h--r C:\MSOCache
2009-04-21 15:12 . 2009-04-27 13:46 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-21 15:12 . 2009-04-21 15:12 -------- d-----w c:\program files\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 18:36 . 2009-04-21 12:45 16608 ----a-w c:\windows\gdrv.sys
2009-05-07 16:09 . 2009-04-21 12:46 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-02 08:10 . 2001-10-25 12:00 46196 ----a-w c:\windows\system32\perfc005.dat
2009-05-02 08:10 . 2001-10-25 12:00 309990 ----a-w c:\windows\system32\perfh005.dat
2009-04-24 16:11 . 2009-04-21 13:53 -------- d-----w c:\program files\CamStudio
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w c:\windows\java\Packages\Data\O0MHBX3F.DAT
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w c:\windows\java\Packages\Data\YA7HBZR7.DAT
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w c:\windows\java\Packages\Data\K7RFZZFP.DAT
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w c:\windows\java\Packages\Data\4PBV3NR5.DAT
2009-04-23 16:19 . 2001-10-25 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-22 14:21 . 2009-04-21 12:46 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-21 14:45 . 2009-04-21 14:45 -------- d-----r c:\program files\Skype
2009-04-21 14:32 . 2009-04-21 14:32 -------- d-----w c:\program files\CCleaner
2009-04-21 13:58 . 2009-04-21 13:54 -------- d-----w c:\program files\QIP Infium
2009-04-21 13:53 . 2009-04-21 13:53 -------- d-----w c:\program files\Opera
2009-04-21 13:39 . 2009-04-21 12:35 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-21 12:54 . 2009-04-21 12:50 -------- d-----w c:\program files\Realtek
2009-04-21 12:50 . 2009-04-21 12:50 319488 ----a-w c:\windows\HideWin.exe
2009-04-21 12:46 . 2009-04-21 12:46 -------- d-----w c:\program files\Intel
2009-04-21 12:46 . 2009-04-21 12:46 -------- d-----w c:\program files\GIGABYTE
2009-04-21 12:35 . 2009-04-21 12:35 -------- d-----w c:\program files\microsoft frontpage
2009-04-21 12:33 . 2009-04-21 12:33 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-07 23:41 . 2009-04-07 23:41 1316096 ----a-w c:\windows\system32\ooscrsav.scr
2009-04-07 23:41 . 2009-04-07 23:41 730368 ----a-w c:\windows\system32\oodsvct.exe
2009-04-07 23:40 . 2009-04-07 23:40 1377536 ----a-w c:\windows\system32\oodag.exe
2009-04-07 23:39 . 2009-04-07 23:39 2553088 ----a-w c:\windows\system32\oodtray.exe
2009-04-07 23:39 . 2009-04-07 23:39 194816 ----a-w c:\windows\system32\oodbs.exe
2009-04-07 23:35 . 2009-04-07 23:35 951552 ----a-w c:\windows\system32\oodtrrs.dll
2009-04-07 23:35 . 2009-04-07 23:35 541952 ----a-w c:\windows\system32\oodssrs.dll
2009-04-07 23:34 . 2009-04-07 23:34 9984 ----a-w c:\windows\system32\oodbsrs.dll
2009-04-07 23:34 . 2009-04-07 23:34 8448 ----a-w c:\windows\system32\OODAGRS.DLL
2009-04-07 23:34 . 2009-04-07 23:34 15616 ----a-w c:\windows\system32\OODAGMG.DLL
2009-04-07 12:59 . 2009-04-07 12:59 15104 ----a-w c:\windows\system32\ootmapi.dll
2009-03-16 12:18 . 2009-04-24 16:55 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-24 16:55 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-24 16:55 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-24 16:55 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 13:27 . 2009-04-24 16:55 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-04-24 16:55 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 13:27 . 2009-04-24 16:55 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-06 14:23 . 2004-08-17 13:49 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2004-08-17 13:49 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-23 18:05 . 2009-02-23 18:05 37896 ----a-w c:\windows\system32\drivers\oobctm.sys
2009-02-20 17:13 . 2007-08-13 16:45 78336 ------w c:\windows\system32\ieencode.dll
2009-02-09 14:07 . 2004-08-17 13:44 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:26 . 2004-08-17 15:45 2025984 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:26 . 2004-08-17 13:45 2147328 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2004-08-17 13:49 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2004-08-17 13:49 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2004-08-17 13:49 728064 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2004-08-17 13:49 684032 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2004-08-17 13:48 709632 ----a-w c:\windows\system32\ntdll.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-07_05.02.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-07 18:36 . 2009-05-07 18:36 16384 c:\windows\Temp\Perflib_Perfdata_3ec.dat
+ 2009-05-07 18:36 . 2009-05-07 18:36 16384 c:\windows\Temp\Perflib_Perfdata_2c0.dat
+ 2001-05-01 15:04 . 2001-05-01 15:04 66048 c:\windows\system32\WMErrENU.dll
+ 2002-12-10 15:47 . 2002-12-10 15:47 78336 c:\windows\system32\LFFAX12n.DLL
+ 2002-12-10 15:47 . 2002-12-10 15:47 36864 c:\windows\system32\lfbmp12n.dll
+ 2009-05-07 16:12 . 2007-10-12 02:00 41752 c:\windows\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\LVUSBSta.sys
+ 2009-05-07 16:12 . 2007-10-12 02:00 41752 c:\windows\system32\DRVSTORE\lvPRO5s_FF147DEF58280327E126F11A9918B00DAAF40F64\LVUSBSta.sys
+ 2009-05-07 16:12 . 2007-10-12 02:00 66456 c:\windows\system32\DRVSTORE\lvPRO5s_FF147DEF58280327E126F11A9918B00DAAF40F64\lvselsus.sys
+ 2009-05-07 16:12 . 2007-10-12 02:01 23832 c:\windows\system32\DRVSTORE\lvPRO5c_F4502E86C545666FAEEA2E5BC0ECF142B1B952DA\lvuvcflt.sys
+ 2009-05-07 16:12 . 2007-10-12 02:00 41752 c:\windows\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\LVUSBSta.sys
+ 2009-05-07 16:12 . 2007-10-12 02:00 41752 c:\windows\system32\DRVSTORE\lvPEPI2s_62F19BA954DED83DBA6DF160C36D5918D3EEA33F\LVUSBSta.sys
+ 2009-05-07 16:12 . 2007-10-12 01:55 13848 c:\windows\system32\DRVSTORE\lvPEPI2s_62F19BA954DED83DBA6DF160C36D5918D3EEA33F\lv302af.sys
+ 2009-05-07 16:12 . 2007-10-12 02:00 41752 c:\windows\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\LVUSBSta.sys
+ 2008-12-16 19:58 . 2008-12-16 19:58 25624 c:\windows\system32\drivers\LVPr2Mon.sys
+ 2008-12-16 19:50 . 2008-12-16 19:50 13584 c:\windows\system32\drivers\iKeyLgFT.dll
+ 2001-03-02 18:52 . 2001-03-02 18:52 15360 c:\windows\system32\asfsipc.dll
+ 2009-05-07 16:20 . 2009-05-07 16:20 57344 c:\windows\Installer\{937B232D-9776-471E-92BD-D424E514EF14}\QuickCamStartMenuS_65895B9BA1A04BCBAB7BF5673B44A0E4.exe
+ 2009-05-07 16:20 . 2009-05-07 16:20 57344 c:\windows\Installer\{937B232D-9776-471E-92BD-D424E514EF14}\QuickCamDesktopSho_C0678C37AA5341A4BE4781BAF94DE0CC.exe
+ 2009-05-07 16:20 . 2009-05-07 16:20 57344 c:\windows\Installer\{937B232D-9776-471E-92BD-D424E514EF14}\ARPPRODUCTICON.exe
+ 2009-04-21 16:36 . 2009-05-07 16:58 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-04-21 16:36 . 2009-05-06 12:37 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-04-21 16:36 . 2009-05-06 12:37 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-04-21 16:36 . 2009-05-07 16:58 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-04-21 16:36 . 2009-05-06 12:37 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-21 16:36 . 2009-05-07 16:58 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2001-03-02 18:52 . 2001-03-02 18:52 8704 c:\windows\system32\npwmsdrm.dll
+ 2009-05-07 16:12 . 2007-10-12 02:01 236056 c:\windows\twain_32\QuickCam\lvWIAext.dll
+ 2001-05-09 14:50 . 2001-05-09 14:50 446464 c:\windows\system32\wmvdmoe.dll
+ 2001-05-09 14:47 . 2001-05-09 14:47 466944 c:\windows\system32\wmv8dmoe.dll
+ 2001-05-09 15:40 . 2001-05-09 15:40 309584 c:\windows\system32\wmv8dmod.dll
+ 2007-10-21 16:51 . 2007-10-21 16:51 323624 c:\windows\system32\wiaaut.dll
+ 2002-12-10 15:47 . 2002-12-10 15:47 205824 c:\windows\system32\Lvkrn12n.dll
+ 2002-12-10 15:47 . 2002-12-10 15:47 854528 c:\windows\system32\Ltwvc12n.dll
+ 2002-12-10 15:47 . 2002-12-10 15:47 406016 c:\windows\system32\ltkrn12n.dll
+ 2002-12-10 15:47 . 2002-12-10 15:47 166400 c:\windows\system32\ltimg12n.dll
+ 2002-12-10 15:47 . 2002-12-10 15:47 121344 c:\windows\system32\ltfil12n.DLL
+ 2002-12-10 15:47 . 2002-12-10 15:47 227840 c:\windows\system32\ltefx12n.dll
+ 2002-12-10 15:47 . 2002-12-10 15:47 279040 c:\windows\system32\LTDIS12n.dll
+ 2002-12-10 15:47 . 2002-12-10 15:47 155648 c:\windows\system32\lftif12n.dll
+ 2002-12-10 15:47 . 2002-12-10 15:47 314368 c:\windows\system32\LFCMP12n.DLL
+ 2009-05-07 16:12 . 2007-10-12 02:03 439568 c:\windows\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\WUApp32.exe
+ 2009-05-07 16:12 . 2007-10-12 02:01 236056 c:\windows\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\lvWIAext.dll
+ 2009-05-07 16:12 . 2007-10-12 02:00 465432 c:\windows\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\LVUI2RC.dll
+ 2009-05-07 16:12 . 2007-10-12 02:00 490008 c:\windows\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\LVUI2.dll
+ 2009-05-07 16:12 . 2007-10-12 01:57 195096 c:\windows\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\lvcoinst.dll
+ 2009-05-07 16:12 . 2007-10-12 01:57 416280 c:\windows\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\lvcodec2.dll
+ 2009-05-07 16:12 . 2007-10-12 02:03 439568 c:\windows\system32\DRVSTORE\lvPRO5s_FF147DEF58280327E126F11A9918B00DAAF40F64\WUApp32.exe
+ 2009-05-07 16:12 . 2007-10-12 01:57 195096 c:\windows\system32\DRVSTORE\lvPRO5s_FF147DEF58280327E126F11A9918B00DAAF40F64\lvcoinst.dll
+ 2009-05-07 16:12 . 2007-10-12 02:03 439568 c:\windows\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\WUApp32.exe
+ 2009-05-07 16:12 . 2007-10-12 02:01 236056 c:\windows\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\lvWIAext.dll
+ 2009-05-07 16:12 . 2007-10-12 02:00 465432 c:\windows\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\LVUI2RC.dll
+ 2009-05-07 16:12 . 2007-10-12 02:00 490008 c:\windows\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\LVUI2.dll
+ 2009-05-07 16:12 . 2007-10-12 01:57 195096 c:\windows\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\lvcoinst.dll
+ 2009-05-07 16:12 . 2007-10-12 01:57 416280 c:\windows\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\lvcodec2.dll
+ 2009-05-07 16:12 . 2007-10-12 02:03 439568 c:\windows\system32\DRVSTORE\lvPEPI2s_62F19BA954DED83DBA6DF160C36D5918D3EEA33F\WUApp32.exe
+ 2009-05-07 16:12 . 2007-10-12 01:57 195096 c:\windows\system32\DRVSTORE\lvPEPI2s_62F19BA954DED83DBA6DF160C36D5918D3EEA33F\lvcoinst.dll
+ 2009-05-07 16:12 . 2007-10-12 02:03 439568 c:\windows\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\WUApp32.exe
+ 2009-05-07 16:12 . 2007-10-12 02:01 236056 c:\windows\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\lvWIAext.dll
+ 2009-05-07 16:12 . 2007-10-12 02:00 465432 c:\windows\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\LVUI2RC.dll
+ 2009-05-07 16:12 . 2007-10-12 02:00 490008 c:\windows\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\LVUI2.dll
+ 2009-05-07 16:12 . 2007-10-12 01:57 195096 c:\windows\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\lvcoinst.dll
+ 2009-05-07 16:12 . 2007-10-12 01:57 416280 c:\windows\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\lvcodec2.dll
+ 2009-05-07 16:12 . 2007-10-12 01:56 490776 c:\windows\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\LV561AV.sys
+ 2007-10-21 16:38 . 2007-10-21 16:38 516832 c:\windows\system32\capicom.dll
- 2009-04-21 16:36 . 2009-05-06 12:37 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-04-21 16:36 . 2009-05-07 16:58 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-04-21 16:36 . 2009-05-06 12:37 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-04-21 16:36 . 2009-05-07 16:58 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-04-21 16:36 . 2009-05-07 16:58 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-04-21 16:36 . 2009-05-06 12:37 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-04-21 16:36 . 2009-05-06 12:37 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-04-21 16:36 . 2009-05-07 16:58 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-04-21 16:36 . 2009-05-06 12:37 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-04-21 16:36 . 2009-05-07 16:58 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-04-21 16:36 . 2009-05-06 12:37 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-04-21 16:36 . 2009-05-07 16:58 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-04-21 16:36 . 2009-05-06 12:37 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-04-21 16:36 . 2009-05-07 16:58 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-05-07 16:12 . 2007-10-12 02:00 3647384 c:\windows\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\lvuvc.sys
+ 2009-05-07 16:12 . 2007-10-12 02:00 2091800 c:\windows\system32\DRVSTORE\lvPRO5s_FF147DEF58280327E126F11A9918B00DAAF40F64\lvrs.sys
+ 2009-05-07 16:12 . 2007-10-12 01:59 1920920 c:\windows\system32\DRVSTORE\lvPRO5s_FF147DEF58280327E126F11A9918B00DAAF40F64\lvpopflt.sys
+ 2009-05-07 16:12 . 2007-10-12 01:55 1279000 c:\windows\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\LV302V32.SYS
+ 2009-04-21 16:36 . 2009-05-07 16:58 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-04-21 16:36 . 2009-05-06 12:37 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-04-21 16:36 . 2009-05-06 12:37 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-04-21 16:36 . 2009-05-07 16:58 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SIDEBAR"="c:\program files\Desktop Sidebar\dsidebar.exe" [2006-07-09 1777664]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-03-25 5245440]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-04-30 1562352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-04-07 2553088]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ooccctrl.exe"="c:\program files\OO Software\CleverCache\ooccctrl.exe" [2007-02-23 1911568]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-23 16804864]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Strong DC++(2.22)\\StrongDC.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [23.4.2009 17:45 97480]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [23.4.2009 17:45 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [23.4.2009 17:45 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23.4.2009 17:45 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [23.4.2009 17:45 432897]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [21.4.2009 14:46 80392]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [23.4.2009 17:45 69632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [21.4.2009 14:50 110080]
R3 OOTextMode;OOTextMode;c:\windows\system32\drivers\oobctm.sys [23.2.2009 20:05 37896]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [3.8.2004 23:04 69120]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - LVPR2MON
.
Obsah adresáře 'Naplánované úlohy'

2009-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {C641B42D-570A-40CD-B895-55D9E003CC32} = 192.168.15.1,192.168.68.16
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 20:36
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="C4E8AF421ACD75288B413D803115FA77A9CFCAE715ABC3F3A1B008DADA25A86C0E1103ED0A01C0BBEE341D02E17D076758FC5DE65B6B48CEDB1D7D130C986269D4B9DDE9D14F5897793A3296CCDE2E7BBF9195E92FB29EEE14A7D8D8D57F187959C732FE3A7E8C67FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3DC46B416062B85E065813F6595B9430474C8258C9C90EF84201F9A11F0C0EF8BF8FD14CD272F22921546EC0EC3042157140C5489B16FA71047EEBD8D820E99121EA3AADA0D09829435281AD3C5EC5D9698A492610AC709476D326CF0CA0724B98911A2C98B3AB704EC9082B2566B846F27FB3A238FB4402DD50571A9B0759BA8D6F48DF0E4155A96BE4A0F40C3EDEB995A60C41A7676FECC2F892A16C437006A8267F385696620F8301D120D9CF1CA31E3A415BF743919972854CA168B82D68590CDEF5CD44C0F0C7B18312F777F88A1C2C249AC55AE9E27E6360ABFDBCACB1D1A96BAFD0CC06B5A93D028658842307E31EEB01306B61383DB38D261D9DACC4873E0B4E43296954E19E7D0BEC3E69478D682FDFDC27FE9AC5C874463D96909934390A8F0DC546586B838A84AD5C438A75966DDFF4B3F2A1762D9D1C565DDE3AD7C1970697019DE2044EA127968DC8A83C6708FD252C8EF5F09D72876797C246B130C717D0B192A830169E7F28EFB709454FC1089C1E47D51988403CF0610BF14B92907C2C9C6D713626C36B641CEEA93875C724128A379597143BC3F948AB84EC2B4D442180999822FBB29DD297741B83B525483C681C9A5B18F87B8A503958246EBE4F290CA711C1C9F49E0262F084D39ECBC05922D7DD15A27493B1716F5C4407085542E3CADBA97778C67E6B321D21F3112CA91570EE39720B9001152F956350AFDDF11E5B13311E8BC6DC98A734212EAE01F014106F81FB004B0D9A781ADADD22C73B495563F10DE32035C3E729CF784105F76405966A6879F17055F4154A75ADC32C65590B4B4798A9A238A971EEB24B548C40BF2DB5158103488BEC45120E075A516529E06182A78F45B74C97026F31DEFED4571369110753B679510059D745623DB02ECB9BA8F04FC0784E3750F6BCE82346853ACCA2DB8EE1CE342A8933E20B87A3F4C7A35AB7BBBCA1D68467C39C0952A8A7286DBF38AFF0AB4BC152363F564B102BE5E968A57C64512E411686DFACE906C0F69D17B30694A9F3D3252A1F99A5B7A74A2259478B679740C871A2FC91C85EF456F1894FB8FCD22C03370CA87E3AD3602C41E78C387AFA9E07D0AECE4D5421100743A9EA3F60A61689838D68822F8F7059838349245473FD7F517790C675377FE02F404F67F618F8304815CCF7300C1A3268"
"OOCC06.00.00.01WSSV"="6C01661F7868FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D6794232A45B10212E22B28DA944CA1693FDCE89AB210C829B3EBF1F20DA53ADB2B6A0F777AC419B81E14A04D34CB25ED33EAC2BA21E44C792E6640C6EB3C7D13B1B455F36BCA61AC500248F85BA54DF16AE0CB9AE66B91EEE231AE8A7EB51C321AA06CDA82235C88C3B97281B8EA05CB848453691806173A63302E946064BE5E0A55FD4E7F317F8F54C227F251AFB0F6B2DDDE3A9E1A49AD598D5E9E7D9D00E5BF3E6A51765E33257469A1B7FA0D258EBBB9A78135918D3F7DB8164A983DF1378A8AC1CC4A9354D2A83DCFA2649FACD6792A191B6FD9398BA063DD1AC6A297E64FAC4D0DB9C2B4448B9357E98A8705B4D905D346AF6417502503F2F5F12EE72C84DC054252DE184C49038FA4C269E031E0E12DA230A767F004D148A8D8495164B896990175DEB95FA36902D2346E67FB231F2DB9FC1CDBF347CF01E10CDCB18E8B97EB415BBEC395EE66F0D35AC32FE54B5D10F276409D848D3CF8B4F1D6DD4E31E314600E7FD92C155DCE6E869849651881471FD215C4710B20BD9944AB9EEBF1C1DA9D6D238F051476C1CBDA23B614DAB476709921E2AE0743106A10D0ADD22ABDBF9FABB0EDA27C2027F8CF9AEDAFFB64F5FBA7EC79D05CB4646739C23E93C826F5EB4E37F23072078D6731BCD71AF24252BCAE070014FA4765B4F27DF161D30EE1EFB1C18EF93222396C9E495359CF42CD1132816258659071D74886E194634CA07D8468267006A821C18B063297B41FDABB8CF07E9EB36A183E97E09929237D00C6C8BF1329D095F004403BBAA2D7D3A3E2E8EF278F90732035911B98BFD30080E55664A2DB08AA87B55935A6EC82A30490C89AA4F3BB8D8372BB41D49AC876DAD656F594E633EBF93BC3C4248A94938BB38194B13D875FEE0CF166B4226BC8F979C9199FC9F1208EDEC6BD5538FE6B7F9E3B81FBFBDCD1437C5F2294633721791201F36B2BF354C04D787A50D0C838D888728CA8E8359417A5878EC48CBD6F2FC9A43315D27E5A411944D59E588C4CC389F7E3CC5E219934C8BE4A8973A1E79F2DAD85AEAD6CC372366A323F73F6BC20A1723774DA4395978EB078990F9C7F86AB6D1FBC4C2969ECFEFE73236D4C62843457BD9D81D2847381593E23F97971519A84B8B764B6E77A306902B033615A3786F5AF3D191C232C910D4844F599BE23B16A0C8CCE2B1F1CEBE5CA42D6218635C1EE4C390DFC74DB126EC311E6F02AD18D6A599D872EB305B7033EA50D0A8A3076B5D3EC6BE93ECF3BF7E39253083969AF23E43F307E8D1DFAA5519C322DCF0C16938D2667E90B0AA679DFC468F939277A0776BA8D6C58FE06"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1132)
c:\program files\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(4392)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\oodag.exe
c:\program files\OO Software\CleverCache\ooccag.exe
.
**************************************************************************
.
Celkový čas: 2009-05-07 20:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-05-07 18:37
ComboFix2.txt 2009-05-07 05:03

Před spuštěním: 9 418 018 816
Po spuštění: 9 293 885 440

453 --- E O F --- 2009-04-28 19:45



už mě nebaví pořád nastavovat skrývání neaktivních ikon

[Damned]

Abych pravdu řekl, já tam nevidím už nějaký problém.

[CZechBoY]

Takže hotovo ? Dobře no, neznáš nějakj program, kterej umí nějak zrychlit boot Win XP ? mě to přejíždí 18× ten modrej pruh, to se nedá... Na dvoujádrovým procáku takhle dlouhý načítání :(

[Damned]

Já mám Advanced SystemCare, WINASO, a Wise Registry Cleaner Pro. Každej z nich nějak optimalizuje spouštění. Momentálně mám nastavení z WINASO.
Záleží co chceš aby se při spuštění WIN spouštělo

[CZechBoY]

Já myslim ale ten loading Windows jak tam projíždí mě 18× ten proužek

[Damned]

Tak to nevím.
Všechny nahoře zmíněné programy nějak optimalizují i spouštění.

[CZechBoY]

Nějakej program na to byl, na stahuj.cz to tam bylo, zkusim pohledat.
Díky za pomoc a označuji za vyřešené, snad zítra nenapíšu, že to je zase na nic :)