njn, na začátku stálo: velmi silný s automatickým smazáním - tomu se nedalo odolat
tak pro mě bude nejspíš vše kalibr
je to tak správně rsit:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Regarden at 2010-12-27 22:15:59
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 305 MB (1%) free of 40 GB
Total RAM: 2046 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:16:45, on 27.12.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Regarden.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.seznam.cz/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start
http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAAzADIAOAAzADYANAA4ADQALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAA"&"prod=90"&"ver=9.0.872
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel -
res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7D12AF4-EA2A-4658-958B-C6341D47A812}: NameServer = 192.168.1.1,82.150.180.253
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7086 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
taskeng.exe {E5CCC61C-1D41-4E14-B5E5-0A1FF914B594}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {B7C7A711-F157-415A-9AEC-E8C58BE4F443}
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\HPSIsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-c839a489-c9a0-4d33-89ec-156159a3f4ae -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-7749862d-0bb1-4381-b06f-7c9be8bc501e -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-af3b1a97-0af6-434f-a2d1-52e2bfaba750 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:35e3eae4-7a9e-4921-bb4f-d7a8126a9e10
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" -tray
"C:\Windows\ehome\ehtray.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
"C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe" /watchfiles startup
"C:\Program Files (x86)\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Windows Media Player\wmpnscfg.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe -Embedding
C:\Windows\ehome\ehsched.exe
"C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe"
C:\Windows\ehome\ehRecvr.exe
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{B57B808D-78FC-43B1-92FE-458FD32414A7}
{DD96A49B-D4A1-4D7D-99FA-020653F565C6}
{F7161CEF-B71D-4BC3-A1E8-EF71438F2B20}
splwow64
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"Taskmgr.exe"
"C:\Users\Regarden\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\WebReg .job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27 501056]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"NokiaOviSuite2"=C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-02-24 385928]
"ICQ"=C:\Program Files (x86)\ICQ7.2\ICQ.exe [2010-10-27 133432]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 138240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2010-11-17 1242448]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152]
"NokiaMServer"=C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"StartCCC"=C:\Program Files (x86)\ATI.ACE\Core-Static\CLIStart.exe [2010-07-06 98304]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start
http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA&inst=NwA3AC0ANAAzADIAOAAzADYANAA4ADQALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAA&prod=90&ver=9.0.872 []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 months======
2010-12-27 22:16:00 ----D---- C:\Program Files\trend micro
2010-12-27 22:15:59 ----D---- C:\rsit
2010-12-27 14:31:49 ----D---- C:\Program Files (x86)\Adobe
2010-12-25 13:48:28 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2010-12-25 13:48:28 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2010-12-25 13:48:28 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2010-12-25 13:48:28 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-12-25 13:48:28 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-12-25 13:48:28 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-12-25 13:48:27 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2010-12-25 13:48:27 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2010-12-25 13:48:27 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2010-12-25 13:48:27 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-12-25 13:48:27 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-12-25 13:48:27 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-12-25 13:48:26 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2010-12-25 13:48:26 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-12-25 13:48:25 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2010-12-25 13:48:25 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2010-12-25 13:48:25 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-12-25 13:48:25 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-12-25 13:48:24 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2010-12-25 13:48:24 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2010-12-25 13:48:24 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-12-25 13:48:24 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-12-25 13:48:23 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2010-12-25 13:48:23 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2010-12-25 13:48:23 ----A---- C:\Windows\system32\d3dx10_41.dll
2010-12-25 13:48:23 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2010-12-25 13:48:22 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2010-12-25 13:48:22 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-12-25 13:48:21 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2010-12-25 13:48:21 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2010-12-25 13:48:21 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2010-12-25 13:48:21 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2010-12-25 13:48:21 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-12-25 13:48:21 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-12-25 13:48:21 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-12-25 13:48:21 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-12-25 13:48:20 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2010-12-25 13:48:20 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2010-12-25 13:48:20 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-12-25 13:48:20 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-12-25 13:48:19 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2010-12-25 13:48:19 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2010-12-25 13:48:19 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2010-12-25 13:48:19 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2010-12-25 13:48:19 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-12-25 13:48:19 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-12-25 13:48:19 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-12-25 13:48:19 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-12-25 13:48:18 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2010-12-25 13:48:18 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-12-24 21:34:40 ----D---- C:\Program Files\CCleaner
2010-12-24 21:34:04 ----SHD---- C:\$RECYCLE.BIN
2010-12-24 16:58:02 ----D---- C:\Windows\temp
2010-12-24 16:58:01 ----A---- C:\ComboFix.txt
2010-12-24 16:43:05 ----A---- C:\Windows\zip.exe
2010-12-24 16:43:05 ----A---- C:\Windows\SWSC.exe
2010-12-24 16:43:05 ----A---- C:\Windows\SWREG.exe
2010-12-24 16:43:05 ----A---- C:\Windows\sed.exe
2010-12-24 16:43:05 ----A---- C:\Windows\PEV.exe
2010-12-24 16:43:05 ----A---- C:\Windows\NIRCMD.exe
2010-12-24 16:43:05 ----A---- C:\Windows\MBR.exe
2010-12-24 16:43:05 ----A---- C:\Windows\grep.exe
2010-12-24 16:42:57 ----D---- C:\Windows\ERDNT
2010-12-24 16:42:55 ----D---- C:\ComboFix
2010-12-24 16:42:28 ----A---- C:\Windows\SWXCACLS.exe
2010-12-24 16:38:17 ----D---- C:\Qoobox
2010-12-24 16:06:43 ----A---- C:\Windows\system32\drivers\pavboot64.sys
2010-12-24 16:01:52 ----D---- C:\Program Files (x86)\Panda Security
2010-12-21 23:00:08 ----D---- C:\Program Files (x86)\UIC Phoenxsoftware
2010-12-15 09:36:24 ----A---- C:\Windows\system32\win32k.sys
2010-12-15 09:36:22 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2010-12-15 09:36:22 ----A---- C:\Windows\system32\atmfd.dll
2010-12-15 09:36:21 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2010-12-15 09:36:21 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2010-12-15 09:36:21 ----A---- C:\Windows\system32\fontsub.dll
2010-12-15 09:36:21 ----A---- C:\Windows\system32\atmlib.dll
2010-12-15 09:36:10 ----A---- C:\Windows\SYSWOW64\tzres.dll
2010-12-15 09:36:10 ----A---- C:\Windows\system32\tzres.dll
2010-12-15 09:35:48 ----A---- C:\Windows\system32\consent.exe
2010-12-15 09:35:45 ----A---- C:\Windows\system32\mshtml.dll
2010-12-15 09:35:44 ----A---- C:\Windows\system32\ieframe.dll
2010-12-15 09:35:43 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2010-12-15 09:35:43 ----A---- C:\Windows\system32\mstime.dll
2010-12-15 09:35:43 ----A---- C:\Windows\system32\iertutil.dll
2010-12-15 09:35:42 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-12-15 09:35:41 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-12-15 09:35:41 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-12-15 09:35:41 ----A---- C:\Windows\SYSWOW64\ie4uinit.exe
2010-12-15 09:35:41 ----A---- C:\Windows\system32\wininet.dll
2010-12-15 09:35:40 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-12-15 09:35:40 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2010-12-15 09:35:40 ----A---- C:\Windows\system32\urlmon.dll
2010-12-15 09:35:40 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-15 09:35:40 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-15 09:35:39 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-12-15 09:35:39 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-12-15 09:35:39 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\occache.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-15 09:35:39 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\ieui.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\iepeers.dll
2010-12-15 09:35:38 ----A---- C:\Windows\system32\iesetup.dll
2010-12-15 09:35:38 ----A---- C:\Windows\system32\iernonce.dll
2010-12-15 09:35:37 ----A---- C:\Windows\SYSWOW64\occache.dll
2010-12-15 09:35:37 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2010-12-15 09:35:37 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-12-15 09:35:37 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-12-15 09:35:37 ----A---- C:\Windows\system32\ieUnatt.exe
2010-12-15 09:35:37 ----A---- C:\Windows\system32\iesysprep.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2010-12-15 09:35:36 ----A---- C:\Windows\system32\ie4uinit.exe
2010-12-15 09:35:29 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-15 09:35:29 ----A---- C:\Windows\system32\taskschd.dll
2010-12-15 09:35:29 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-15 09:35:28 ----A---- C:\Windows\SYSWOW64\taskschd.dll
2010-12-15 09:35:28 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2010-12-15 09:35:28 ----A---- C:\Windows\system32\taskeng.exe
2010-12-15 09:35:28 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-15 09:35:27 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
======List of files/folders modified in the last 1 months======
2010-12-27 22:16:28 ----D---- C:\Windows\Prefetch
2010-12-27 22:16:00 ----RD---- C:\Program Files
2010-12-27 14:34:07 ----SD---- C:\Users\Regarden\AppData\Roaming\Microsoft
2010-12-27 14:34:07 ----D---- C:\Users\Regarden\AppData\Roaming\Adobe
2010-12-27 14:32:18 ----SHD---- C:\Windows\Installer
2010-12-27 14:32:09 ----D---- C:\Config.Msi
2010-12-27 14:31:50 ----D---- C:\ProgramData\Adobe
2010-12-27 14:31:49 ----RD---- C:\Program Files (x86)
2010-12-27 14:31:20 ----D---- C:\Windows\SysWOW64
2010-12-27 14:31:10 ----SHD---- C:\System Volume Information
2010-12-27 10:02:03 ----D---- C:\Windows\System32
2010-12-27 10:02:03 ----D---- C:\Windows\inf
2010-12-27 10:02:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-27 08:49:26 ----D---- C:\Users\Regarden\AppData\Roaming\ICQ
2010-12-26 12:41:45 ----D---- C:\Users\Regarden\AppData\Roaming\Cestak
2010-12-25 21:27:07 ----D---- C:\Windows
2010-12-25 13:47:55 ----RSD---- C:\Windows\assembly
2010-12-25 08:58:41 ----D---- C:\Windows\rescache
2010-12-24 21:44:11 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-12-24 21:43:34 ----D---- C:\Windows\Debug
2010-12-24 21:34:11 ----D---- C:\download
2010-12-24 21:24:46 ----D---- C:\Windows\winsxs
2010-12-24 21:22:35 ----D---- C:\Windows\system32\drivers
2010-12-24 21:22:32 ----D---- C:\Windows\system32\catroot
2010-12-24 21:16:48 ----D---- C:\Windows\system32\catroot2
2010-12-24 16:53:29 ----A---- C:\Windows\system.ini
2010-12-24 16:49:25 ----D---- C:\Windows\SYSWOW64\drivers
2010-12-24 16:49:25 ----D---- C:\Windows\AppPatch
2010-12-24 16:49:21 ----D---- C:\Program Files\Common Files
2010-12-24 16:49:21 ----D---- C:\Program Files (x86)\Common Files
2010-12-24 16:42:08 ----D---- C:\ProgramData
2010-12-24 09:50:04 ----D---- C:\Program Files (x86)\Steam
2010-12-16 00:10:54 ----D---- C:\Program Files\Windows Mail
2010-12-16 00:10:54 ----D---- C:\Program Files (x86)\Windows Mail
2010-12-16 00:10:53 ----D---- C:\Windows\SYSWOW64\migration
2010-12-16 00:10:53 ----D---- C:\Program Files\Internet Explorer
2010-12-16 00:10:53 ----D---- C:\Program Files (x86)\Internet Explorer
2010-12-16 00:10:52 ----D---- C:\Windows\system32\migration
2010-12-16 00:10:50 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-12-16 00:10:50 ----D---- C:\Windows\system32\cs-CZ
2010-12-15 09:39:31 ----A---- C:\Windows\system32\mrt.exe
2010-12-10 22:34:55 ----D---- C:\Program Files (x86)\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2009-04-11 160744]
R0 pavboot;pavboot; C:\Windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-07-07 7195648]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-07-07 265728]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 122384]
R3 CX88VID;WinFast CX2388x AvStream Driver; C:\Windows\system32\drivers\cxavsvid.sys [2007-09-19 469248]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 275456]
R3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
R3 mvusbews;USB EWS Device; C:\Windows\System32\Drivers\mvusbews.sys [2009-10-26 20480]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2010-06-23 318568]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 108544]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-07-07 7195648]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 26112]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 115712]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 694272]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 34816]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 6144]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 11008]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 7936]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 178176]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-07-07 203264]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 27648]
R2 HPSIService;HP SI Service; C:\Windows\system32\HPSIsvc.exe [2009-11-09 126520]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 27648]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 27648]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-19 19968]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-11-18 403240]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
-----------------EOF-----------------
//jan.svoboda - Díky za připomínku k mému návodu, doplním info ke ComboFixu
Na log ještě mrknu.
