PCTuning fórum

Ahoj, prosím o kontrolu logu z Hijackthis.. je to akutní!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:27:45, on 6.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Documents and Settings\Radek\Nabídka Start\Programy\Po spuštění\ctfmon.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
F:\Anti\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\Program Files\IEPro\IEProRs.dll/easyhome.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5543 bytes

Ahoj, když je to tak akutní, tak se na to mrknem. Jak se chová počítač? Log totiž vypadá v pohodě.

před čtrnácti dny jsem reinstaloval v domnění, že vyřeším půlminutovou čekací dobu po přihlášení do systému (něco najíždí a já nevím co a to i na čistý instalaci se zakázanejma/povolenejma službama), to se nestalo...
navíc poslední dva tři dny se mi stává, že sem v nějakým okně, ono se kousne a hodí to hlášku, že musí ukončit explorer.exe... to se mi nikdy nestávalo..
a navíc ten slavnej ctfmon. i když ho zakážu (msconfig), při každým startu stejně najede..
prohlížím-li fotky (prohlížeč obrázků a faxů) a rychle listuju, dvě fotky otočím bez prodlevy a na tu třetí musím sekundu počkat!
prostě mám pomalej systém a to mně se*e!!!!

Ctfmon je legitimní část Windows a nemá cenu ho zakazovat. Vlož ještě log z ComboFixu.

Citace:
Stáhněte a uložte na plochu ComboFix.
Spusťte pod účtem s Administrátorským oprávněním, před spuštěním vypněte všechny aplikace.
Hned po startu stiskněte klávesu 1 a potvrďte Entrem.
Celá akce trvá okolo 10 minut, někdy i déle.
Nelekněte se, když Váš stroj bude restartován.
Po restartu aplikace vytvoří log, uložený na C:/Combofix.txt (Při opakovaném použití jsou logy označeny Combofix2.txt atd.), JEHO OBSAH SEM VLOŽTE.

to vím, složí k rozpoznávání jazyků. ale vždycky mi šel zakázat. a kdosi tady na fóru mi tvrdil, že pokud najíždí i přest, že ho mám zakázanýho, mám tam vira.

ComboFix 08-12-05.06 - Radek 2008-12-06 18:21:12.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1647 [GMT 1:00]
Spuštěný z: f:\anti\ComboFixl.exe
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Radek\Nabídka Start\Programy\Po spuštění\ctfmon.exe
c:\recycled\Recycled
c:\recycled\Recycled\ctfmon.exe
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-11-06 do 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-06 16:40 . 2008-12-06 16:40 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-06 16:40 . 2008-12-06 18:03 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-12-04 23:50 . 2007-03-16 08:55 266,240 --a------ c:\windows\system32\Adobe Gamma.cpl
2008-12-03 21:24 . 2008-12-03 21:24 <DIR> d-------- c:\documents and settings\Radek\Data aplikací\MiniDm
2008-12-01 15:57 . 2008-12-01 15:57 <DIR> d-------- c:\documents and settings\Milada\Data aplikací\Ulead Systems
2008-11-23 16:09 . 2008-11-23 16:09 <DIR> d-------- c:\documents and settings\Radek\Data aplikací\Apple Computer
2008-11-23 16:05 . 2008-11-23 16:37 <DIR> d-------- c:\documents and settings\Radek\Data aplikací\Ulead Systems
2008-11-23 16:04 . 2008-11-23 16:04 <DIR> d-------- C:\SmartSound Software
2008-11-23 16:04 . 2008-11-23 16:04 <DIR> d-------- c:\program files\SmartSound Software
2008-11-23 16:04 . 2008-11-23 21:01 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SmartSound Software Inc
2008-11-23 16:03 . 2008-11-23 16:03 <DIR> d-------- c:\program files\Windows Media Components
2008-11-23 16:03 . 2008-11-23 16:03 <DIR> d-------- c:\program files\QuickTime
2008-11-23 16:03 . 2008-11-23 16:03 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\InstallShield
2008-11-23 16:03 . 2008-11-23 16:03 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Apple Computer
2008-11-23 16:03 . 2008-12-02 18:35 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-23 16:03 . 2008-11-23 16:03 1,409 --a------ c:\windows\QTFont.for
2008-11-23 16:02 . 2008-11-23 16:02 <DIR> d-------- c:\program files\Ulead Systems
2008-11-23 16:02 . 2008-11-23 16:02 <DIR> d-------- c:\program files\Common Files\Ulead Systems
2008-11-23 16:02 . 2008-11-23 16:05 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Ulead Systems
2008-11-22 19:05 . 2008-11-23 20:18 69 --a------ c:\windows\NeroDigital.ini
2008-11-22 16:17 . 2008-11-22 16:17 <DIR> d-------- c:\documents and settings\Radek\Data aplikací\CyberLink
2008-11-22 16:16 . 2008-11-22 16:16 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\CyberLink
2008-11-17 10:46 . 2008-04-13 19:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-11-17 10:24 . 2008-11-17 10:24 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\FLEXnet
2008-11-17 10:21 . 2008-11-17 10:21 <DIR> d-------- c:\program files\Bonjour
2008-11-17 10:16 . 2008-11-17 10:16 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-17 10:14 . 2008-11-18 12:47 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-15 11:12 . 2008-11-15 11:12 <DIR> d-------- c:\windows\system32\cs
2008-11-15 11:12 . 2008-11-15 11:12 <DIR> d-------- c:\windows\system32\bits
2008-11-15 11:12 . 2008-11-15 11:12 <DIR> d-------- c:\windows\l2schemas
2008-11-15 11:11 . 2008-11-15 11:11 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-14 12:47 . 2008-11-15 11:12 <DIR> d-------- c:\windows\system32\cs-cz
2008-11-14 12:47 . 2008-10-03 18:26 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-14 12:47 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-14 12:47 . 2007-03-08 06:09 1,024,000 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-14 12:47 . 2008-08-26 09:26 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-14 12:47 . 2008-08-26 09:26 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-14 12:47 . 2008-08-26 09:26 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-14 12:47 . 2008-08-26 09:26 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-14 12:47 . 2008-08-26 09:26 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-14 12:47 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-12 14:55 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 21:41 . 2008-11-10 21:41 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-10 21:27 . 2008-06-14 18:35 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-10 21:27 . 2008-06-14 18:35 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-10 21:26 . 2008-09-15 16:27 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-10 21:26 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-10 21:26 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-10 21:25 . 2008-08-14 14:26 2,191,360 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-10 21:25 . 2008-08-14 14:26 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-10 21:25 . 2008-08-14 14:26 2,068,224 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-10 21:25 . 2008-08-14 14:26 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-10 21:24 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-10 21:24 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-10 21:18 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-09 22:12 . 2008-11-09 22:12 <DIR> d-------- c:\documents and settings\Radek\Data aplikací\Canon
2008-11-09 20:50 . 2004-08-17 15:49 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-09 20:50 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-09 20:50 . 2001-10-24 12:25 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-11-09 19:17 . 2008-11-08 17:17 <DIR> d-------- c:\documents and settings\Milada\Plocha
2008-11-09 19:17 . 2008-11-08 17:17 <DIR> d--h----- c:\documents and settings\Milada\Okolní tiskárny
2008-11-09 19:17 . 2008-11-08 17:17 <DIR> d--h----- c:\documents and settings\Milada\Okolní síť
2008-11-09 19:17 . 2008-12-01 15:57 <DIR> dr------- c:\documents and settings\Milada\Oblíbené položky
2008-11-09 19:17 . 2008-11-08 16:39 <DIR> d--h----- c:\documents and settings\Milada\Šablony
2008-11-09 19:17 . 2008-11-08 17:17 <DIR> dr------- c:\documents and settings\Milada\Nabídka Start
2008-11-09 19:17 . 2008-12-01 16:01 <DIR> dr------- c:\documents and settings\Milada\Dokumenty
2008-11-09 19:17 . 2008-11-09 19:17 <DIR> d-------- c:\documents and settings\Milada\Data aplikací\Logitech
2008-11-09 19:17 . 2008-12-01 15:57 <DIR> dr-h----- c:\documents and settings\Milada\Data aplikací
2008-11-09 19:17 . 2008-11-09 19:17 <DIR> d-------- c:\documents and settings\Milada
2008-11-08 18:49 . 2008-11-08 18:50 <DIR> d-------- c:\program files\Canon
2008-11-08 18:45 . 2008-11-08 18:45 <DIR> d-------- c:\program files\Common Files\Canon
2008-11-08 18:28 . 2008-11-08 18:28 <DIR> d-------- c:\program files\Zoner
2008-11-08 18:28 . 2008-11-08 18:29 <DIR> d-------- c:\documents and settings\Radek\Data aplikací\Zoner
2008-11-08 18:25 . 2008-12-05 20:48 <DIR> d-------- c:\documents and settings\Radek\Data aplikací\skypePM
2008-11-08 18:25 . 2008-11-08 18:25 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-08 18:24 . 2008-11-08 18:24 <DIR> d-------- c:\program files\Skype
2008-11-08 18:24 . 2008-11-08 18:24 <DIR> d-------- c:\program files\Common Files\Skype
2008-11-08 18:24 . 2008-12-05 23:24 <DIR> d-------- c:\documents and settings\Radek\Data aplikací\Skype
2008-11-08 18:24 . 2008-11-08 18:24 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Skype
2008-11-08 18:09 . 2008-11-08 18:23 <DIR> d-------- c:\program files\IEPro
2008-11-08 18:09 . 2008-11-08 18:51 <DIR> d-------- c:\documents and settings\Radek\Data aplikací\IEPro
2008-11-08 18:08 . 2008-11-08 18:08 <DIR> d-------- c:\program files\Opera
2008-11-08 18:06 . 2008-11-08 18:06 <DIR> d-------- c:\program files\DAEMON Tools
2008-11-08 18:05 . 2008-11-08 18:05 685,816 --a------ c:\windows\system32\drivers\sptd.sys
2008-11-08 18:00 . 2008-11-08 18:02 <DIR> d-------- c:\program files\CyberLink DVD Solution
2008-11-08 18:00 . 2008-11-08 18:00 <DIR> d-------- c:\program files\CyberLink
2008-11-08 18:00 . 2004-10-01 15:00 40,960 --a------ c:\program files\Uninstall_CDS.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 15:04 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-23 15:02 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-08 16:52 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-08 16:51 --------- d-----w c:\program files\Codec Pack - All In 1
2008-11-08 16:51 --------- d-----w c:\program files\BSPlayer
2008-11-08 16:50 737,280 ----a-w c:\windows\iun6002.exe
2008-11-08 16:49 --------- d-----w c:\program files\CCleaner
2008-11-08 16:45 --------- d-----w c:\program files\Phenix-Q8
2008-11-08 16:45 --------- d-----w c:\program files\Common Files\PCCamera
2008-11-08 16:43 --------- d-----w c:\documents and settings\Radek\Data aplikací\Logitech
2008-11-08 16:41 --------- d-----w c:\program files\Logitech
2008-11-08 16:41 --------- d-----w c:\program files\Common Files\Logitech
2008-11-08 16:39 --------- d-----w c:\program files\Common Files\LightScribe
2008-11-08 16:24 --------- d-----w c:\program files\Common Files\Ahead
2008-11-08 16:23 --------- d-----w c:\program files\Nero
2008-11-08 16:23 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2008-11-08 16:09 --------- d-----w c:\program files\Marvell
2008-11-08 15:59 --------- d-----w c:\program files\Analog Devices
2008-11-08 15:42 --------- d-----w c:\program files\microsoft frontpage
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 843776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 36864]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-23 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-08 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Radek^Nabídka Start^Programy^Po spuštění^ctfmon.exe]
path=c:\documents and settings\Radek\Nabídka Start\Programy\Po spuštění\ctfmon.exe
backup=c:\windows\pss\ctfmon.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-01 10:21 153136 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 04:22 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-05-15 17:12 484904 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2004-11-02 20:24 32768 c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"SENS"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"LightScribeService"=2 (0x2)
"helpsvc"=2 (0x2)
"ERSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 PAC7311;Phenix-Q8;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2006-03-02 69120]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - d:\recycled\ctfmon.exe

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 18:21:59
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-12-06 18:22:25
ComboFix-quarantined-files.txt 2008-12-06 17:22:15

Před spuštěním: 7 526 936 576
Po spuštění: 7,650,897,920

220 --- E O F --- 2008-11-16 13:37:36

ještě jsem si vzpomněl na jednu věc, která mě dohání k šílenství...
jsem-li v okně, kde je např. 1000 souborů seřaných podle abecedy a já scrolluju dolů, dostanu se k požadovanýmu souboru a než na něj kliknu, skočí to zase zpět na první soubor.

Ano, máš pravdu. V tomto případě byl soubor s názvem ctfmon.exe umístěn jinde nežli obvykle a tím pádem se jednalo o havěť. Ale již jeden z nakažených ComboFix smazal, takže smažeme i zbytek nakažených věcí. Ještě udělej toto:

Citace:
Zapoj do PC všechny přenosná úložiště (Flash disk, foták, mobil, extérní HDD, ...)
Pokuď jste tak ještě neučinil, přesuňte ComboFix na Plochu.
Otevřete si Poznámkový Blok.
Do něj zkopírujte skript z následujícího okna (bez slova Kód) Uložte Vámi vytvořený textový soubor s názvem CFScript.txt na plochu (Dávejte pozor, aby jste tam neměli dvakrát .txt).
Po uložení uchopte Vámi vytvořený skript levým tlačítkem myši a přesuňte jej nad ikonu Combofixu, nad niž skript upusťte:



Po apllikaci by na Vás měl vybafnout další log, vložte jej prosím sem + vložte aktuální log z HijackThis.

ComboFix 08-12-05.06 - Radek 2008-12-06 20:00:52.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1674 [GMT 1:00]
Spuštěný z: c:\documents and settings\Radek\Plocha\ComboFixl.exe
Použité ovládací přepínače :: c:\documents and settings\Radek\Plocha\cfscript.txt
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\iun6002.exe
c:\windows\pss\ctfmon.exe
d:\recycled\ctfmon.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\iun6002.exe
d:\recycled\ctfmon.exe
I:\Autorun.inf
J:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-11-06 do 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-06 19:42 . 2008-12-06 19:42 <DIR> d-------- c:\windows\system32\Futuremark
2008-12-06 19:42 . 2008-12-06 19:42 262,144 --a------ c:\windows\system32\wrap_oal.dll
2008-12-06 19:42 . 2008-12-06 19:42 86,016 --a------ c:\windows\system32\OpenAL32.dll
2008-12-06 19:42 . 2004-10-25 20:02 21,664 --a------ c:\windows\system32\drivers\Entech.sys
2008-12-06 19:42 . 1999-11-02 10:01 6,173 --a------ c:\windows\system32\drivers\Entech.vxd
2008-12-06 19:42 . 2004-06-22 15:44 5,632 --a------ c:\windows\system32\drivers\Entech64.sys
2008-12-06 19:42 . 2001-11-19 19:05 3,972 --a------ c:\windows\system32\drivers\PciBus.sys
2008-12-06 19:40 . 2008-12-06 19:40 <DIR> d-------- c:\program files\Futuremark
2008-12-06 19:28 . 2008-12-06 19:28 <DIR> d-------- c:\windows\system32\AGEIA
2008-12-06 19:28 . 2008-12-06 19:28 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-06 19:28 . 2008-12-06 19:28 <DIR> d-------- c:\program files\AGEIA Technologies
2008-12-06 19:27 . 2008-11-13 16:20 203,540 --a------ c:\windows\system32\nvapps.nvb
2008-12-06 16:40 . 2008-12-06 16:40 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-06 16:40 . 2008-12-06 18:03 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-12-04 23:50 . 2007-03-16 08:55 266,240 --a------ c:\windows\system32\Adobe Gamma.cpl
2008-12-03 21:24 . 2008-12-03 21:24 <DIR> d-------- c:\documents and settings\Radek\Data aplikací\MiniDm
2008-12-01 15:57 . 2008-12-01 15:57 <DIR> d-------- c:\documents and settings\Milada\Data aplikací\Ulead Systems
2008-11-23 16:09 . 2008-11-23 16:09 <DIR> d-------- c:\documents and settings\Radek\Data aplikací\Apple Computer
2008-11-23 16:05 . 2008-11-23 16:37 <DIR> d-------- c:\documents and settings\Radek\Data aplikací\Ulead Systems
2008-11-23 16:04 . 2008-11-23 16:04 <DIR> d-------- C:\SmartSound Software
2008-11-23 16:04 . 2008-11-23 16:04 <DIR> d-------- c:\program files\SmartSound Software
2008-11-23 16:04 . 2008-11-23 21:01 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SmartSound Software Inc
2008-11-23 16:03 . 2008-11-23 16:03 <DIR> d-------- c:\program files\Windows Media Components
2008-11-23 16:03 . 2008-11-23 16:03 <DIR> d-------- c:\program files\QuickTime
2008-11-23 16:03 . 2008-11-23 16:03 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\InstallShield
2008-11-23 16:03 . 2008-11-23 16:03 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Apple Computer
2008-11-23 16:03 . 2008-12-02 18:35 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-23 16:03 . 2008-11-23 16:03 1,409 --a------ c:\windows\QTFont.for
2008-11-23 16:02 . 2008-11-23 16:02 <DIR> d-------- c:\program files\Ulead Systems
2008-11-23 16:02 . 2008-11-23 16:02 <DIR> d-------- c:\program files\Common Files\Ulead Systems
2008-11-23 16:02 . 2008-11-23 16:05 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Ulead Systems
2008-11-22 19:05 . 2008-11-23 20:18 69 --a------ c:\windows\NeroDigital.ini
2008-11-22 16:17 . 2008-11-22 16:17 <DIR> d-------- c:\documents and settings\Radek\Data aplikací\CyberLink
2008-11-22 16:16 . 2008-11-22 16:16 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\CyberLink
2008-11-17 10:46 . 2008-04-13 19:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-11-17 10:24 . 2008-11-17 10:24 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\FLEXnet
2008-11-17 10:21 . 2008-11-17 10:21 <DIR> d-------- c:\program files\Bonjour
2008-11-17 10:16 . 2008-11-17 10:16 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-17 10:14 . 2008-11-18 12:47 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-15 11:12 . 2008-11-15 11:12 <DIR> d-------- c:\windows\system32\cs
2008-11-15 11:12 . 2008-11-15 11:12 <DIR> d-------- c:\windows\system32\bits
2008-11-15 11:12 . 2008-11-15 11:12 <DIR> d-------- c:\windows\l2schemas
2008-11-15 11:11 . 2008-11-15 11:11 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-14 12:47 . 2008-11-15 11:12 <DIR> d-------- c:\windows\system32\cs-cz
2008-11-14 12:47 . 2008-10-03 18:26 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-14 12:47 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-14 12:47 . 2007-03-08 06:09 1,024,000 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-14 12:47 . 2008-08-26 09:26 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-14 12:47 . 2008-08-26 09:26 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-14 12:47 . 2008-08-26 09:26 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-14 12:47 . 2008-08-26 09:26 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-14 12:47 . 2008-08-26 09:26 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-14 12:47 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-12 14:55 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 21:41 . 2008-11-10 21:41 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-10 21:27 . 2008-06-14 18:35 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-10 21:27 . 2008-06-14 18:35 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-10 21:26 . 2008-09-15 16:27 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-10 21:26 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-10 21:26 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-10 21:25 . 2008-08-14 14:26 2,191,360 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-10 21:25 . 2008-08-14 14:26 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-10 21:25 . 2008-08-14 14:26 2,068,224 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-10 21:25 . 2008-08-14 14:26 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-10 21:24 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-10 21:24 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-10 21:18 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-09 22:12 . 2008-11-09 22:12 <DIR> d-------- c:\documents and settings\Radek\Data aplikací\Canon
2008-11-09 20:50 . 2004-08-17 15:49 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-09 20:50 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-09 20:50 . 2001-10-24 12:25 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-11-09 19:17 . 2008-11-08 17:17 <DIR> d-------- c:\documents and settings\Milada\Plocha
2008-11-09 19:17 . 2008-11-08 17:17 <DIR> d--h----- c:\documents and settings\Milada\Okolní tiskárny
2008-11-09 19:17 . 2008-11-08 17:17 <DIR> d--h----- c:\documents and settings\Milada\Okolní síť
2008-11-09 19:17 . 2008-12-01 15:57 <DIR> dr------- c:\documents and settings\Milada\Oblíbené položky
2008-11-09 19:17 . 2008-11-08 16:39 <DIR> d--h----- c:\documents and settings\Milada\Šablony
2008-11-09 19:17 . 2008-11-08 17:17 <DIR> dr------- c:\documents and settings\Milada\Nabídka Start
2008-11-09 19:17 . 2008-12-01 16:01 <DIR> dr------- c:\documents and settings\Milada\Dokumenty
2008-11-09 19:17 . 2008-11-09 19:17 <DIR> d-------- c:\documents and settings\Milada\Data aplikací\Logitech
2008-11-09 19:17 . 2008-12-01 15:57 <DIR> dr-h----- c:\documents and settings\Milada\Data aplikací
2008-11-09 19:17 . 2008-11-09 19:17 <DIR> d-------- c:\documents and settings\Milada
2008-11-08 18:49 . 2008-11-08 18:50 <DIR> d-------- c:\program files\Canon
2008-11-08 18:45 . 2008-11-08 18:45 <DIR> d-------- c:\program files\Common Files\Canon
2008-11-08 18:28 . 2008-11-08 18:28 <DIR> d-------- c:\program files\Zoner
2008-11-08 18:28 . 2008-11-08 18:29 <DIR> d-------- c:\documents and settings\Radek\Data aplikací\Zoner
2008-11-08 18:25 . 2008-12-05 20:48 <DIR> d-------- c:\documents and settings\Radek\Data aplikací\skypePM
2008-11-08 18:25 . 2008-11-08 18:25 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-08 18:24 . 2008-11-08 18:24 <DIR> d-------- c:\program files\Skype
2008-11-08 18:24 . 2008-11-08 18:24 <DIR> d-------- c:\program files\Common Files\Skype
2008-11-08 18:24 . 2008-12-05 23:24 <DIR> d-------- c:\documents and settings\Radek\Data aplikací\Skype
2008-11-08 18:24 . 2008-11-08 18:24 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Skype
2008-11-08 18:09 . 2008-11-08 18:23 <DIR> d-------- c:\program files\IEPro
2008-11-08 18:09 . 2008-11-08 18:51 <DIR> d-------- c:\documents and settings\Radek\Data aplikací\IEPro
2008-11-08 18:08 . 2008-11-08 18:08 <DIR> d-------- c:\program files\Opera
2008-11-08 18:06 . 2008-11-08 18:06 <DIR> d-------- c:\program files\DAEMON Tools
2008-11-08 18:05 . 2008-11-08 18:05 685,816 --a------ c:\windows\system32\drivers\sptd.sys
2008-11-08 18:00 . 2008-11-08 18:02 <DIR> d-------- c:\program files\CyberLink DVD Solution
2008-11-08 18:00 . 2008-11-08 18:00 <DIR> d-------- c:\program files\CyberLink
2008-11-08 18:00 . 2004-10-01 15:00 40,960 --a------ c:\program files\Uninstall_CDS.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 18:40 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-23 15:02 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-12 13:54 6,188,320 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-11-08 16:52 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-08 16:51 --------- d-----w c:\program files\Codec Pack - All In 1
2008-11-08 16:51 --------- d-----w c:\program files\BSPlayer
2008-11-08 16:49 --------- d-----w c:\program files\CCleaner
2008-11-08 16:45 --------- d-----w c:\program files\Phenix-Q8
2008-11-08 16:45 --------- d-----w c:\program files\Common Files\PCCamera
2008-11-08 16:43 --------- d-----w c:\documents and settings\Radek\Data aplikací\Logitech
2008-11-08 16:41 --------- d-----w c:\program files\Logitech
2008-11-08 16:41 --------- d-----w c:\program files\Common Files\Logitech
2008-11-08 16:39 --------- d-----w c:\program files\Common Files\LightScribe
2008-11-08 16:24 --------- d-----w c:\program files\Common Files\Ahead
2008-11-08 16:23 --------- d-----w c:\program files\Nero
2008-11-08 16:23 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2008-11-08 16:09 --------- d-----w c:\program files\Marvell
2008-11-08 15:59 --------- d-----w c:\program files\Analog Devices
2008-11-08 15:42 --------- d-----w c:\program files\microsoft frontpage
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-06_18.22.05,60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelFrench.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelGerman.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelJapanese.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelKorean.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelPortugese.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelSimplifiedChinese.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelSpanish.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelSwedish.dll
+ 2008-10-07 08:13:22 58,648 ----a-w c:\windows\system32\AgCPanelTraditionalChinese.dll
+ 2008-10-07 08:13:18 199,885 ----a-w c:\windows\system32\AGEIA\AG1011\app.bin
+ 2008-10-07 08:13:20 119,473 ----a-w c:\windows\system32\AGEIA\AG1011\diag.bin
+ 2008-10-07 08:13:20 214,629 ----a-w c:\windows\system32\AGEIA\AG1021\app.bin
+ 2008-10-07 08:13:20 116,977 ----a-w c:\windows\system32\AGEIA\AG1021\diag.bin
- 2007-12-05 00:41:00 7,435,392 -c--a-w c:\windows\system32\dllcache\nv4_mini.sys
+ 2008-11-12 13:54:00 6,188,320 -c--a-w c:\windows\system32\dllcache\nv4_mini.sys
+ 2005-08-03 14:16:40 40,960 ----a-r c:\windows\system32\Futuremark\MSC\atimgpud.dll
+ 2006-04-07 18:45:54 35,840 ----a-w c:\windows\system32\Futuremark\MSC\Direcpll.dll
- 2007-12-05 00:41:00 425,984 ----a-w c:\windows\system32\keystone.exe
+ 2008-11-12 13:54:00 425,984 ----a-w c:\windows\system32\keystone.exe
- 2007-12-05 00:41:00 5,773,568 ----a-w c:\windows\system32\nv4_disp.dll
+ 2008-11-12 13:54:00 6,148,864 ----a-w c:\windows\system32\nv4_disp.dll
- 2007-12-05 00:41:00 385,024 ----a-w c:\windows\system32\nvapi.dll
+ 2008-11-12 13:54:00 602,112 ----a-w c:\windows\system32\nvapi.dll
- 2007-12-05 00:41:00 442,368 ----a-w c:\windows\system32\nvappbar.exe
+ 2008-11-12 13:54:00 442,368 ----a-w c:\windows\system32\nvappbar.exe
- 2007-12-05 00:41:00 35,328 ----a-w c:\windows\system32\nvcod.dll
+ 2008-11-12 13:54:00 122,880 ----a-w c:\windows\system32\nvcod.dll
- 2007-12-05 00:41:00 35,328 ----a-w c:\windows\system32\nvcodins.dll
+ 2008-11-12 13:54:00 122,880 ----a-w c:\windows\system32\nvcodins.dll
- 2007-12-05 00:41:00 147,456 ----a-w c:\windows\system32\nvcolor.exe
+ 2008-11-12 13:54:00 143,360 ----a-w c:\windows\system32\nvcolor.exe
- 2007-12-05 00:41:00 8,523,776 ----a-w c:\windows\system32\nvcpl.dll
+ 2008-11-12 13:54:00 13,672,448 ----a-w c:\windows\system32\nvcpl.dll
- 2007-12-05 00:41:00 753,664 ----a-w c:\windows\system32\nvcplui.exe
+ 2008-11-12 13:54:00 801,312 ----a-w c:\windows\system32\nvcplui.exe
- 2007-12-05 00:41:00 1,073,152 ----a-w c:\windows\system32\nvcpluir.dll
+ 2008-11-12 13:54:00 1,108,512 ----a-w c:\windows\system32\nvcpluir.dll
- 2007-12-05 00:41:00 1,089,536 ----a-w c:\windows\system32\nvcuda.dll
+ 2008-11-12 13:54:00 1,564,672 ----a-w c:\windows\system32\nvcuda.dll
- 2007-12-05 00:41:00 6,549,504 ----a-w c:\windows\system32\nvdisps.dll
+ 2008-11-12 13:54:00 4,706,304 ----a-w c:\windows\system32\nvdisps.dll
- 2007-12-05 00:41:00 5,611,520 ----a-w c:\windows\system32\nvdispsr.dll
+ 2008-11-12 13:54:00 6,574,080 ----a-w c:\windows\system32\nvdispsr.dll
- 2007-12-05 00:41:00 1,339,392 ----a-w c:\windows\system32\nvdspsch.exe
+ 2008-11-12 13:54:00 1,339,392 ----a-w c:\windows\system32\nvdspsch.exe
- 2007-12-05 00:41:00 3,420,160 ----a-w c:\windows\system32\nvgames.dll
+ 2008-11-12 13:54:00 3,485,696 ----a-w c:\windows\system32\nvgames.dll
- 2007-12-05 00:41:00 3,334,144 ----a-w c:\windows\system32\nvgamesr.dll
+ 2008-11-12 13:54:00 4,280,320 ----a-w c:\windows\system32\nvgamesr.dll
- 2007-12-05 00:41:00 1,474,560 ----a-w c:\windows\system32\nview.dll
+ 2008-11-12 13:54:00 1,486,848 ----a-w c:\windows\system32\nview.dll
- 2007-12-05 00:41:00 229,376 ----a-w c:\windows\system32\nvmccs.dll
+ 2008-11-12 13:54:00 229,376 ----a-w c:\windows\system32\nvmccs.dll
- 2007-12-05 00:41:00 45,056 ----a-w c:\windows\system32\nvmccsrs.dll
+ 2008-11-12 13:54:00 45,056 ----a-w c:\windows\system32\nvmccsrs.dll
- 2007-12-05 00:41:00 188,416 ----a-w c:\windows\system32\nvmccss.dll
+ 2008-11-12 13:54:00 188,416 ----a-w c:\windows\system32\nvmccss.dll
- 2007-12-05 00:41:00 458,752 ----a-w c:\windows\system32\nvmccssr.dll
+ 2008-11-12 13:54:00 458,752 ----a-w c:\windows\system32\nvmccssr.dll
- 2007-12-05 00:41:00 81,920 ----a-w c:\windows\system32\nvmctray.dll
+ 2008-11-12 13:54:00 86,016 ----a-w c:\windows\system32\nvmctray.dll
- 2007-12-05 00:41:00 1,228,800 ----a-w c:\windows\system32\nvmobls.dll
+ 2008-11-12 13:54:00 1,286,144 ----a-w c:\windows\system32\nvmobls.dll
- 2007-12-05 00:41:00 2,854,912 ----a-w c:\windows\system32\nvmoblsr.dll
+ 2008-11-12 13:54:00 2,854,912 ----a-w c:\windows\system32\nvmoblsr.dll
- 2007-12-05 00:41:00 6,901,760 ----a-w c:\windows\system32\nvoglnt.dll
+ 2008-11-12 13:54:00 9,392,128 ----a-w c:\windows\system32\nvoglnt.dll
- 2007-12-05 00:41:00 327,680 ----a-w c:\windows\system32\nvrsar.dll
+ 2008-11-12 13:54:00 331,776 ----a-w c:\windows\system32\nvrsar.dll
- 2007-12-05 00:41:00 249,856 ----a-w c:\windows\system32\nvrscs.dll
+ 2008-11-12 13:54:00 245,760 ----a-w c:\windows\system32\nvrscs.dll
- 2007-12-05 00:41:00 253,952 ----a-w c:\windows\system32\nvrsda.dll
+ 2008-11-12 13:54:00 253,952 ----a-w c:\windows\system32\nvrsda.dll
- 2007-12-05 00:41:00 278,528 ----a-w c:\windows\system32\nvrsde.dll
+ 2008-11-12 13:54:00 278,528 ----a-w c:\windows\system32\nvrsde.dll
- 2007-12-05 00:41:00 282,624 ----a-w c:\windows\system32\nvrsel.dll
+ 2008-11-12 13:54:00 282,624 ----a-w c:\windows\system32\nvrsel.dll
- 2007-12-05 00:41:00 245,760 ----a-w c:\windows\system32\nvrseng.dll
+ 2008-11-12 13:54:00 245,760 ----a-w c:\windows\system32\nvrseng.dll
- 2007-12-05 00:41:00 282,624 ----a-w c:\windows\system32\nvrses.dll
+ 2008-11-12 13:54:00 282,624 ----a-w c:\windows\system32\nvrses.dll
- 2007-12-05 00:41:00 274,432 ----a-w c:\windows\system32\nvrsesm.dll
+ 2008-11-12 13:54:00 274,432 ----a-w c:\windows\system32\nvrsesm.dll
- 2007-12-05 00:41:00 249,856 ----a-w c:\windows\system32\nvrsfi.dll
+ 2008-11-12 13:54:00 249,856 ----a-w c:\windows\system32\nvrsfi.dll
- 2007-12-05 00:41:00 282,624 ----a-w c:\windows\system32\nvrsfr.dll
+ 2008-11-12 13:54:00 282,624 ----a-w c:\windows\system32\nvrsfr.dll
- 2007-12-05 00:41:00 327,680 ----a-w c:\windows\system32\nvrshe.dll
+ 2008-11-12 13:54:00 331,776 ----a-w c:\windows\system32\nvrshe.dll
- 2007-12-05 00:41:00 258,048 ----a-w c:\windows\system32\nvrshu.dll
+ 2008-11-12 13:54:00 258,048 ----a-w c:\windows\system32\nvrshu.dll
- 2007-12-05 00:41:00 278,528 ----a-w c:\windows\system32\nvrsit.dll
+ 2008-11-12 13:54:00 278,528 ----a-w c:\windows\system32\nvrsit.dll
- 2007-12-05 00:41:00 266,240 ----a-w c:\windows\system32\nvrsja.dll
+ 2008-11-12 13:54:00 270,336 ----a-w c:\windows\system32\nvrsja.dll
- 2007-12-05 00:41:00 258,048 ----a-w c:\windows\system32\nvrsko.dll
+ 2008-11-12 13:54:00 262,144 ----a-w c:\windows\system32\nvrsko.dll
- 2007-12-05 00:41:00 274,432 ----a-w c:\windows\system32\nvrsnl.dll
+ 2008-11-12 13:54:00 274,432 ----a-w c:\windows\system32\nvrsnl.dll
- 2007-12-05 00:41:00 253,952 ----a-w c:\windows\system32\nvrsno.dll
+ 2008-11-12 13:54:00 253,952 ----a-w c:\windows\system32\nvrsno.dll
- 2007-12-05 00:41:00 253,952 ----a-w c:\windows\system32\nvrspl.dll
+ 2008-11-12 13:54:00 253,952 ----a-w c:\windows\system32\nvrspl.dll
- 2007-12-05 00:41:00 274,432 ----a-w c:\windows\system32\nvrspt.dll
+ 2008-11-12 13:54:00 270,336 ----a-w c:\windows\system32\nvrspt.dll
- 2007-12-05 00:41:00 266,240 ----a-w c:\windows\system32\nvrsptb.dll
+ 2008-11-12 13:54:00 266,240 ----a-w c:\windows\system32\nvrsptb.dll
- 2007-12-05 00:41:00 270,336 ----a-w c:\windows\system32\nvrsru.dll
+ 2008-11-12 13:54:00 266,240 ----a-w c:\windows\system32\nvrsru.dll
- 2007-12-05 00:41:00 258,048 ----a-w c:\windows\system32\nvrssk.dll
+ 2008-11-12 13:54:00 258,048 ----a-w c:\windows\system32\nvrssk.dll
- 2007-12-05 00:41:00 258,048 ----a-w c:\windows\system32\nvrssl.dll
+ 2008-11-12 13:54:00 258,048 ----a-w c:\windows\system32\nvrssl.dll
- 2007-12-05 00:41:00 253,952 ----a-w c:\windows\system32\nvrssv.dll
+ 2008-11-12 13:54:00 253,952 ----a-w c:\windows\system32\nvrssv.dll
- 2007-12-05 00:41:00 253,952 ----a-w c:\windows\system32\nvrsth.dll
+ 2008-11-12 13:54:00 253,952 ----a-w c:\windows\system32\nvrsth.dll
- 2007-12-05 00:41:00 258,048 ----a-w c:\windows\system32\nvrstr.dll
+ 2008-11-12 13:54:00 253,952 ----a-w c:\windows\system32\nvrstr.dll
- 2007-12-05 00:41:00 225,280 ----a-w c:\windows\system32\nvrszhc.dll
+ 2008-11-12 13:54:00 225,280 ----a-w c:\windows\system32\nvrszhc.dll
- 2007-12-05 00:41:00 126,976 ----a-w c:\windows\system32\nvrszht.dll
+ 2008-11-12 13:54:00 122,880 ----a-w c:\windows\system32\nvrszht.dll
- 2007-12-05 00:41:00 466,944 ----a-w c:\windows\system32\nvshell.dll
+ 2008-11-12 13:54:00 466,944 ----a-w c:\windows\system32\nvshell.dll
- 2007-12-05 00:41:00 155,716 ----a-w c:\windows\system32\nvsvc32.exe
+ 2008-11-12 13:54:00 163,908 ----a-w c:\windows\system32\nvsvc32.exe
- 2007-12-05 00:41:00 356,352 ----a-w c:\windows\system32\nvudisp.exe
+ 2008-11-12 13:54:00 453,152 ----a-w c:\windows\system32\nvudisp.exe
- 2007-12-05 01:53:08 356,352 ----a-w c:\windows\system32\NVUNINST.EXE
+ 2008-11-12 12:45:46 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
- 2007-12-05 00:41:00 3,710,976 ----a-w c:\windows\system32\nvvitvs.dll
+ 2008-11-12 13:54:00 3,796,992 ----a-w c:\windows\system32\nvvitvs.dll
- 2007-12-05 00:41:00 3,715,072 ----a-w c:\windows\system32\nvvitvsr.dll
+ 2008-11-12 13:54:00 4,280,320 ----a-w c:\windows\system32\nvvitvsr.dll
- 2007-12-05 00:41:00 81,920 ----a-w c:\windows\system32\nvwddi.dll
+ 2008-11-12 13:54:00 81,920 ----a-w c:\windows\system32\nvwddi.dll
- 2007-12-05 00:41:00 1,703,936 ----a-w c:\windows\system32\nvwdmcpl.dll
+ 2008-11-12 13:54:00 1,703,936 ----a-w c:\windows\system32\nvwdmcpl.dll
- 2007-12-05 00:41:00 1,019,904 ----a-w c:\windows\system32\nvwimg.dll
+ 2008-11-12 13:54:00 1,019,904 ----a-w c:\windows\system32\nvwimg.dll
- 2007-12-05 00:41:00 282,624 ----a-w c:\windows\system32\nvwrsar.dll
+ 2008-11-12 13:54:00 282,624 ----a-w c:\windows\system32\nvwrsar.dll
- 2007-12-05 00:41:00 286,720 ----a-w c:\windows\system32\nvwrscs.dll
+ 2008-11-12 13:54:00 286,720 ----a-w c:\windows\system32\nvwrscs.dll
- 2007-12-05 00:41:00 294,912 ----a-w c:\windows\system32\nvwrsda.dll
+ 2008-11-12 13:54:00 294,912 ----a-w c:\windows\system32\nvwrsda.dll
- 2007-12-05 00:41:00 311,296 ----a-w c:\windows\system32\nvwrsde.dll
+ 2008-11-12 13:54:00 311,296 ----a-w c:\windows\system32\nvwrsde.dll
- 2007-12-05 00:41:00 335,872 ----a-w c:\windows\system32\nvwrsel.dll
+ 2008-11-12 13:54:00 335,872 ----a-w c:\windows\system32\nvwrsel.dll
- 2007-12-05 00:41:00 286,720 ----a-w c:\windows\system32\nvwrseng.dll
+ 2008-11-12 13:54:00 286,720 ----a-w c:\windows\system32\nvwrseng.dll
- 2007-12-05 00:41:00 335,872 ----a-w c:\windows\system32\nvwrses.dll
+ 2008-11-12 13:54:00 335,872 ----a-w c:\windows\system32\nvwrses.dll
- 2007-12-05 00:41:00 327,680 ----a-w c:\windows\system32\nvwrsesm.dll
+ 2008-11-12 13:54:00 327,680 ----a-w c:\windows\system32\nvwrsesm.dll
- 2007-12-05 00:41:00 303,104 ----a-w c:\windows\system32\nvwrsfi.dll
+ 2008-11-12 13:54:00 303,104 ----a-w c:\windows\system32\nvwrsfi.dll
- 2007-12-05 00:41:00 327,680 ----a-w c:\windows\system32\nvwrsfr.dll
+ 2008-11-12 13:54:00 327,680 ----a-w c:\windows\system32\nvwrsfr.dll
- 2007-12-05 00:41:00 278,528 ----a-w c:\windows\system32\nvwrshe.dll
+ 2008-11-12 13:54:00 278,528 ----a-w c:\windows\system32\nvwrshe.dll
- 2007-12-05 00:41:00 315,392 ----a-w c:\windows\system32\nvwrshu.dll
+ 2008-11-12 13:54:00 315,392 ----a-w c:\windows\system32\nvwrshu.dll
- 2007-12-05 00:41:00 323,584 ----a-w c:\windows\system32\nvwrsit.dll
+ 2008-11-12 13:54:00 323,584 ----a-w c:\windows\system32\nvwrsit.dll
- 2007-12-05 00:41:00 212,992 ----a-w c:\windows\system32\nvwrsja.dll
+ 2008-11-12 13:54:00 212,992 ----a-w c:\windows\system32\nvwrsja.dll
- 2007-12-05 00:41:00 196,608 ----a-w c:\windows\system32\nvwrsko.dll
+ 2008-11-12 13:54:00 196,608 ----a-w c:\windows\system32\nvwrsko.dll
- 2007-12-05 00:41:00 319,488 ----a-w c:\windows\system32\nvwrsnl.dll
+ 2008-11-12 13:54:00 319,488 ----a-w c:\windows\system32\nvwrsnl.dll
- 2007-12-05 00:41:00 299,008 ----a-w c:\windows\system32\nvwrsno.dll
+ 2008-11-12 13:54:00 299,008 ----a-w c:\windows\system32\nvwrsno.dll
- 2007-12-05 00:41:00 294,912 ----a-w c:\windows\system32\nvwrspl.dll
+ 2008-11-12 13:54:00 294,912 ----a-w c:\windows\system32\nvwrspl.dll
- 2007-12-05 00:41:00 323,584 ----a-w c:\windows\system32\nvwrspt.dll
+ 2008-11-12 13:54:00 323,584 ----a-w c:\windows\system32\nvwrspt.dll
- 2007-12-05 00:41:00 319,488 ----a-w c:\windows\system32\nvwrsptb.dll
+ 2008-11-12 13:54:00 319,488 ----a-w c:\windows\system32\nvwrsptb.dll
- 2007-12-05 00:41:00 315,392 ----a-w c:\windows\system32\nvwrsru.dll
+ 2008-11-12 13:54:00 315,392 ----a-w c:\windows\system32\nvwrsru.dll
- 2007-12-05 00:41:00 299,008 ----a-w c:\windows\system32\nvwrssk.dll
+ 2008-11-12 13:54:00 299,008 ----a-w c:\windows\system32\nvwrssk.dll
- 2007-12-05 00:41:00 303,104 ----a-w c:\windows\system32\nvwrssl.dll
+ 2008-11-12 13:54:00 303,104 ----a-w c:\windows\system32\nvwrssl.dll
- 2007-12-05 00:41:00 294,912 ----a-w c:\windows\system32\nvwrssv.dll
+ 2008-11-12 13:54:00 294,912 ----a-w c:\windows\system32\nvwrssv.dll
- 2007-12-05 00:41:00 290,816 ----a-w c:\windows\system32\nvwrsth.dll
+ 2008-11-12 13:54:00 290,816 ----a-w c:\windows\system32\nvwrsth.dll
- 2007-12-05 00:41:00 303,104 ----a-w c:\windows\system32\nvwrstr.dll
+ 2008-11-12 13:54:00 303,104 ----a-w c:\windows\system32\nvwrstr.dll
- 2007-12-05 00:41:00 163,840 ----a-w c:\windows\system32\nvwrszhc.dll
+ 2008-11-12 13:54:00 163,840 ----a-w c:\windows\system32\nvwrszhc.dll
- 2007-12-05 00:41:00 167,936 ----a-w c:\windows\system32\nvwrszht.dll
+ 2008-11-12 13:54:00 167,936 ----a-w c:\windows\system32\nvwrszht.dll
- 2007-12-05 00:41:00 2,498,560 ----a-w c:\windows\system32\nvwss.dll
+ 2008-11-12 13:54:00 2,744,320 ----a-w c:\windows\system32\nvwss.dll
- 2007-12-05 00:41:00 2,519,040 ----a-w c:\windows\system32\nvwssr.dll
+ 2008-11-12 13:54:00 3,026,944 ----a-w c:\windows\system32\nvwssr.dll
- 2007-12-05 00:41:00 1,626,112 ----a-w c:\windows\system32\nwiz.exe
+ 2008-11-12 13:54:00 1,630,208 ----a-w c:\windows\system32\nwiz.exe
+ 2008-10-07 08:13:26 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe
+ 2008-10-07 08:13:28 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
+ 2008-10-07 08:13:30 197,912 ----a-w c:\windows\system32\physxcudart_20.dll
+ 2008-10-07 08:13:28 23,320 ----a-w c:\windows\system32\PhysXDevice.dll
+ 2008-10-13 08:56:56 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
+ 2007-12-05 00:41:00 5,773,568 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nv4_disp.dll
+ 2007-12-05 00:41:00 7,435,392 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nv4_mini.sys
+ 2007-12-05 00:41:00 385,024 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvapi.dll
+ 2007-12-05 00:41:00 35,328 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvcod.dll
+ 2007-12-05 00:41:00 8,523,776 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvcpl.dll
+ 2007-12-05 00:41:00 1,089,536 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvcuda.dll
+ 2007-12-05 00:41:00 6,549,504 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvdisps.dll
+ 2007-12-05 00:41:00 5,611,520 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvdispsr.dll
+ 2007-12-05 00:41:00 3,420,160 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvgames.dll
+ 2007-12-05 00:41:00 3,334,144 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvgamesr.dll
+ 2007-12-05 00:41:00 229,376 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvmccs.dll
+ 2007-12-05 00:41:00 188,416 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvmccss.dll
+ 2007-12-05 00:41:00 458,752 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvmccssr.dll
+ 2007-12-05 00:41:00 81,920 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvmctray.dll
+ 2007-12-05 00:41:00 1,228,800 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvmobls.dll
+ 2007-12-05 00:41:00 2,854,912 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvmoblsr.dll
+ 2007-12-05 00:41:00 286,720 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvnt4cpl.dll
+ 2007-12-05 00:41:00 6,901,760 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvoglnt.dll
+ 2007-12-05 00:41:00 155,716 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvsvc32.exe
+ 2007-12-05 00:41:00 3,710,976 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvvitvs.dll
+ 2007-12-05 00:41:00 3,715,072 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvvitvsr.dll
+ 2007-12-05 00:41:00 81,920 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvwddi.dll
+ 2007-12-05 00:41:00 2,498,560 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvwss.dll
+ 2007-12-05 00:41:00 2,519,040 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvwssr.dll
+ 2005-09-22 22:49:12 95,744 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2005-09-23 00:16:02 1,093,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2005-09-23 00:16:06 1,079,808 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2005-09-23 00:16:08 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2005-09-23 00:16:10 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2005-09-22 23:58:06 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2005-09-22 23:58:06 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2005-09-22 23:58:06 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2005-09-22 23:58:06 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2005-09-22 23:58:06 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2005-09-22 23:58:06 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2005-09-22 23:58:06 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2005-09-22 23:58:06 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2005-09-22 23:58:06 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2005-09-23 00:35:10 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867\vcomp.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 843776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-08 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-01 10:21 153136 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 04:22 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-05-15 17:12 484904 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-11-12 14:54 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-23 16:03 155648 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2004-11-02 20:24 32768 c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
--------- 2006-03-07 00:52 36864 c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-11-12 14:54 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"SENS"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"LightScribeService"=2 (0x2)
"helpsvc"=2 (0x2)
"ERSvc"=2 (0x2)
"SharedAccess"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 PAC7311;Phenix-Q8;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2006-03-02 69120]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - d:\recycled\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 20:03:41
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PAStiSvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Celkový čas: 2008-12-06 20:04:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-12-06 19:04:40
ComboFix2.txt 2008-12-06 17:22:26

Před spuštěním: 6 999 769 088
Po spuštění: 6,990,929,920

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

497 --- E O F --- 2008-11-16 13:37:36

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:45, on 6.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
F:\Anti\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\Program Files\IEPro\IEProRs.dll/easyhome.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4997 bytes

Již to vypadá dobře. Jestli nemáš Antivir, stáhni si např. Eset Smart Security (http://www.eset.cz/download/zkusebni). Obsahuje Antivir i Fiewall. Antivirem proskenuj celý systém a když něco najde tak jej smaž. A poté ještě udělej poslední krok.

Citace:
Aplikujte skener Cure It dle tohoto návodu

Po ukončeni skenu nahlaste výsledky, když něco najde, smažte jej

teda, tam bylo bordela na celou stránku. zítra to projedu ještě jednou...

Ok, a vše, co najde, smažte.