zamrzaní, restartování ...

Zpráva

blecha2 · #1 Příspěvek od **blecha2** » 09 dub 2010 07:06

Dobrý den,

prosím o kotrolu logu resp. o postup odstranění nežádoucích naplavenin, děkuji.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:45, on 9.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Plocha\RAPGET\rapget.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\program files\powerstrip\pstrip.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Rapget] C:\Documents and Settings\Administrator\Plocha\RAPGET\rapget.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Automaticky EPSON Stylus Photo RX420 Series v STIKCOMP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P54 "Automaticky EPSON Stylus Photo RX420 Series v STIKCOMP" /O19 "\\STIKCOMP\Tiskárna" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: FreshDownload - {7BF17817-5ACC-449A-B7F4-850DC2CCFF2F} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: &Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: bw+0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: LogMeIn - Unknown owner - C:\Program Files\LogMeIn\x86\LogMeIn.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 19058 bytes

Marek-26 · #2 Příspěvek od **Marek-26** » 09 dub 2010 09:43

Dobrý den

Pro jistotu vložte log z RSIT

http://www.viry.cz/forum/viewtopic.php?f=13&t=82743

blecha2 · #3 Příspěvek od **blecha2** » 09 dub 2010 09:48

ups, omlouvám se ... tady je

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-04-09 10:49:56
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (5%) free of 76 GB
Total RAM: 2047 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:00, on 9.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Plocha\RAPGET\rapget.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\program files\powerstrip\pstrip.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMT9CE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Rapget] C:\Documents and Settings\Administrator\Plocha\RAPGET\rapget.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Automaticky EPSON Stylus Photo RX420 Series v STIKCOMP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P54 "Automaticky EPSON Stylus Photo RX420 Series v STIKCOMP" /O19 "\\STIKCOMP\Tiskárna" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: FreshDownload - {7BF17817-5ACC-449A-B7F4-850DC2CCFF2F} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: &Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: bw+0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1CE65923-EAF9-4A08-B0C8-C1624912039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: LogMeIn - Unknown owner - C:\Program Files\LogMeIn\x86\LogMeIn.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 19210 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-07-16 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-07-03 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-08-05 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{ED0E8CA5-42FB-4B18-997B-769E0408E79D} - FreshDownload Bar - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-01-29 2899968]
"Rapget"=C:\Documents and Settings\Administrator\Plocha\RAPGET\rapget.exe [2007-10-07 171008]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-01-20 217088]
"Automaticky EPSON Stylus Photo RX420 Series v STIKCOMP"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE [2004-04-09 98304]
"Flashget"=C:\Program Files\FlashGet\flashget.exe [2007-06-29 1990704]
"MMTray"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2005-05-03 135168]
"PowerStrip"=c:\program files\powerstrip\pstrip.exe [2008-04-03 727288]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files\valve\steam\steam.exe [2010-02-20 1217872]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-24 32768]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSMBalloonTip"=1
"NoDriveTypeAutoRun"=323
"MemCheckBoxInRunDlg"=0
"NoAutoTrayNotify"=0
"NoResolveTrack"=0
"NoResolveSearch"=1
"NoWelcomeScreen"=1
"NoRecentDocsNetHood"=1
"NoDesktopCleanupWizard"=1
"NoSharedDocuments"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoStrCmpLogical"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

======List of files/folders created in the last 1 months======

2010-04-02 11:34:37 ----D---- C:\Program Files\Kaspersky Lab
2010-04-02 11:34:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2010-04-02 11:28:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2010-04-02 08:46:06 ----D---- C:\Program Files\PowerStrip
2010-04-01 08:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-03-27 14:51:43 ----D---- C:\Documents and Settings\Administrator\Data aplikací\PCF-VLC
2010-03-27 14:47:46 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Participatory Culture Foundation
2010-03-27 14:46:38 ----D---- C:\Program Files\Participatory Culture Foundation
2010-03-11 12:07:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Boss Media
2010-03-11 08:18:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$

======List of files/folders modified in the last 1 months======

2010-04-09 10:49:37 ----D---- C:\WINDOWS\temp
2010-04-09 10:46:37 ----D---- C:\Program Files\FlashGet
2010-04-09 10:42:46 ----D---- C:\WINDOWS\system32
2010-04-09 07:56:19 ----SHD---- C:\WINDOWS\CSC
2010-04-08 18:49:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-08 10:56:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-07 17:29:09 ----D---- C:\Downloads
2010-04-02 14:30:47 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ICQ
2010-04-02 12:07:42 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Google
2010-04-02 11:54:42 ----D---- C:\WINDOWS
2010-04-02 11:46:07 ----D---- C:\WINDOWS\system32\drivers
2010-04-02 11:36:10 ----SHD---- C:\WINDOWS\Installer
2010-04-02 11:35:45 ----HD---- C:\WINDOWS\inf
2010-04-02 11:34:37 ----RD---- C:\Program Files
2010-04-02 10:00:58 ----D---- C:\WINDOWS\Minidump
2010-04-02 08:12:52 ----AC---- C:\WINDOWS\wininit.ini
2010-04-01 08:51:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-31 07:46:33 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-28 09:27:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-24 16:49:46 ----D---- C:\Program Files\Capture-A-ScreenShot
2010-03-23 17:13:42 ----D---- C:\Program Files\Opera
2010-03-20 11:04:20 ----D---- C:\Program Files\Penezni denik
2010-03-16 17:19:59 ----D---- C:\Program Files\Mozilla Firefox
2010-03-11 12:07:26 ----D---- C:\Program Files\ParadisePoker
2010-03-11 08:18:46 ----D---- C:\Program Files\Movie Maker
2010-03-10 06:43:10 ----A---- C:\WINDOWS\system32\shdocvw.dll
2010-03-10 06:43:04 ----A---- C:\WINDOWS\system32\browseui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-04-02 296976]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\System32\Drivers\vmm.sys []
R1 Winflash;Winflash; C:\WINDOWS\system32\drivers\Winflash.sys [2001-11-30 3538]
R2 PStrip;PStrip; C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 27992]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-02-18 610988]
R3 FETNDIS;VIA Rhine Family Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2002-09-11 40448]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidKE.Sys [2005-05-20 25600]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouKE.Sys [2005-05-20 68352]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-01-29 1880320]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\System32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\System32\drivers\LMIRfsDriver.sys []
S3 agw2847i;agw2847i; C:\WINDOWS\system32\drivers\agw2847i.sys []
S3 au1mu7i9;au1mu7i9; C:\WINDOWS\system32\drivers\au1mu7i9.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 lmimirr;lmimirr; C:\WINDOWS\system32\drivers\lmimirr.sys []
S3 NTSIM;NTSIM; \??\C:\WINDOWS\System32\ntsim.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-05-12 611664]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2004-01-29 77824]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Marek-26 · #4 Příspěvek od **Marek-26** » 09 dub 2010 10:26

Před resetem se zobrazí nějaká hláška?

blecha2 · #5 Příspěvek od **blecha2** » 09 dub 2010 10:33

ne, restart nastava z nicehonic

Marek-26 · #6 Příspěvek od **Marek-26** » 09 dub 2010 10:38

stahnete a ulozte nejlepe na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:

Obrázek

dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

blecha2 · #7 Příspěvek od **blecha2** » 09 dub 2010 14:36

ComboFix 10-04-08.02 - Administrator 09.04.2010 15:24:48.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1689 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Data aplikacˇ\fexalana.inf
c:\documents and settings\Administrator\Local Settings\Data aplikacˇ\ubiduceqyc.vbs
c:\documents and settings\Administrator\Local Settings\Data aplikacˇ\yqymu.reg
.
---- Předchozí spuštění -------
.
c:\docume~1\ADMINI~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Administrator\Data aplikacˇ\fexalana.inf
c:\documents and settings\Administrator\Local Settings\Data aplikacˇ\ubiduceqyc.vbs
c:\documents and settings\Administrator\Local Settings\Data aplikacˇ\yqymu.reg
c:\documents and settings\Administrator\Local Settings\Temp\IadHide5.dll
c:\windows\desktop\T_301.part1.rar.FDPART

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-09 do 2010-04-09 )))))))))))))))))))))))))))))))
.

2010-04-02 09:38 . 2010-04-02 09:38 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2010-04-02 09:35 . 2010-04-02 09:46 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-02 09:35 . 2010-04-02 09:46 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-02 09:34 . 2010-04-02 09:34 -------- d-----w- c:\program files\Kaspersky Lab
2010-04-02 06:46 . 2010-04-02 09:54 -------- d-----w- c:\program files\PowerStrip
2010-03-27 12:46 . 2010-03-27 12:46 -------- d-----w- c:\program files\Participatory Culture Foundation

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 13:17 . 2008-12-24 22:02 -------- d-----w- c:\program files\FlashGet
2010-04-09 10:33 . 2010-04-08 10:26 0 ----a-w- c:\documents and settings\Administrator\ntuser.tmp
2010-03-28 07:27 . 2001-10-25 14:00 80802 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 07:27 . 2001-10-25 14:00 436968 ----a-w- c:\windows\system32\perfh005.dat
2010-03-24 14:49 . 2009-09-22 13:33 -------- d-----w- c:\program files\Capture-A-ScreenShot
2010-03-23 15:13 . 2009-05-29 06:05 -------- d-----w- c:\program files\Opera
2010-03-20 09:04 . 2008-09-03 08:42 -------- d-----w- c:\program files\Penezni denik
2010-03-11 10:07 . 2009-03-14 11:43 -------- d-----w- c:\program files\ParadisePoker
2010-02-26 05:43 . 2002-09-20 18:05 668160 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2009-01-25 15:38 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-25 20:22 . 2008-09-21 13:17 -------- d-----w- c:\program files\SopCast
2008-10-10 04:32 . 2008-10-10 04:32 17227 ----a-w- c:\program files\Common Files\elyzuk.dat
2008-10-09 07:12 . 2008-10-09 07:12 11906 ----a-w- c:\program files\Common Files\nifuxorilu.db
2006-05-03 10:06 . 2009-04-29 13:36 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-04-29 13:36 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-04-29 13:36 216064 --sh--r- c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2010-02-20 1217872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-03-24 32768]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-01-29 2899968]
"Rapget"="c:\documents and settings\Administrator\Plocha\RAPGET\rapget.exe" [2007-10-07 171008]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"Automaticky EPSON Stylus Photo RX420 Series v STIKCOMP"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-06-29 1990704]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-03 135168]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-04-03 727288]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-23 113664]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-3-24 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-3-24 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15.12.2008 20:41 33808]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [15.7.2007 3:37 27992]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.5.2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16.5.2009 20:59 19472]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.6.2008 11:12 721904]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-23 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7BF17817-5ACC-449A-B7F4-850DC2CCFF2F} - c:\program files\FreshDevices\FreshDownload\fd.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\7pun6uos.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Passware Kit Enterprise - c:\program files\Passware\demos\un-kitd.exe
AddRemove-Space Empires IV Gold - c:\progra~1\Shrapnel Games\Malfador Machinations\Space Empires IV Gold\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 15:31
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2000478354-57989841-725345543-500\Software\Andreas Haak\a*Ű]
"Language"="English"

[HKEY_USERS\S-1-5-21-2000478354-57989841-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f9,90,d8,bc,22,0e,f1,57,9f,dc,90,f4,28,cf,99,c9,22,82,7c,ce,c8,1f,c2,
58,47,65,24,0b,c3,58,5b,cd,5e,8f,8a,5f,d1,0f,a4,10,2d,c3,1e,56,2f,d1,64,47,\
"??"=hex:3d,a3,bc,03,2a,b4,48,62,3f,1b,5e,80,0d,79,2c,9b

[HKEY_USERS\S-1-5-21-2000478354-57989841-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:8b,33,c1,5a,f2,d9,57,24,04,2b,a1,ea,a4,fe,ae,55,3c,1d,37,a1,eb,
d2,fb,7e,5c,de,d5,bb,24,0b,1c,f1,e1,40,17,68,28,92,a5,6e,ed,4a,8a,eb,b1,4d,\
"rkeysecu"=hex:0e,13,85,1b,46,f0,a0,f5,75,6a,61,67,44,d3,e1,f6
.
Celkový čas: 2010-04-09 15:33:24
ComboFix-quarantined-files.txt 2010-04-09 13:33
ComboFix2.txt 2009-10-22 20:52

Před spuštěním: 5 412 290 560
Po spuštění: 5 363 679 232

- - End Of File - - E528C2F29F2C54761AC94090BFC9BAFD

Marek-26 · #8 Příspěvek od **Marek-26** » 11 dub 2010 07:46

Toto mi ještě otestujte na virustotal.com

c:\windows\system32\drivers\sptd.sys

CF pár věcí smazal a nic jiného v logu nevidím. Jak se chová PC?

blecha2 · #9 Příspěvek od **blecha2** » 12 dub 2010 08:00

soubor se neodesle, nevim proc ...

vse ostatni vypada v poradku, díky

Marek-26 · #10 Příspěvek od **Marek-26** » 12 dub 2010 08:37

Klikněte na T-cleaner v mém podpisu a spusťte

Odstraní zbytky po používaných programech.

Kdyby ještě něco dejte vědět

Nemáte zač

VIRY.CZ

zamrzaní, restartování ...

zamrzaní, restartování ...

Re: zamrzaní, restartování ...

Re: zamrzaní, restartování ...

Re: zamrzaní, restartování ...

Re: zamrzaní, restartování ...

Re: zamrzaní, restartování ...

Re: zamrzaní, restartování ...

Re: zamrzaní, restartování ...

Re: zamrzaní, restartování ...

Re: zamrzaní, restartování ...