Prosím o kontrolu logu

[Sheggy]

Zdravím,
poslední dobou mám problém - restartuje se mi PC, seká se mi obraz i zvuk. Mám podezření na nějakého trojského koně. Pomůžete mi?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:23:07, on 5.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\3xHybridRMT.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
D:\Installer.EXE
C:\DOCUME~1\Flexio\LOCALS~1\Temp\SimPack.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Antivir\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AstroburnBar Toolbar - {e802027b-1f2b-40bd-b307-0bd96d036835} - C:\Program Files\AstroburnBar\tbAstr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: AstroburnBar Toolbar - {e802027b-1f2b-40bd-b307-0bd96d036835} - C:\Program Files\AstroburnBar\tbAstr.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AstroburnBar Toolbar - {e802027b-1f2b-40bd-b307-0bd96d036835} - C:\Program Files\AstroburnBar\tbAstr.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\3xHybridRMT.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackBerry Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{84A3C4A9-BC10-4094-B41A-0EF71CBC5A1E}: NameServer = 212.158.128.2,212.128.128.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Sukoku Service - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\Sukoku\sukoku125.exe (file missing)

--
End of file - 13056 bytes

[1danab]

zdravím
vložte prosím log z RSIT - viz. můj podpis

[Sheggy]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Flexio at 2010-05-05 20:14:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 68 GB (29%) free of 238 GB
Total RAM: 959 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:28, on 5.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\3xHybridRMT.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
D:\Installer.EXE
C:\DOCUME~1\Flexio\LOCALS~1\Temp\SimPack.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Flexio\Plocha\RSIT.exe
C:\Program Files\trend micro\Flexio.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AstroburnBar Toolbar - {e802027b-1f2b-40bd-b307-0bd96d036835} - C:\Program Files\AstroburnBar\tbAstr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: AstroburnBar Toolbar - {e802027b-1f2b-40bd-b307-0bd96d036835} - C:\Program Files\AstroburnBar\tbAstr.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AstroburnBar Toolbar - {e802027b-1f2b-40bd-b307-0bd96d036835} - C:\Program Files\AstroburnBar\tbAstr.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\3xHybridRMT.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackBerry Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{84A3C4A9-BC10-4094-B41A-0EF71CBC5A1E}: NameServer = 212.158.128.2,212.128.128.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Sukoku Service - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\Sukoku\sukoku125.exe (file missing)

--
End of file - 13283 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-11-25 202080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-18 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e802027b-1f2b-40bd-b307-0bd96d036835}]
AstroburnBar Toolbar - C:\Program Files\AstroburnBar\tbAstr.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{e802027b-1f2b-40bd-b307-0bd96d036835} - AstroburnBar Toolbar - C:\Program Files\AstroburnBar\tbAstr.dll [2010-03-17 2355224]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25 1496408]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-12 7626752]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-07-12 86016]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"TV Card Remote Control Device Monitor"=C:\WINDOWS\3xHybridRMT.exe [2006-07-27 417792]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-08-01 16049664]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"PowerDVD"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe [2004-01-07 413696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-03-24 1983816]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2009-03-18 767312]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2009-05-12 623888]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2009-04-11 236016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-03-18 149280]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-04-14 2790472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-06-17 2363392]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2008-10-24 206112]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-11-20 434176]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2010-03-28 133368]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BlackBerry Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Rychlé spuštění aplikace HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\ArcSoft\TotalMedia\TotalMedia.exe"="C:\Program Files\ArcSoft\TotalMedia\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"D:\Blobby\volley.exe"="D:\Blobby\volley.exe:*:Enabled:volley"
"C:\Program Files\EA GAMES\Need for Speed Underground 2\speed2.exe"="C:\Program Files\EA GAMES\Need for Speed Underground 2\speed2.exe:*:Disabled:speed2"
"C:\Program Files\CulinatiX\SQL Anywhere 7\win32\rteng7.exe"="C:\Program Files\CulinatiX\SQL Anywhere 7\win32\rteng7.exe:*:Disabled:Adaptive Server Anywhere Database Engine"
"C:\Hry\Fifa 2005\fifa2005.exe"="C:\Hry\Fifa 2005\fifa2005.exe:*:Enabled:fifa2005"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Hry\TrackMania\TmNationsESWC.exe"="C:\Hry\TrackMania\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Hry\hlds.exe"="C:\Hry\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Hry\hl.exe"="C:\Hry\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Hry\TrackMania Sunrise\TmSunrise.exe"="C:\Hry\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"C:\Documents and Settings\Flexio\Plocha\hltv.exe"="C:\Documents and Settings\Flexio\Plocha\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\Valve\cstrike.exe"="C:\Program Files\Valve\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Hry\cstrike\hltv.exe"="C:\Hry\cstrike\hltv.exe:*:Disabled:HLTV Launcher"
"C:\Hry\cstrike\hl.exe"="C:\Hry\cstrike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Games\CS 1.6\hl.exe"="C:\Games\CS 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Games\CS 1.6\valve\hltv.exe"="C:\Games\CS 1.6\valve\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\Capcom\MotoGP 08 Demo\MotoGP 08\Launcher.exe"="C:\Program Files\Capcom\MotoGP 08 Demo\MotoGP 08\Launcher.exe:*:Enabled:MotoGP 08"
"C:\Program Files\EA Sports\NHL07\nhl2007.exe"="C:\Program Files\EA Sports\NHL07\nhl2007.exe:*:Enabled:nhl2007"
"D:\Warcraft III\Warcraft III.exe"="D:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Documents and Settings\Flexio\Plocha\Warcraft III.exe"="C:\Documents and Settings\Flexio\Plocha\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\Warcraft III\War3.exe"="D:\Warcraft III\War3.exe:*:Enabled:Warcraft III"
"C:\Documents and Settings\Flexio\Plocha\Hry\Strategie\Warcraft III.exe"="C:\Documents and Settings\Flexio\Plocha\Hry\Strategie\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Sports Interactive\Football Manager 2009 Demo\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009 Demo\fm.exe:*:Disabled:Football Manager 2009 Demo"
"C:\Documents and Settings\Flexio\Plocha\Warcraft III\Warcraft III.exe"="C:\Documents and Settings\Flexio\Plocha\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\EA Sports\FIFA 10\FIFA10.exe"="C:\Program Files\EA Sports\FIFA 10\FIFA10.exe:*:Enabled:FIFA10"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55b82dac-27a5-11df-be35-00138fe74274}]
shell\AutoRun\command - I:\Startme.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d24c7cb7-7768-11db-9e96-806d6172696f}]
shell\AutoRun\command - D:\Installer.EXE


======List of files/folders created in the last 1 months======

2010-05-05 20:14:48 ----D---- C:\Program Files\trend micro
2010-05-05 20:14:45 ----D---- C:\rsit
2010-05-05 19:30:26 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-05-05 19:30:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-05-05 19:21:56 ----D---- C:\Program Files\Antivir
2010-05-05 14:59:56 ----D---- C:\Program Files\Napoleon Total War
2010-05-04 17:43:59 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonIJEGV
2010-04-29 18:07:18 ----D---- C:\Documents and Settings\Flexio\Data aplikací\Acoustica
2010-04-29 18:07:15 ----A---- C:\WINDOWS\system32\Wnaspint.dll
2010-04-29 18:06:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Acoustica
2010-04-29 17:45:07 ----D---- C:\Documents and Settings\Flexio\Data aplikací\Any Video Converter
2010-04-29 17:45:04 ----D---- C:\Program Files\Any Video Converter
2010-04-28 16:45:05 ----D---- C:\Documents and Settings\Flexio\Data aplikací\MyPhoneExplorer
2010-04-28 16:44:57 ----D---- C:\Program Files\MyPhoneExplorer
2010-04-21 21:48:18 ----D---- C:\Documents and Settings\Flexio\Data aplikací\Apple Computer
2010-04-21 21:30:01 ----D---- C:\Program Files\Common Files\Sony Shared
2010-04-21 21:28:51 ----D---- C:\Program Files\Sony
2010-04-21 21:28:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony Corporation
2010-04-21 21:26:54 ----D---- C:\Program Files\Common Files\Apple
2010-04-21 21:26:25 ----D---- C:\Program Files\Apple Software Update
2010-04-21 21:26:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2010-04-21 21:18:31 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2010-04-21 21:17:45 ----D---- C:\Documents and Settings\Flexio\Data aplikací\Sony Setup
2010-04-21 21:17:45 ----D---- C:\Documents and Settings\Flexio\Data aplikací\Sony
2010-04-21 21:17:39 ----D---- C:\Program Files\Sony Setup
2010-04-21 14:53:53 ----D---- C:\Documents and Settings\Flexio\Data aplikací\Canon
2010-04-20 16:46:56 ----D---- C:\Program Files\Cenega Czech
2010-04-18 17:55:16 ----D---- C:\Program Files\System
2010-04-15 19:08:04 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-15 19:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-15 19:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-15 19:03:45 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 19:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 19:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-13 10:13:44 ----D---- C:\Program Files\SeznamNorem

======List of files/folders modified in the last 1 months======

2010-05-05 20:14:48 ----RD---- C:\Program Files
2010-05-05 20:01:03 ----D---- C:\Documents and Settings\Flexio\Data aplikací\Skype
2010-05-05 19:35:38 ----D---- C:\WINDOWS\Temp
2010-05-05 19:31:03 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-05 19:30:45 ----D---- C:\WINDOWS\system32\drivers
2010-05-05 19:30:41 ----SHD---- C:\WINDOWS\Installer
2010-05-05 19:30:39 ----HD---- C:\Config.Msi
2010-05-05 19:30:38 ----D---- C:\WINDOWS\WinSxS
2010-05-05 19:30:27 ----D---- C:\WINDOWS\system32
2010-05-05 19:30:17 ----D---- C:\Program Files\Alwil Software
2010-05-05 19:01:13 ----D---- C:\Documents and Settings\Flexio\Data aplikací\skypePM
2010-05-05 18:59:37 ----D---- C:\WINDOWS
2010-05-05 10:41:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-05 09:14:17 ----D---- C:\WINDOWS\Prefetch
2010-05-04 20:42:54 ----D---- C:\Program Files\DesetiPrsty
2010-05-04 20:39:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESTsoft
2010-05-04 20:39:30 ----D---- C:\Program Files\Acon Digital Media
2010-05-04 20:39:29 ----D---- C:\Program Files\Common Files
2010-05-04 17:46:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2010-05-04 16:33:14 ----D---- C:\Documents and Settings\Flexio\Data aplikací\ICQ
2010-05-01 19:05:02 ----D---- C:\Program Files\Mozilla Firefox
2010-04-29 17:55:17 ----D---- C:\Documents and Settings\Flexio\Data aplikací\Vso
2010-04-29 17:38:53 ----A---- C:\WINDOWS\win.ini
2010-04-29 17:26:45 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-28 16:23:40 ----HD---- C:\WINDOWS\inf
2010-04-27 19:10:37 ----D---- C:\Program Files\LANGMaster Škola DNES
2010-04-27 19:07:46 ----D---- C:\Program Files\Windows Media Player
2010-04-27 19:07:24 ----D---- C:\WINDOWS\Help
2010-04-25 10:15:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-21 21:29:02 ----RSD---- C:\WINDOWS\assembly
2010-04-21 21:26:29 ----SD---- C:\WINDOWS\Tasks
2010-04-21 21:18:48 ----D---- C:\WINDOWS\system32\mui
2010-04-21 21:18:47 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-04-21 14:55:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJ
2010-04-19 13:31:31 ----D---- C:\Program Files\Astroburn Lite
2010-04-18 09:26:11 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-04-18 09:26:10 ----D---- C:\Program Files\AstroburnBar
2010-04-15 19:08:08 ----A---- C:\WINDOWS\imsins.BAK
2010-04-15 19:07:57 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-08 17:37:42 ----D---- C:\Program Files\Adobe
2010-04-08 07:13:31 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-04-14 28880]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-04-14 162768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-04-14 46672]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-04-14 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-04-14 100432]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 3xHybrid;SAA7135 Analog + Digital TV Card; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-19 683904]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-04-14 23376]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-08-01 4356608]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-12 3934592]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-01-17 47360]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 a2her8oo;a2her8oo; C:\WINDOWS\system32\drivers\a2her8oo.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 s1029bus;Sony Ericsson Device 1029 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1029bus.sys [2009-05-25 90280]
S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1029mdfl.sys [2009-05-25 15016]
S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1029mdm.sys [2009-05-25 122280]
S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1029mgmt.sys [2009-05-25 115880]
S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1029nd5.sys [2009-05-25 26024]
S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1029obex.sys [2009-05-25 111912]
S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1029unic.sys [2009-05-25 116904]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2009-02-10 116104]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-18 153376]
R2 LicCtrlService;LicCtrl Service; C:\WINDOWS\runservice.exe [2008-11-15 2560]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-03-19 335872]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-07-13 131131]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-07-13 65599]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-12 155715]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-07 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2009-04-11 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2009-04-11 170480]
S2 Sukoku Service;Sukoku Service; C:\Documents and Settings\All Users\Data aplikací\Sukoku\sukoku125.exe C:\Program Files\Sukoku\sukoku.dll Service []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-04-03 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-07 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2009-04-11 1108464]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[1danab]

začneme tímto

stahnete a ulozte nejlepe na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:



dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

[Sheggy]

ComboFix 10-05-05.02 - Flexio 05.05.2010 20:47:18.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.959.611 [GMT 2:00]
Spuštěný z: c:\documents and settings\Flexio\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\hpe1C.dll
c:\documents and settings\Flexio\Local Settings\Temporary Internet Files\stb06759.tmp
C:\Install.exe
c:\program files\WindowsUpdate
c:\recycler\S-1-5-21-1663374909-4096183423-13775661-1004
c:\recycler\S-1-5-21-2837457649-3068734647-240352087-1008
c:\windows\system32\dbfb.dll
c:\windows\Temp\tmp3.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-05 do 2010-05-05 )))))))))))))))))))))))))))))))
.

2010-05-05 18:14 . 2010-05-05 18:18 -------- d-----w- c:\program files\trend micro
2010-05-05 18:14 . 2010-05-05 18:18 -------- d-----w- C:\rsit
2010-05-05 17:30 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-05 17:30 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-05 17:30 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-05 17:30 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-05 17:30 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-05 17:30 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-05 17:30 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-05 17:30 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-05 17:30 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-05 17:21 . 2010-05-05 17:21 -------- d-----w- c:\program files\Antivir
2010-05-05 12:59 . 2010-05-05 13:00 -------- d-----w- c:\program files\Napoleon Total War
2010-04-29 16:07 . 2002-11-05 13:16 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2010-04-29 15:45 . 2010-05-04 18:39 -------- d-----w- c:\program files\Any Video Converter
2010-04-28 14:44 . 2010-04-28 14:45 -------- d-----w- c:\program files\MyPhoneExplorer
2010-04-21 19:30 . 2010-04-21 19:30 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-04-21 19:28 . 2010-05-04 18:41 -------- d-----w- c:\program files\Sony
2010-04-21 19:26 . 2010-04-21 19:26 -------- d-----w- c:\program files\Common Files\Apple
2010-04-21 19:26 . 2010-04-21 19:26 -------- d-----w- c:\program files\Apple Software Update
2010-04-21 19:17 . 2010-04-21 19:17 -------- d-----w- c:\program files\Sony Setup
2010-04-20 14:46 . 2010-04-20 14:46 -------- d-----w- c:\program files\Cenega Czech
2010-04-18 15:55 . 2010-04-19 17:20 -------- d-----w- c:\program files\System
2010-04-13 08:13 . 2010-04-13 08:13 -------- d-----w- c:\program files\SeznamNorem

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-05 18:37 . 2008-11-15 19:42 761 --sha-w- c:\windows\system32\mmf.sys
2010-05-05 17:30 . 2007-02-17 19:28 -------- d-----w- c:\program files\Alwil Software
2010-05-05 17:06 . 2010-03-04 17:47 256 ----a-w- c:\windows\system32\pool.bin
2010-05-04 18:42 . 2010-04-01 15:47 -------- d-----w- c:\program files\DesetiPrsty
2010-05-04 18:39 . 2009-02-21 17:10 -------- d-----w- c:\program files\Acon Digital Media
2010-04-27 17:10 . 2008-02-08 16:07 -------- d-----w- c:\program files\LANGMaster Škola DNES
2010-04-25 08:15 . 2009-09-20 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 11:31 . 2010-01-24 13:58 -------- d-----w- c:\program files\Astroburn Lite
2010-04-18 07:26 . 2009-07-24 10:14 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-18 07:26 . 2010-01-24 13:58 -------- d-----w- c:\program files\AstroburnBar
2010-04-03 19:53 . 2010-04-03 19:53 -------- d-----w- c:\program files\Bonjour
2010-04-03 19:53 . 2006-10-16 08:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-03 19:44 . 2010-04-03 19:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-02 07:15 . 2009-09-05 12:45 -------- d-----w- c:\program files\Opera
2010-04-01 10:37 . 2008-09-20 19:28 -------- d-----w- c:\program files\TrackMania Nations ESWC
2010-03-31 18:43 . 2010-02-05 15:05 -------- d-----w- c:\program files\ICQ7.0
2010-03-29 22:46 . 2009-09-20 11:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-09-20 11:51 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 15:05 . 2010-03-28 15:05 -------- d-----w- c:\program files\Common Files\Skype
2010-03-28 15:05 . 2004-08-18 12:00 84034 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 15:05 . 2004-08-18 12:00 441688 ----a-w- c:\windows\system32\perfh005.dat
2010-03-18 15:05 . 2010-03-18 15:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-18 15:05 . 2007-01-17 18:16 -------- d-----w- c:\program files\Java
2010-03-13 18:04 . 2010-03-13 18:04 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-13 18:02 . 2008-03-17 15:11 -------- d-----w- c:\program files\Microsoft Works
2010-03-12 20:28 . 2010-03-12 20:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-10 06:17 . 2004-08-18 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-18 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:09 . 2004-08-18 12:00 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2004-08-17 13:45 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-11 20:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2004-08-18 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-18 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2007-09-11 15:59 . 2007-09-11 15:59 3297799 ----a-w- c:\program files\openofficeorg4.cab
2007-09-11 15:59 . 2007-09-11 15:59 66392154 ----a-w- c:\program files\openofficeorg3.cab
2007-09-11 15:55 . 2007-09-11 15:55 17356442 ----a-w- c:\program files\openofficeorg2.cab
2007-09-11 15:55 . 2007-09-11 15:55 18970031 ----a-w- c:\program files\openofficeorg1.cab
2007-02-17 20:00 . 2007-02-17 19:59 2672152 ----a-w- c:\program files\SetupCloneCD.exe
2007-01-17 11:55 . 2008-06-29 09:36 1117491 ----a-w- c:\program files\dvdshrink32setup.exe
2006-01-18 11:53 . 2007-01-20 18:16 15032036 ----a-w- c:\program files\klcodec268f.exe
2006-01-18 11:38 . 2007-01-20 18:09 10014834 ----a-w- c:\program files\Codecs6029_allin1.exe
2005-10-25 09:18 . 2007-02-17 19:28 9364040 ----a-w- c:\program files\setupcze.exe
2004-10-01 13:00 . 2006-10-16 07:57 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e802027b-1f2b-40bd-b307-0bd96d036835}"= "c:\program files\AstroburnBar\tbAstr.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{e802027b-1f2b-40bd-b307-0bd96d036835}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e802027b-1f2b-40bd-b307-0bd96d036835}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\AstroburnBar\tbAstr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e802027b-1f2b-40bd-b307-0bd96d036835}"= "c:\program files\AstroburnBar\tbAstr.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{e802027b-1f2b-40bd-b307-0bd96d036835}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E802027B-1F2B-40BD-B307-0BD96D036835}"= "c:\program files\AstroburnBar\tbAstr.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{e802027b-1f2b-40bd-b307-0bd96d036835}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-03-28 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"nwiz"="nwiz.exe" [2006-07-12 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-12 86016]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TV Card Remote Control Device Monitor"="c:\windows\3xHybridRMT.exe" [2006-07-27 417792]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 16049664]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"PowerDVD"="c:\program files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe" [2004-01-07 413696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-18 149280]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Voçta\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Canon IJ Status Monitor Canon MP560 series Printer.lnk - c:\windows\system32\rundll32.exe [2004-8-18 33280]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BlackBerry Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-5-12 1701136]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia\TMMonitor.exe [2006-10-16 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Games\\CS 1.6\\valve\\hltv.exe"=
"c:\\Program Files\\EA Sports\\NHL07\\nhl2007.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\EA Sports\\FIFA 10\\FIFA10.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.5.2010 19:30 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.5.2010 19:30 19024]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2.9.2009 17:45 246520]
R3 3xHybrid;SAA7135 Analog + Digital TV Card;c:\windows\system32\drivers\3xHybrid.sys [14.9.2006 13:46 683904]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.8.2007 16:46 691696]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [15.11.2008 21:42 2560]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [4.3.2010 20:44 90112]
S2 Sukoku Service;Sukoku Service;"c:\documents and settings\All Users\Data aplikací\Sukoku\sukoku125.exe" "c:\program files\Sukoku\sukoku.dll" Service --> c:\documents and settings\All Users\Data aplikací\Sukoku\sukoku125.exe [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [4.3.2010 20:44 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [4.3.2010 20:44 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [4.3.2010 20:44 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [4.3.2010 20:44 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [4.3.2010 20:44 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [4.3.2010 20:44 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [4.3.2010 20:44 109864]
S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [4.3.2010 19:25 90280]
S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [4.3.2010 19:25 15016]
S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [4.3.2010 19:25 122280]
S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [4.3.2010 19:25 115880]
S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [4.3.2010 19:25 26024]
S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [4.3.2010 19:25 111912]
S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [4.3.2010 19:25 116904]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {84A3C4A9-BC10-4094-B41A-0EF71CBC5A1E} = 212.158.128.2,212.128.128.3
FF - ProfilePath - c:\documents and settings\Flexio\Data aplikací\Mozilla\Firefox\Profiles\q38taxsa.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - component: c:\documents and settings\Flexio\Data aplikací\Mozilla\Firefox\Profiles\q38taxsa.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-Acoustica Effects Pack - c:\progra~1\ACOUST~2\UNWISE.EXE
AddRemove-Age of Empires Expansion Trial 1.00 - c:\hry\UNINSTX.EXE
AddRemove-Astroburn Lite - c:\program files\Astroburn Lite\uninst.exe
AddRemove-mIRC - c:\docume~1\Flexio\LOCALS~1\Temp\Rar$EX00.859\mIRC\mirc.exe
AddRemove-{B7165C37-8577-4BE5-A661-E2F44A0E8C66}_is1 - c:\program files\CulinatiX\unins000.exe
AddRemove-{E4E3E62E-16D7-425E-009C-DCB5E64F5955} - c:\hry\Fifa 2005\EAUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 21:00
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = c:\windows\3xHybridRMT.exe??T?a??C:?m?a?????????????????????????????????x?:?????????????????????????????????x?:????? C:?????????T?a?x?:?m?a????????????????|?B:?????????????????????????????????????????????????????x?:?????T?a?h?o?m?a???????????A???????@??KA???B

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2837457649-3068734647-240352087-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2837457649-3068734647-240352087-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
h $%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2837457649-3068734647-240352087-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
h $%\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:47,6d,e8,b1,c6,c5,94,c0
"3"=hex:5b,53,7a,c8,b7,14,2f,3a,a5,f3,66,e4,7e,05,8c,fd,1d,76,d8,32,98,c1,48,
c0,8a,52,5f,ab,f7,96,a0,8e,40,12,e0,b1,71,6d,65,05,fc,b0,49,38,91,11,42,42,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:55,bd,54,37,6e,ab,4b,81,d3,d9,17,38,97,df,e8,96,d5,84,e7,99,ea,4e,63,
5f
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:59,c8,db,4e,44,81,2c,dd
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
Celkový čas: 2010-05-05 21:05:53
ComboFix-quarantined-files.txt 2010-05-05 19:05

Před spuštěním: Volných bajtů: 69 152 112 640
Po spuštění: Volných bajtů: 78 439 362 560

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - A8DFF5DA31C973E5CB89EA012F02F075

[1danab]

pokud jste tak ještě neučinil, přesuňte Combofix na plochu

otevřete si Poznámkový blok

do něj zkopírujte skript z následujícího okna:

Kód: Vybrat vše

Driver::
Sukoku Service

File::
c:\documents and settings\All Users\Data aplikací\Sukoku\sukoku125.exe
c:\program files\Sukoku\sukoku.dll
c:\documents and settings\All Users\Data aplikací\Sukoku\sukoku125.exe

uložte vámi vytvořený textový soubor jako CFScript.txt na plochu

po uložení uchopte vámi vytvořený skript levým tlačítkem myši a přesuňte jej nad ikonu Combofixu, nad níž skript upusťte:



po aplikaci by na vás měl vyskočit další log, vložte jej sem

Upozornění: je možné, že po aplikaci skriptu a restartu nenaběhnou Windows, v takovém případě znovu restartujte, po restartu mačkejte F8 a zvolte Poslední známou funkční konfiguraci

další věc...toto otestujte na VIRUSTOTALu

c:\windows\system32\mmf.sys

[Sheggy]

ComboFix 10-05-11.06 - Flexio 12.05.2010 19:20:29.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.959.471 [GMT 2:00]
Spuštěný z: c:\documents and settings\Flexio\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Flexio\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

FILE ::
"c:\documents and settings\All Users\Data aplikací\Sukoku\sukoku125.exe"
"c:\program files\Sukoku\sukoku.dll"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\infocard.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SUKOKU_SERVICE
-------\Service_Sukoku Service


((((((((((((((((((((((((( Soubory vytvořené od 2010-04-12 do 2010-05-12 )))))))))))))))))))))))))))))))
.

2010-05-05 18:14 . 2010-05-05 18:18 -------- d-----w- c:\program files\trend micro
2010-05-05 18:14 . 2010-05-05 18:18 -------- d-----w- C:\rsit
2010-05-05 17:30 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-05 17:30 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-05 17:30 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-05 17:30 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-05 17:30 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-05 17:30 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-05 17:30 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-05 17:30 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-05 17:30 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-05 17:21 . 2010-05-05 17:21 -------- d-----w- c:\program files\Antivir
2010-05-05 12:59 . 2010-05-06 17:25 -------- d-----w- c:\program files\Napoleon Total War
2010-04-29 16:07 . 2002-11-05 13:16 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2010-04-29 15:45 . 2010-05-04 18:39 -------- d-----w- c:\program files\Any Video Converter
2010-04-28 14:44 . 2010-04-28 14:45 -------- d-----w- c:\program files\MyPhoneExplorer
2010-04-21 19:30 . 2010-04-21 19:30 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-04-21 19:28 . 2010-05-04 18:41 -------- d-----w- c:\program files\Sony
2010-04-21 19:26 . 2010-04-21 19:26 -------- d-----w- c:\program files\Common Files\Apple
2010-04-21 19:26 . 2010-04-21 19:26 -------- d-----w- c:\program files\Apple Software Update
2010-04-21 19:17 . 2010-04-21 19:17 -------- d-----w- c:\program files\Sony Setup
2010-04-20 14:46 . 2010-04-20 14:46 -------- d-----w- c:\program files\Cenega Czech
2010-04-18 15:55 . 2010-04-19 17:20 -------- d-----w- c:\program files\System
2010-04-13 08:13 . 2010-04-13 08:13 -------- d-----w- c:\program files\SeznamNorem

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-12 17:34 . 2010-03-04 17:47 256 ----a-w- c:\windows\system32\pool.bin
2010-05-12 17:10 . 2008-11-15 19:42 761 --sha-w- c:\windows\system32\mmf.sys
2010-05-07 09:22 . 2010-04-01 15:47 -------- d-----w- c:\program files\DesetiPrsty
2010-05-06 16:08 . 2008-09-20 19:28 -------- d-----w- c:\program files\TrackMania Nations ESWC
2010-05-05 17:30 . 2007-02-17 19:28 -------- d-----w- c:\program files\Alwil Software
2010-05-04 18:39 . 2009-02-21 17:10 -------- d-----w- c:\program files\Acon Digital Media
2010-04-27 17:10 . 2008-02-08 16:07 -------- d-----w- c:\program files\LANGMaster Škola DNES
2010-04-25 08:15 . 2009-09-20 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 11:31 . 2010-01-24 13:58 -------- d-----w- c:\program files\Astroburn Lite
2010-04-18 07:26 . 2009-07-24 10:14 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-18 07:26 . 2010-01-24 13:58 -------- d-----w- c:\program files\AstroburnBar
2010-04-03 19:53 . 2010-04-03 19:53 -------- d-----w- c:\program files\Bonjour
2010-04-03 19:53 . 2006-10-16 08:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-03 19:44 . 2010-04-03 19:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-02 07:15 . 2009-09-05 12:45 -------- d-----w- c:\program files\Opera
2010-03-31 18:43 . 2010-02-05 15:05 -------- d-----w- c:\program files\ICQ7.0
2010-03-29 22:46 . 2009-09-20 11:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-09-20 11:51 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 15:05 . 2010-03-28 15:05 -------- d-----w- c:\program files\Common Files\Skype
2010-03-28 15:05 . 2004-08-18 12:00 84034 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 15:05 . 2004-08-18 12:00 441688 ----a-w- c:\windows\system32\perfh005.dat
2010-03-18 15:05 . 2010-03-18 15:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-18 15:05 . 2007-01-17 18:16 -------- d-----w- c:\program files\Java
2010-03-13 18:04 . 2010-03-13 18:04 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-13 18:02 . 2008-03-17 15:11 -------- d-----w- c:\program files\Microsoft Works
2010-03-10 06:17 . 2004-08-18 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-18 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:09 . 2004-08-18 12:00 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2004-08-17 13:45 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-11 20:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2004-08-18 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2007-09-11 15:59 . 2007-09-11 15:59 3297799 ----a-w- c:\program files\openofficeorg4.cab
2007-09-11 15:59 . 2007-09-11 15:59 66392154 ----a-w- c:\program files\openofficeorg3.cab
2007-09-11 15:55 . 2007-09-11 15:55 17356442 ----a-w- c:\program files\openofficeorg2.cab
2007-09-11 15:55 . 2007-09-11 15:55 18970031 ----a-w- c:\program files\openofficeorg1.cab
2007-02-17 20:00 . 2007-02-17 19:59 2672152 ----a-w- c:\program files\SetupCloneCD.exe
2007-01-17 11:55 . 2008-06-29 09:36 1117491 ----a-w- c:\program files\dvdshrink32setup.exe
2006-01-18 11:53 . 2007-01-20 18:16 15032036 ----a-w- c:\program files\klcodec268f.exe
2006-01-18 11:38 . 2007-01-20 18:09 10014834 ----a-w- c:\program files\Codecs6029_allin1.exe
2005-10-25 09:18 . 2007-02-17 19:28 9364040 ----a-w- c:\program files\setupcze.exe
2004-10-01 13:00 . 2006-10-16 07:57 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e802027b-1f2b-40bd-b307-0bd96d036835}"= "c:\program files\AstroburnBar\tbAstr.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{e802027b-1f2b-40bd-b307-0bd96d036835}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e802027b-1f2b-40bd-b307-0bd96d036835}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\AstroburnBar\tbAstr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e802027b-1f2b-40bd-b307-0bd96d036835}"= "c:\program files\AstroburnBar\tbAstr.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{e802027b-1f2b-40bd-b307-0bd96d036835}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E802027B-1F2B-40BD-B307-0BD96D036835}"= "c:\program files\AstroburnBar\tbAstr.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{e802027b-1f2b-40bd-b307-0bd96d036835}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-03-28 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"nwiz"="nwiz.exe" [2006-07-12 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-12 86016]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TV Card Remote Control Device Monitor"="c:\windows\3xHybridRMT.exe" [2006-07-27 417792]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 16049664]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"PowerDVD"="c:\program files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe" [2004-01-07 413696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-18 149280]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Voçta\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Canon IJ Status Monitor Canon MP560 series Printer.lnk - c:\windows\system32\rundll32.exe [2004-8-18 33280]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BlackBerry Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-5-12 1701136]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia\TMMonitor.exe [2006-10-16 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Games\\CS 1.6\\valve\\hltv.exe"=
"c:\\Program Files\\EA Sports\\NHL07\\nhl2007.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\EA Sports\\FIFA 10\\FIFA10.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Flexio\\Plocha\\IM55172.JPG-www.myspace.com.exe"= c:\\WINDOWS\\infocard.exe

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.8.2007 16:46 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.5.2010 19:30 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.5.2010 19:30 19024]
R3 3xHybrid;SAA7135 Analog + Digital TV Card;c:\windows\system32\drivers\3xHybrid.sys [14.9.2006 13:46 683904]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [4.3.2010 20:44 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [4.3.2010 20:44 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [4.3.2010 20:44 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [4.3.2010 20:44 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [4.3.2010 20:44 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [4.3.2010 20:44 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [4.3.2010 20:44 109864]
S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [4.3.2010 19:25 90280]
S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [4.3.2010 19:25 15016]
S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [4.3.2010 19:25 122280]
S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [4.3.2010 19:25 115880]
S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [4.3.2010 19:25 26024]
S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [4.3.2010 19:25 111912]
S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [4.3.2010 19:25 116904]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {84A3C4A9-BC10-4094-B41A-0EF71CBC5A1E} = 212.158.128.2,212.128.128.3
FF - ProfilePath - c:\documents and settings\Flexio\Data aplikací\Mozilla\Firefox\Profiles\q38taxsa.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - component: c:\documents and settings\Flexio\Data aplikací\Mozilla\Firefox\Profiles\q38taxsa.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-12 19:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = c:\windows\3xHybridRMT.exe??T?a??B:?m?a?????????????????????????????????x?:?????????????????????????????????x?:??????B:?????????T?a?x?:?m?a????????????????|?B:? ???????????????????????????????????????????????????x?:?????T?a?h?o?m?a????? ?????A???????@??KA???B

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2837457649-3068734647-240352087-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2837457649-3068734647-240352087-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
h $%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2837457649-3068734647-240352087-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
h $%\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:47,6d,e8,b1,c6,c5,94,c0
"3"=hex:5b,53,7a,c8,b7,14,2f,3a,a5,f3,66,e4,7e,05,8c,fd,1d,76,d8,32,98,c1,48,
c0,8a,52,5f,ab,f7,96,a0,8e,40,12,e0,b1,71,6d,65,05,fc,b0,49,38,91,11,42,42,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:55,bd,54,37,6e,ab,4b,81,d3,d9,17,38,97,df,e8,96,d5,84,e7,99,ea,4e,63,
5f
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:59,c8,db,4e,44,81,2c,dd
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1960)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\runservice.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-05-12 19:50:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-12 17:49
ComboFix2.txt 2010-05-05 19:05

Před spuštěním: Volných bajtů: 52 745 142 272
Po spuštění: Volných bajtů: 52 640 899 072

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B1A476F31642CA3E348325D77472A6AF

[1danab]

c:\windows\system32\mmf.sys
c:\\WINDOWS\\infocard.exe

toto otestujte na VIRUSTOTALu
a výsledek sem buď zkopírujte nebo vložte odkaz po dokončení skenu