Poprosim o kontrolu logu. (preventivka)

[nerew]

Logfile of random's system information tool 1.08 (written by random/random)
Run by ADMIN at 2010-08-28 17:25:58
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 213 GB (89%) free of 238 GB
Total RAM: 1527 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:25:59, on 28.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\StopHid.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Eset_TrialReset_serv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\ADMIN\Desktop\RSIT.exe
C:\Program Files\trend micro\ADMIN.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [StopHid] StopHid.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8875555515
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Eset TrialReset (Eset_TrialReset_serv) - Everstrike Software - C:\WINDOWS\Eset_TrialReset_serv.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6807 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-21 16261632]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2004-12-27 550912]
"StopHid"=C:\WINDOWS\StopHid.exe [2003-10-06 40960]
"NWEReboot"= []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-18 1848648]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-03-13 1443072]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-06-01 94208]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2009-11-25 95632]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-05-13 26192168]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="PAVWAIT.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\SYSTEM32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Conference\Conference.dll"="C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2010-08-28 17:25:58 ----D---- C:\rsit
2010-08-28 16:35:45 ----D---- C:\Program Files\Trend Micro
2010-08-28 15:28:40 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-08-28 15:28:31 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2010-08-28 15:28:24 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2010-08-28 15:27:02 ----A---- C:\WINDOWS\system32\drivers\SET5D.tmp
2010-08-28 15:26:59 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-08-28 15:26:56 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2010-08-28 15:25:54 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2010-08-12 12:32:58 ----DC---- C:\WINDOWS\$NtUninstallKB2183461$
2010-08-12 12:32:34 ----DC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-12 12:32:29 ----DC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-12 12:31:34 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-12 12:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-12 12:31:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-12 12:31:16 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-12 12:30:11 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-12 12:29:45 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-07 12:46:33 ----D---- C:\Documents and Settings\ADMIN\Application Data\Corel
2010-08-07 11:18:13 ----D---- C:\Documents and Settings\All Users\Application Data\Corel
2010-08-07 11:14:37 ----D---- C:\Program Files\Common Files\Corel
2010-08-07 11:11:48 ----D---- C:\Program Files\Corel
2010-08-06 18:24:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-07-15 09:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-13 10:30:19 ----D---- C:\Program Files\Safari
2010-07-13 10:30:09 ----D---- C:\Program Files\Bonjour
2010-07-13 10:29:56 ----D---- C:\Program Files\Common Files\Apple
2010-07-13 10:29:47 ----D---- C:\Program Files\Apple Software Update
2010-07-13 10:29:47 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2010-06-14 10:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-14 10:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-14 10:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-14 09:58:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-14 09:58:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-14 09:58:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-14 09:58:35 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-06-03 10:06:21 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-06-03 10:06:18 ----D---- C:\Program Files\Common Files\Java
2010-06-03 10:05:52 ----A---- C:\WINDOWS\system32\javaws.exe
2010-06-03 10:05:52 ----A---- C:\WINDOWS\system32\javaw.exe
2010-06-03 10:05:52 ----A---- C:\WINDOWS\system32\java.exe
2010-06-03 10:05:52 ----A---- C:\WINDOWS\system32\deployJava1.dll

======List of files/folders modified in the last 3 months======

2010-08-28 17:25:58 ----D---- C:\WINDOWS\Temp
2010-08-28 17:24:54 ----D---- C:\Documents and Settings\ADMIN\Application Data\Skype
2010-08-28 17:12:55 ----D---- C:\WINDOWS\system32
2010-08-28 17:09:06 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-28 16:53:37 ----D---- C:\WINDOWS
2010-08-28 16:48:07 ----HD---- C:\WINDOWS\inf
2010-08-28 16:35:46 ----SHD---- C:\Config.Msi
2010-08-28 16:35:46 ----SD---- C:\Documents and Settings\ADMIN\Application Data\Microsoft
2010-08-28 16:35:45 ----SHD---- C:\WINDOWS\Installer
2010-08-28 15:28:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-28 15:28:34 ----D---- C:\WINDOWS\system32\drivers
2010-08-24 18:17:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-19 14:51:28 ----A---- C:\WINDOWS\imsins.BAK
2010-08-19 14:50:14 ----D---- C:\Program Files\Movie Maker
2010-08-19 14:47:42 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-19 14:46:09 ----D---- C:\WINDOWS\Prefetch
2010-08-19 14:43:16 ----D---- C:\WINDOWS\system32\config
2010-08-19 14:43:05 ----D---- C:\WINDOWS\system32\wbem
2010-08-19 14:43:04 ----D---- C:\WINDOWS\Registration
2010-08-19 14:42:52 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-08-19 13:49:13 ----D---- C:\WINDOWS\Minidump
2010-08-18 11:30:04 ----D---- C:\Documents and Settings\ADMIN\Application Data\Adobe
2010-08-16 15:09:25 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2010-08-12 12:32:33 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-12 12:32:17 ----A---- C:\WINDOWS\win.ini
2010-08-07 11:15:05 ----RSD---- C:\WINDOWS\Fonts
2010-08-07 11:14:56 ----D---- C:\WINDOWS\WinSxS
2010-08-07 11:14:37 ----D---- C:\Program Files\Common Files
2010-08-07 11:11:48 ----RD---- C:\Program Files
2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-29 12:11:32 ----D---- C:\Program Files\Mozilla Firefox
2010-07-27 08:30:35 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-20 10:11:41 ----RD---- C:\Program Files\Skype
2010-07-20 10:11:22 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-07-15 09:10:45 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-13 10:40:48 ----D---- C:\Documents and Settings\ADMIN\Application Data\Apple Computer
2010-07-13 10:29:50 ----SD---- C:\WINDOWS\Tasks
2010-07-07 13:01:10 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-30 14:31:35 ----A---- C:\WINDOWS\system32\schannel.dll
2010-06-22 09:47:41 ----D---- C:\FOREX PLATFORM
2010-06-17 16:03:00 ----A---- C:\WINDOWS\system32\iccvid.dll
2010-06-14 09:41:45 ----A---- C:\WINDOWS\system32\msxml3.dll
2010-06-09 11:15:06 ----D---- C:\Sebastian
2010-06-03 10:05:22 ----D---- C:\Program Files\Java
2010-06-02 14:03:34 ----D---- C:\forex platforms

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-07-24 36528]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-03-13 29704]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-03-13 54280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-03-13 40456]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-03-13 71176]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-03-13 30728]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320]
R2 Eset_TrialReset_serv;Eset TrialReset; C:\WINDOWS\Eset_TrialReset_serv.exe [2008-07-27 69632]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2006-02-28 3584]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-03-13 19200]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

[Rudy]

Odinstalujte cracklý NOD a NODFix. Místo něj použijte některé free řešení. To, zda je log v pořádku, či nikoli, vám povím až potom.

[nerew]

HOTOVO

Logfile of random's system information tool 1.08 (written by random/random)
Run by ADMIN at 2010-08-28 21:55:23
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 214 GB (90%) free of 238 GB
Total RAM: 1535 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:55:25, on 28.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\StopHid.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Documents and Settings\ADMIN\Desktop\RSIT.exe
C:\Program Files\trend micro\ADMIN.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [StopHid] StopHid.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8875555515
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6520 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-21 16261632]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2004-12-27 550912]
"StopHid"=C:\WINDOWS\StopHid.exe [2003-10-06 40960]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-18 1848648]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2215064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-06-01 94208]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2009-11-25 95632]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Eset_TrialReset_serv"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2010-08-28 21:52:20 ----D---- C:\WINDOWS\LastGood
2010-08-28 20:45:07 ----A---- C:\ComboFix.txt
2010-08-28 20:40:49 ----A---- C:\Boot.bak
2010-08-28 20:40:44 ----RASHD---- C:\cmdcons
2010-08-28 20:39:05 ----A---- C:\WINDOWS\zip.exe
2010-08-28 20:39:05 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-28 20:39:05 ----A---- C:\WINDOWS\SWSC.exe
2010-08-28 20:39:05 ----A---- C:\WINDOWS\SWREG.exe
2010-08-28 20:39:05 ----A---- C:\WINDOWS\sed.exe
2010-08-28 20:39:05 ----A---- C:\WINDOWS\PEV.exe
2010-08-28 20:39:05 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-28 20:39:05 ----A---- C:\WINDOWS\MBR.exe
2010-08-28 20:39:05 ----A---- C:\WINDOWS\grep.exe
2010-08-28 20:35:57 ----D---- C:\WINDOWS\ERDNT
2010-08-28 20:34:03 ----D---- C:\Qoobox
2010-08-28 17:25:58 ----D---- C:\rsit
2010-08-28 16:35:45 ----D---- C:\Program Files\Trend Micro
2010-08-28 15:28:40 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-08-28 15:28:31 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2010-08-28 15:28:24 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2010-08-28 15:27:02 ----A---- C:\WINDOWS\system32\drivers\SET5D.tmp
2010-08-28 15:26:59 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-08-28 15:26:56 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2010-08-28 15:25:54 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2010-08-12 12:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2183461$
2010-08-12 12:32:34 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-12 12:32:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-12 12:31:34 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-12 12:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-12 12:31:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-12 12:31:16 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-12 12:30:11 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-12 12:29:45 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-07 12:46:33 ----D---- C:\Documents and Settings\ADMIN\Application Data\Corel
2010-08-07 11:18:13 ----D---- C:\Documents and Settings\All Users\Application Data\Corel
2010-08-07 11:14:37 ----D---- C:\Program Files\Common Files\Corel
2010-08-07 11:11:48 ----D---- C:\Program Files\Corel
2010-08-06 18:24:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-04 11:50:36 ----A---- C:\WINDOWS\system32\drivers\eamon.sys
2010-08-03 13:28:36 ----A---- C:\WINDOWS\system32\drivers\epfwtdi.sys
2010-07-29 13:31:26 ----A---- C:\WINDOWS\system32\drivers\epfwndis.sys
2010-07-29 13:31:26 ----A---- C:\WINDOWS\system32\drivers\epfw.sys
2010-07-29 13:31:26 ----A---- C:\WINDOWS\system32\drivers\ehdrv.sys
2010-07-15 09:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-13 10:30:19 ----D---- C:\Program Files\Safari
2010-07-13 10:30:09 ----D---- C:\Program Files\Bonjour
2010-07-13 10:29:56 ----D---- C:\Program Files\Common Files\Apple
2010-07-13 10:29:47 ----D---- C:\Program Files\Apple Software Update
2010-07-13 10:29:47 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2010-06-14 10:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-14 10:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-14 10:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-14 09:58:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-14 09:58:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-14 09:58:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-14 09:58:35 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-06-03 10:06:21 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-06-03 10:06:18 ----D---- C:\Program Files\Common Files\Java
2010-06-03 10:05:52 ----A---- C:\WINDOWS\system32\javaws.exe
2010-06-03 10:05:52 ----A---- C:\WINDOWS\system32\javaw.exe
2010-06-03 10:05:52 ----A---- C:\WINDOWS\system32\java.exe
2010-06-03 10:05:52 ----A---- C:\WINDOWS\system32\deployJava1.dll

======List of files/folders modified in the last 3 months======

2010-08-28 21:55:24 ----D---- C:\WINDOWS\Temp
2010-08-28 21:52:34 ----D---- C:\Config.Msi
2010-08-28 21:52:33 ----SHD---- C:\WINDOWS\Installer
2010-08-28 21:52:27 ----HD---- C:\WINDOWS\inf
2010-08-28 21:52:27 ----D---- C:\WINDOWS\system32\drivers
2010-08-28 21:52:20 ----D---- C:\WINDOWS
2010-08-28 21:52:18 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-28 21:47:29 ----D---- C:\WINDOWS\Prefetch
2010-08-28 21:43:46 ----D---- C:\Documents and Settings\ADMIN\Application Data\Skype
2010-08-28 21:41:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-28 21:34:37 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2010-08-28 21:27:08 ----RASH---- C:\boot.ini
2010-08-28 21:27:08 ----A---- C:\WINDOWS\win.ini
2010-08-28 21:27:08 ----A---- C:\WINDOWS\system.ini
2010-08-28 21:26:51 ----D---- C:\WINDOWS\pss
2010-08-28 20:43:51 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-28 20:43:36 ----D---- C:\WINDOWS\system32
2010-08-28 20:42:30 ----D---- C:\WINDOWS\AppPatch
2010-08-28 20:42:27 ----D---- C:\Program Files\Common Files
2010-08-28 19:34:09 ----D---- C:\Program Files\ESET
2010-08-28 17:31:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-28 17:31:04 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-28 17:30:57 ----A---- C:\WINDOWS\imsins.BAK
2010-08-28 16:35:46 ----SD---- C:\Documents and Settings\ADMIN\Application Data\Microsoft
2010-08-19 14:50:14 ----D---- C:\Program Files\Movie Maker
2010-08-19 14:43:16 ----D---- C:\WINDOWS\system32\config
2010-08-19 14:43:05 ----D---- C:\WINDOWS\system32\wbem
2010-08-19 14:43:04 ----D---- C:\WINDOWS\Registration
2010-08-19 14:42:52 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-08-19 13:49:13 ----D---- C:\WINDOWS\Minidump
2010-08-18 11:30:04 ----D---- C:\Documents and Settings\ADMIN\Application Data\Adobe
2010-08-16 15:09:25 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2010-08-12 12:32:33 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-07 11:15:05 ----RSD---- C:\WINDOWS\Fonts
2010-08-07 11:14:56 ----D---- C:\WINDOWS\WinSxS
2010-08-07 11:11:48 ----RD---- C:\Program Files
2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-29 12:11:32 ----D---- C:\Program Files\Mozilla Firefox
2010-07-27 08:30:35 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-20 10:11:41 ----RD---- C:\Program Files\Skype
2010-07-20 10:11:22 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-07-15 09:10:45 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-13 10:40:48 ----D---- C:\Documents and Settings\ADMIN\Application Data\Apple Computer
2010-07-13 10:29:50 ----SD---- C:\WINDOWS\Tasks
2010-07-07 13:01:10 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-30 14:31:35 ----A---- C:\WINDOWS\system32\schannel.dll
2010-06-24 14:10:44 ----A---- C:\WINDOWS\system32\wininet.dll
2010-06-24 14:10:44 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-06-24 14:10:44 ----A---- C:\WINDOWS\system32\shdocvw.dll
2010-06-24 14:10:44 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-06-24 14:10:44 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-06-24 14:10:44 ----A---- C:\WINDOWS\system32\ieencode.dll
2010-06-24 14:10:44 ----A---- C:\WINDOWS\system32\browseui.dll
2010-06-22 09:47:41 ----D---- C:\FOREX PLATFORM
2010-06-17 16:03:00 ----A---- C:\WINDOWS\system32\iccvid.dll
2010-06-14 09:41:45 ----A---- C:\WINDOWS\system32\msxml3.dll
2010-06-09 11:15:06 ----D---- C:\Sebastian
2010-06-03 10:05:22 ----D---- C:\Program Files\Java
2010-06-02 14:03:34 ----D---- C:\forex platforms

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-07-24 36528]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-08-03 55256]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-07-29 32608]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMIN\LOCALS~1\Temp\catchme.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 33584]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 Eset_TrialReset_serv;Eset TrialReset; C:\WINDOWS\Eset_TrialReset_serv.exe []

-----------------EOF-----------------

[Rudy]

Děláte si legraci? Co je toto:

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Eset_TrialReset_serv"=2
C:\WINDOWS\Eset_TrialReset_serv.exe

??
Věřte, že se vaším logem nebudu zabývat, dokud tam budou podobné položky. Odinstaloval jste pouze NODFix.

[nerew]

posledny riadok logu:
S4 Eset_TrialReset_serv;Eset TrialReset; C:\WINDOWS\Eset_TrialReset_serv.exe []

S4 = stopped, disabled

robil som co som mohol aby som to odtial dostal no nepodarilo sa mi to. moc sa nevyznam. v kazdom pripade uz sa to nepouziva. Ten subor tam uz ani fyzicky na disku nie je, vymazal som ho.

[Rudy]

OK. Dělal jste sken ComboFix. Dejte z něj log.

[nerew]

ComboFix 10-08-27.03 - ADMIN 28.08.2010 20:41:21.1.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1535.874 [GMT 2:00]
Running from: c:\documents and settings\ADMIN\My Documents\Preberanie\ComboFix.exe
AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\usp10(2).dll

.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-28 )))))))))))))))))))))))))))))))
.

2010-08-28 18:11 . 2010-08-28 18:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-08-28 15:25 . 2010-08-28 15:26 -------- d-----w- C:\rsit
2010-08-28 15:09 . 2010-08-28 15:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-28 14:35 . 2010-08-28 14:35 388096 ----a-r- c:\documents and settings\ADMIN\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-28 14:35 . 2010-08-28 18:23 -------- d-----w- c:\program files\Trend Micro
2010-08-28 13:28 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-08-28 13:28 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-08-28 13:28 . 2001-08-17 11:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-08-28 13:28 . 2001-08-17 11:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-08-28 13:28 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-08-28 13:28 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-08-28 13:26 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-08-28 13:26 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-08-28 13:25 . 2010-08-28 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-08-19 12:43 . 2010-08-19 12:43 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-07 10:46 . 2010-08-07 10:46 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Corel
2010-08-07 09:18 . 2010-08-07 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-08-07 09:14 . 2010-08-07 09:14 -------- d-----w- c:\program files\Common Files\Corel
2010-08-07 09:11 . 2010-08-07 09:11 -------- d-----w- c:\program files\Corel
2010-08-04 08:18 . 2010-08-04 08:18 503808 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3b5a6d1f-n\msvcp71.dll
2010-08-04 08:18 . 2010-08-04 08:18 499712 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3b5a6d1f-n\jmc.dll
2010-08-04 08:18 . 2010-08-04 08:18 348160 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3b5a6d1f-n\msvcr71.dll
2010-08-04 08:18 . 2010-08-04 08:18 61440 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7519bb1f-n\decora-sse.dll
2010-08-04 08:18 . 2010-08-04 08:18 12800 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7519bb1f-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-28 18:43 . 2009-04-20 12:26 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Skype
2010-08-28 17:34 . 2009-02-23 16:02 -------- d-----w- c:\program files\ESET
2010-08-28 13:27 . 2010-08-28 13:27 0 ----a-w- c:\windows\system32\drivers\SET5D.tmp
2010-08-16 13:09 . 2009-01-23 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-08-09 07:55 . 2010-07-13 08:40 42632 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-07 10:46 . 2007-05-31 08:54 71256 ----a-w- c:\documents and settings\ADMIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-20 08:11 . 2009-04-20 12:25 -------- d-----r- c:\program files\Skype
2010-07-20 08:11 . 2008-10-31 09:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-13 08:40 . 2010-02-15 11:22 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Apple Computer
2010-07-13 08:30 . 2010-07-13 08:30 -------- d-----w- c:\program files\Safari
2010-07-13 08:30 . 2010-07-13 08:30 -------- d-----w- c:\program files\Bonjour
2010-07-13 08:29 . 2010-07-13 08:29 -------- d-----w- c:\program files\Common Files\Apple
2010-07-13 08:29 . 2010-07-13 08:29 -------- d-----w- c:\program files\Apple Software Update
2010-07-13 08:29 . 2010-07-13 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-02 10:43 . 2010-07-02 10:43 55256 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2010-07-02 10:43 . 2010-07-02 10:43 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-06-30 12:31 . 2006-02-28 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:10 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:10 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-02-28 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-02-28 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-02-28 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-05-11 14:14 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-04 10:29 . 2010-06-04 10:29 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-03 08:06 . 2010-06-03 08:06 503808 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50184cff-n\msvcp71.dll
2010-06-03 08:06 . 2010-06-03 08:06 499712 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50184cff-n\jmc.dll
2010-06-03 08:06 . 2010-06-03 08:06 348160 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50184cff-n\msvcr71.dll
2010-06-03 08:06 . 2010-06-03 08:06 61440 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6f935ac0-n\decora-sse.dll
2010-06-03 08:06 . 2010-06-03 08:06 12800 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6f935ac0-n\decora-d3d.dll
2007-10-02 08:14 . 2007-10-02 08:14 204 ----a-w- c:\program files\2OL3GF17.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"CHotkey"="mHotkey.exe" [2004-12-27 550912]
"StopHid"="StopHid.exe" [2003-10-06 40960]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-07-02 2202704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-15 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [28.4.2010 8:17 114984]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2.7.2010 12:43 810144]
S2 Eset_TrialReset_serv;Eset TrialReset;c:\windows\Eset_TrialReset_serv.exe --> c:\windows\Eset_TrialReset_serv.exe [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [28.2.2006 14:00 3584]
.
Contents of the 'Scheduled Tasks' folder

2010-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\3gpbn0kw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.zoznam.sk/
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-Video Conference - c:\program files\Conference\Conference.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 20:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-28 20:45:06
ComboFix-quarantined-files.txt 2010-08-28 18:45

Pre-Run: 222 910 865 408 bytes free
Post-Run: 18 adresárov, 224 392 683 520 voľných bajtov

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 77FF1853C20B4E3CC4AFE46D51E626F2

[Rudy]

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\program files\2OL3GF17.bat

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Eset_TrialReset_serv"=-

Driver::
Eset_TrialReset_serv
NOD32FiXTemDono

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[nerew]

Vykonane. Vdaka za pomoc.

ComboFix 10-08-27.03 - ADMIN 29.08.2010 14:00:39.2.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1535.984 [GMT 2:00]
Running from: c:\documents and settings\ADMIN\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ADMIN\Desktop\CFScript.txt.txt
AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active


file zipped: c:\program files\2OL3GF17.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\2OL3GF17.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ESET_TRIALRESET_SERV
-------\Service_Eset_TrialReset_serv


((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.

2010-08-28 18:11 . 2010-08-28 18:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-08-28 15:25 . 2010-08-28 15:26 -------- d-----w- C:\rsit
2010-08-28 15:09 . 2010-08-28 15:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-28 14:35 . 2010-08-28 14:35 388096 ----a-r- c:\documents and settings\ADMIN\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-28 14:35 . 2010-08-28 19:55 -------- d-----w- c:\program files\Trend Micro
2010-08-28 13:28 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-08-28 13:28 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-08-28 13:28 . 2001-08-17 11:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-08-28 13:28 . 2001-08-17 11:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-08-28 13:28 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-08-28 13:28 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-08-28 13:26 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-08-28 13:26 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-08-28 13:25 . 2010-08-28 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-08-19 12:43 . 2010-08-19 12:43 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-07 10:46 . 2010-08-07 10:46 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Corel
2010-08-07 09:18 . 2010-08-07 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-08-07 09:14 . 2010-08-07 09:14 -------- d-----w- c:\program files\Common Files\Corel
2010-08-07 09:11 . 2010-08-07 09:11 -------- d-----w- c:\program files\Corel
2010-08-04 09:50 . 2010-08-04 09:50 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-08-04 08:18 . 2010-08-04 08:18 503808 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3b5a6d1f-n\msvcp71.dll
2010-08-04 08:18 . 2010-08-04 08:18 499712 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3b5a6d1f-n\jmc.dll
2010-08-04 08:18 . 2010-08-04 08:18 348160 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3b5a6d1f-n\msvcr71.dll
2010-08-04 08:18 . 2010-08-04 08:18 61440 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7519bb1f-n\decora-sse.dll
2010-08-04 08:18 . 2010-08-04 08:18 12800 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7519bb1f-n\decora-d3d.dll
2010-08-03 11:28 . 2010-08-03 11:28 55256 ----a-w- c:\windows\system32\drivers\epfwtdi.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 12:07 . 2009-04-20 12:26 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Skype
2010-08-28 19:34 . 2008-10-20 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-08-28 17:34 . 2009-02-23 16:02 -------- d-----w- c:\program files\ESET
2010-08-28 13:27 . 2010-08-28 13:27 0 ----a-w- c:\windows\system32\drivers\SET5D.tmp
2010-08-16 13:09 . 2009-01-23 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-08-09 07:55 . 2010-07-13 08:40 42632 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-07 10:46 . 2007-05-31 08:54 71256 ----a-w- c:\documents and settings\ADMIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-29 11:31 . 2010-07-29 11:31 32608 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-07-29 11:31 . 2010-07-29 11:31 134512 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-07-29 11:31 . 2010-07-29 11:31 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-07-20 08:11 . 2009-04-20 12:25 -------- d-----r- c:\program files\Skype
2010-07-20 08:11 . 2008-10-31 09:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-13 08:40 . 2010-02-15 11:22 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Apple Computer
2010-07-13 08:30 . 2010-07-13 08:30 -------- d-----w- c:\program files\Safari
2010-07-13 08:30 . 2010-07-13 08:30 -------- d-----w- c:\program files\Bonjour
2010-07-13 08:29 . 2010-07-13 08:29 -------- d-----w- c:\program files\Common Files\Apple
2010-07-13 08:29 . 2010-07-13 08:29 -------- d-----w- c:\program files\Apple Software Update
2010-07-13 08:29 . 2010-07-13 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-06-30 12:31 . 2006-02-28 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:10 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:10 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-02-28 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-02-28 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-02-28 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-05-11 14:14 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-04 10:29 . 2010-06-04 10:29 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-03 08:06 . 2010-06-03 08:06 503808 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50184cff-n\msvcp71.dll
2010-06-03 08:06 . 2010-06-03 08:06 499712 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50184cff-n\jmc.dll
2010-06-03 08:06 . 2010-06-03 08:06 348160 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50184cff-n\msvcr71.dll
2010-06-03 08:06 . 2010-06-03 08:06 61440 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6f935ac0-n\decora-sse.dll
2010-06-03 08:06 . 2010-06-03 08:06 12800 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6f935ac0-n\decora-d3d.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-28_18.43.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-29 12:06 . 2010-08-29 12:06 16384 c:\windows\temp\Perflib_Perfdata_1e0.dat
+ 2010-08-28 19:52 . 2010-08-28 19:52 97384 c:\windows\Installer\{9E693203-C3D6-4FCE-A2C0-AE819887BD3F}\egui.exe
+ 2010-08-28 19:52 . 2010-08-28 19:52 10134 c:\windows\Installer\{9E693203-C3D6-4FCE-A2C0-AE819887BD3F}\callmsi.exe
+ 2010-08-28 19:52 . 2010-08-28 19:52 978944 c:\windows\Installer\8fe80.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"CHotkey"="mHotkey.exe" [2004-12-27 550912]
"StopHid"="StopHid.exe" [2003-10-06 40960]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-15 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.8.2010 14:16 810144]
.
Contents of the 'Scheduled Tasks' folder

2010-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\3gpbn0kw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.zoznam.sk/
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-29 14:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\mHotkey.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\StopHid.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2010-08-29 14:09:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-29 12:09
ComboFix2.txt 2010-08-28 18:45

Pre-Run: 224 040 013 824 bytes free
Post-Run: 18 adresárov, 223 968 894 976 voľných bajtov

- - End Of File - - 96D3358C349F636FD23C0023A7AA0AC0

[Rudy]

Log již vypadá čistý. Nemáte zač!