VIRY.CZ

Při pokusu spustit PC v Nouzovém režimu se komp dokola restartuje
Možná dělám něco špatně ?

Tak na GMER kašlete.
Jen ještě něco v CF.

~~~

Otevřete si Poznámkový blok a vkopírujte do něj uložte to na Plochu jako CFScript.txt Pak jej myší přetáhněte nad ComboFix (musí být na Ploše) a pusťte (vizte obrázek).



ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem vložte log, který na Vás po dočistění vybafne.

...zatím šrotuje

...po jednom seknutí a delším trápení něco přece jen vypotil (zatím díky a pokračování zítra):

ComboFix 10-01-27.06 - Uživatel 29.01.2010 0:43.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.183 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFscript.txt
AV: avast! antivirus 4.8.1368 [VPS 100128-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-28 do 2010-01-28 )))))))))))))))))))))))))))))))
.

2010-01-28 22:19 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-28 22:19 . 2010-01-28 22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 22:19 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-28 20:44 . 2010-01-28 20:45 -------- d-----w- c:\program files\trend micro
2010-01-28 20:44 . 2010-01-28 20:45 -------- d-----w- C:\rsit
2010-01-28 18:33 . 2010-01-28 18:33 -------- d-----w- c:\program files\CCleaner
2010-01-26 19:38 . 2010-01-26 19:38 -------- d-----w- c:\program files\FreeTime
2010-01-26 15:31 . 2010-01-26 15:31 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-09 19:15 . 2010-01-09 19:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-09 19:15 . 2010-01-09 19:15 -------- d-----w- c:\program files\Java
2010-01-09 18:44 . 2010-01-09 18:44 -------- d-----w- c:\program files\AVI FourCC CZ
2010-01-09 18:41 . 2010-01-09 18:41 -------- d-----w- c:\program files\AVIcodec
2010-01-07 18:19 . 2004-08-03 22:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-01-07 18:19 . 2004-08-03 22:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-01-07 18:19 . 2004-08-03 22:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-01-07 18:19 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-01-07 18:13 . 2010-01-07 18:13 -------- d-----w- c:\program files\Common Files\FotoWire
2010-01-07 18:12 . 2004-05-21 19:05 53248 ----a-r- c:\windows\system32\InstMed.exe
2010-01-06 21:58 . 2010-01-06 21:58 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-06 21:54 . 2010-01-06 21:54 -------- d-----w- c:\program files\Common Files\Skype
2010-01-06 21:54 . 2010-01-06 21:54 -------- d-----r- c:\program files\Skype
2009-12-30 09:44 . 2009-12-30 09:44 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-30 09:43 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-30 09:42 . 2009-12-30 09:42 -------- d-----w- c:\program files\PC Connectivity Solution

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 23:54 . 2009-09-09 19:54 1606 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-01-28 17:36 . 2007-11-23 17:15 102400 ----a-w- c:\windows\DUMP4205.tmp
2010-01-07 18:13 . 2010-01-07 18:11 -------- d-----w- c:\program files\Logitech
2010-01-07 18:11 . 2010-01-07 18:11 -------- d-----w- c:\program files\Common Files\Logitech
2010-01-07 18:11 . 2010-01-07 18:11 81920 ------r- c:\windows\bwUnin-6.1.4.68-8876480L.exe
2010-01-07 18:11 . 2007-11-23 18:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-30 09:44 . 2008-06-15 15:33 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-30 09:44 . 2008-06-15 15:32 -------- d-----w- c:\program files\Nokia
2009-12-29 20:23 . 2009-08-22 07:59 -------- d-----w- c:\program files\Google
2009-12-25 20:57 . 2009-12-25 20:57 -------- d-----w- c:\program files\PDF reDirect
2009-12-25 20:55 . 2009-12-25 20:55 6402936 ----a-w- c:\program files\Install_PDFR_v226.exe
2009-12-25 13:14 . 2009-12-25 13:14 -------- d-----w- c:\program files\ActivePDF
2009-12-13 18:36 . 2009-12-09 21:34 -------- d-----w- c:\program files\SlySoft
2009-11-24 23:54 . 2009-08-20 16:59 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-08-20 16:59 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-08-20 16:59 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-08-20 16:59 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-08-20 16:59 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-08-20 16:59 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-08-20 16:59 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-08-20 16:59 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-08-20 16:59 97480 ----a-w- c:\windows\system32\AvastSS.scr
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-07-16 1409136]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-12-21 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-12-19 2846720]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-21 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-13 108544]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-1-7 450560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.11.2007 23:11 685816]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20.8.2009 17:59 114768]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [30.12.2007 11:21 9856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.8.2009 17:59 20560]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [30.12.2007 11:21 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [30.12.2007 11:21 167040]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [30.12.2007 11:21 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [30.12.2007 11:21 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [30.12.2007 11:21 10496]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [30.12.2007 11:26 9446]
S2 gupdate1ca22fe99783ef4;Služba Google Update (gupdate1ca22fe99783ef4);c:\program files\Google\Update\GoogleUpdate.exe [22.8.2009 9:00 133104]
S3 AC2003;AC2003;c:\windows\system32\drivers\AC2003.sys [23.11.2007 20:45 4224]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-22 07:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 00:53
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82F641E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8759fc3
\Driver\ACPI -> ACPI.sys @ 0xf85aacb8
\Driver\atapi -> 0x82f641e8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e4154
ParseProcedure -> ntoskrnl.exe @ 0x8057c799
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e4154
ParseProcedure -> ntoskrnl.exe @ 0x8057c799
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf8449bc3
PacketIndicateHandler -> NDIS.sys @ 0xf8455b21
SendHandler -> NDIS.sys @ 0xf8449d33
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscdll.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-01-29 00:56:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-28 23:56
ComboFix2.txt 2010-01-28 22:05
ComboFix3.txt 2010-01-28 21:09

Před spuštěním: 8 579 837 952
Po spuštění: 8 539 791 360

- - End Of File - - 06F552E477AAF718130EF918A7D7F461

Zdravím, můžeme navázat na včerejší (resp. dnešní) postup v boji s virem ?

Ano, jsem zde.

~~~

Odinstalujte ComboFix
Start >> Spustit >> vkopírujte do okénka: >> stiskněte Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.

~~~

Stáhněte OTC a dvojklikem ho spusťte.
Klikněte na 'CleanUp!'. Budete vyzváni k restartu - to proveďte.

~~~

Zkuste pročistit PC CCleanerem.
Nainstalujte, jen dávejte pozor a při instalaci odfajfkujte položku Instalovat Yahoo! Toolbar.
Spusťte.

Záložka Čistič -> nechte zatrženo vše, jak je, a klikněte na 'Spustit CCleaner'.

Záložka Registry > klikněte na 'Hledej problémy'. Vyhledá problémy v registru, až dokončí analyzování, klikněte na 'Opravit vybrané problémy'. Nabídne Vám vytvoření zálohy - pro jistotu ji vytvořte a uložte například na Plochu.

CCleaner doporučuji používat pravidelně, celkem rapidně dokáže zrychlit PC.

~~~

Zkuste defragmentovat disk. Buď pomocí integrovaného Windowsáckého nástroje (není moc dobrý), nebo například přes Defraggler. Dobré zkušenosti mám taky s jednoduchým JKDefrag, který se nemusí instalovat.

~~~

Nakonec budu chtít vidět nový RSIT log.

....díky, du na to !

Jasně.

Kontrolní otázka: "odfajfkovat" předpokládám, znamená NEZATRHNOUT ?

Ano.

....tak tady je to:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Uživatel at 2010-01-29 22:50:37
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 8 GB (10%) free of 80 GB
Total RAM: 511 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50:42, on 29.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\Uživatel\Plocha\RSIT.exe
C:\Program Files\trend micro\Uživatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Služba Google Update (gupdate1ca22fe99783ef4) (gupdate1ca22fe99783ef4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9085 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-08-22 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-05-14 67072]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-12 339968]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2004-07-16 1409136]
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe [2004-03-11 406016]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2007-12-21 90112]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2007-12-19 2846720]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2004-05-21 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2004-06-01 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2004-06-01 217088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2004-06-01 196608]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-01-29 22:50:37 ----D---- C:\rsit
2010-01-29 22:10:24 ----SHD---- C:\RECYCLER
2010-01-28 23:20:01 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Malwarebytes
2010-01-28 23:19:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-28 23:19:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-01-28 21:56:40 ----A---- C:\Boot.bak
2010-01-28 21:56:34 ----RASHD---- C:\cmdcons
2010-01-28 21:54:42 ----D---- C:\WINDOWS\ERDNT
2010-01-28 21:44:49 ----D---- C:\Program Files\trend micro
2010-01-28 19:33:53 ----D---- C:\Program Files\CCleaner
2010-01-26 20:38:02 ----D---- C:\Program Files\FreeTime
2010-01-09 20:15:48 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-09 20:15:48 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-09 20:15:48 ----A---- C:\WINDOWS\system32\java.exe
2010-01-09 20:15:48 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-09 20:15:30 ----D---- C:\Program Files\Java
2010-01-09 20:14:27 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Sun
2010-01-09 19:44:22 ----D---- C:\Program Files\AVI FourCC CZ
2010-01-09 19:41:09 ----D---- C:\Program Files\AVIcodec
2010-01-07 19:14:14 ----N---- C:\WINDOWS\system32\capicom.dll
2010-01-07 19:13:52 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\FotoWire
2010-01-07 19:13:50 ----D---- C:\Program Files\Common Files\FotoWire
2010-01-07 19:12:04 ----RA---- C:\WINDOWS\system32\InstMed.exe
2010-01-07 19:11:56 ----A---- C:\WINDOWS\system32\lvcoinst.ini
2010-01-07 19:11:55 ----A---- C:\WINDOWS\system32\LVUI2RC.dll
2010-01-07 19:11:55 ----A---- C:\WINDOWS\system32\LVUI2.dll
2010-01-07 19:11:55 ----A---- C:\WINDOWS\system32\lvcoinst.dll
2010-01-07 19:11:55 ----A---- C:\WINDOWS\system32\LVCodec2.dll
2010-01-07 19:11:40 ----D---- C:\Program Files\Common Files\Logitech
2010-01-07 19:11:34 ----A---- C:\WINDOWS\_delis32.ini
2010-01-07 19:11:07 ----R---- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2010-01-07 19:11:02 ----D---- C:\Program Files\Logitech
2010-01-06 22:58:35 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\skypePM
2010-01-06 22:54:51 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Skype
2010-01-06 22:54:16 ----D---- C:\Program Files\Common Files\Skype
2010-01-06 22:54:14 ----RD---- C:\Program Files\Skype
2010-01-06 22:54:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-01-06 22:49:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-01-06 22:49:12 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\ICQ
2009-12-30 10:44:38 ----D---- C:\Program Files\Common Files\PCSuite
2009-12-30 10:42:52 ----D---- C:\Program Files\PC Connectivity Solution

======List of files/folders modified in the last 1 months======

2010-01-29 22:12:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2010-01-29 22:12:28 ----D---- C:\WINDOWS\system32
2010-01-29 22:10:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-29 22:10:24 ----D---- C:\WINDOWS\Temp
2010-01-29 22:10:24 ----AD---- C:\WINDOWS
2010-01-29 22:08:30 ----SD---- C:\WINDOWS\Tasks
2010-01-29 22:07:17 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-29 01:02:08 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-29 00:56:20 ----D---- C:\WINDOWS\system32\drivers
2010-01-29 00:51:47 ----A---- C:\WINDOWS\system.ini
2010-01-29 00:47:12 ----D---- C:\WINDOWS\AppPatch
2010-01-29 00:47:09 ----D---- C:\Program Files\Common Files
2010-01-29 00:37:43 ----RD---- C:\Program Files
2010-01-28 23:05:11 ----D---- C:\WINDOWS\Prefetch
2010-01-28 22:45:21 ----D---- C:\WINDOWS\system32\config
2010-01-28 22:39:43 ----SHD---- C:\System Volume Information
2010-01-28 22:39:43 ----D---- C:\WINDOWS\system32\Restore
2010-01-28 21:56:40 ----RASH---- C:\boot.ini
2010-01-28 19:37:19 ----D---- C:\WINDOWS\Debug
2010-01-28 19:37:18 ----D---- C:\WINDOWS\Minidump
2010-01-28 19:28:24 ----HD---- C:\WINDOWS\inf
2010-01-28 19:27:53 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-28 18:36:36 ----A---- C:\WINDOWS\DUMP4205.tmp
2010-01-27 20:46:13 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-26 21:48:31 ----D---- C:\Programy
2010-01-26 16:31:36 ----D---- C:\WINDOWS\system32\wbem
2010-01-26 16:31:35 ----D---- C:\WINDOWS\Registration
2010-01-26 16:30:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-20 23:22:01 ----D---- C:\WINDOWS\system32\Setup
2010-01-10 11:18:05 ----SHD---- C:\WINDOWS\Installer
2010-01-10 11:18:05 ----D---- C:\Config.Msi
2010-01-07 20:40:25 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-01-07 19:19:12 ----D---- C:\WINDOWS\twain_32
2010-01-07 19:19:12 ----D---- C:\WINDOWS\system
2010-01-07 19:11:01 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-30 10:45:04 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-30 10:44:33 ----D---- C:\Program Files\Nokia
2009-12-30 10:44:33 ----D---- C:\Program Files\Common Files\Nokia
2009-12-30 10:41:08 ----D---- C:\WINDOWS\WinSxS
2009-12-30 10:39:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-07-16 28672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver; C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2007-09-19 9856]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 wfcxatun;WinFast TV Analog Tuner Driver; C:\WINDOWS\system32\drivers\wfcxatun.sys [2007-09-19 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver; C:\WINDOWS\system32\drivers\wfcxvcap.sys [2007-09-19 167040]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-05-14 622172]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-10-20 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-02-23 11264]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-10-20 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver; C:\WINDOWS\system32\drivers\wfcxdtun.sys [2007-09-19 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver; C:\WINDOWS\system32\drivers\wfcxtcap.sys [2007-09-19 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver; C:\WINDOWS\system32\drivers\wfcxxbar.sys [2007-09-19 10496]
R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-07-16 92672]
S3 AC2003;AC2003; C:\WINDOWS\System32\Drivers\AC2003.sys [2003-12-10 4224]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-05-27 19968]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1); C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 245760]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 88688]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS); C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 18704]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 86560]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM); C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 90800]
S3 Ser2pl;MAT Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WBHWDOCT;Winbond GPIO Driver1; C:\WINDOWS\System32\drivers\WBHWDOCT.sys [2003-04-07 7296]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-11-24 685816]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2001-10-25 90112]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-07-16 1163378]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-09 153376]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S2 gupdate1ca22fe99783ef4;Služba Google Update (gupdate1ca22fe99783ef4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-22 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-22 194032]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]

-----------------EOF-----------------

Doporučuji ještě nainstalovat Service Pack 3.

~~~

Spusťte přejmenované HiJackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_usera.exe
Klikněte na 'Do a system scan only'.
U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.

R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

Pokud by tam nějaká položka nebyla, vynechte ji.

~~~

To je vše.

Kromě upgradu service packu vše provedeno. Díky moc za trpělivost a poskytnutí znalostí - to je neocenitelné !
Závěrem možná ještě stručný dotaz - jak se nejlépe chránit před podobnou havětí ?

Používat antivir (+antispyware etc.), chovat se na Internetu rozumě (neklikat na blbosti a stahovat podezřelé soubory). Samozřejmě jsou pořád novější a novější hrozby, takže uchránit se přede vším je takřka nemožné, ale na 99% to jde.

Jinak moc děkuji a třeba se někdy opět setkáme.

Prosím o radu stalo se mi to samé