VIRY.CZ

Můžete mi prosím kouknout na log z RootkitRevealer ?
Přestaly mi fungovat aktualizace NOD32, stáhl jsem Avast Free vyměnil a podobná situace, nejde aktualizace, ani online registrace, jako by ho něco blokovalo, ale Firewal nemám.
Tak jestli nemám náhodou Rootkit. Děkuji .
Tak bohužel, program asi po 25 minutách vypíše seznam, ale při ukládání do txt. se sekne a spadne:-(

Dejte log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 .

Logfile of random's system information tool 1.06 (written by random/random)
Run by Rodina at 2010-04-23 14:29:04
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (4%) free of 118 GB
Total RAM: 1917 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:29, on 2010-04-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rodina\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Rodina.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MoeMonitor.exe] "C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (file missing) (HKCU)
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-s ... uncher.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BEB2F98-487B-4A14-8C50-A2BDECB2D186}: NameServer = 192.168.1.1,192.168.1.2
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: wlcrdplauncher - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Flash Media Server (FMS) (FMS) - Adobe Systems Incorporated. - C:\Program Files\Adobe\Flash Media Server 3\FMSMaster.exe
O23 - Service: Flash Media Administration Server (FMSAdmin) - Adobe Systems Incorporated. - C:\Program Files\Adobe\Flash Media Server 3\FMSAdmin.exe
O23 - Service: Google Update Service (gupdate1c98babf9ac31d0) (gupdate1c98babf9ac31d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JBCG - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\Rodina\LOCALS~1\Temp\JBCG.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 12919 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-573735546-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ca5abdc0b00d84.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-12 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-09-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-13 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-02 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-04 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23 2121728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 147456]
{B71B15CE-3093-459C-B764-AEB2486F2273} - &Seznam Lištička - C:\Program Files\Seznam\Listicka\Toolbar.dll [2005-11-04 790528]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-13 259696]
{855F3B16-6D32-4FE6-8A56-BBB695989046}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"FinePrint Dispatcher v5"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe [2004-02-11 389120]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-10 136600]
"ioCentre"=C:\Genius\ioCentre\gTaskBar.exe [2006-12-08 241664]
"EEventManager"=C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [2006-10-12 102400]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-10-04 8491008]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-10-04 81920]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-19 16844800]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-06-10 1447168]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-31 68856]
"MoeMonitor.exe"=C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe [2010-01-31 1315152]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-04-13 2387968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CallGraph]
C:\Program Files\Call Graph\CallGraph.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
C:\WINDOWS\Domino.exe A4 TECH USB2.0 PC Camera G []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-06-30 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -minimize []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacrokeyManager]
WTMKM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-12 1414144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2007-09-28 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPD]
C:\Program Files\PayPay\PPD\PPD.exe /WinStartup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]
C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-03-11 24095528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2007-08-03 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spamihilator]
C:\Program Files\Spamihilator\spamihilator.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\Program Files\Spyware Doctor\swdoctor.exe /Q []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-31 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\HOMERunner.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0CE\Distillr\acrotray.exe [2003-07-17 217180]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^SJphone.lnk]
C:\WINDOWS\Installer\{322BC585-68EE-4071-B500-31F33C3AE3DA}\Icon1F409B47.exe [2006-05-05 10752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Translate Client.lnk]
C:\PROGRA~1\TRANSL~1\TRANSL~2.EXE [2010-01-25 1122304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rodina^Nabídka Start^Programy^Po spuštění^HDDlife.lnk]
C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rodina^Nabídka Start^Programy^Po spuštění^Yahoo! Widget Engine.lnk]
C:\PROGRA~1\Yahoo!\YAHOO!~1\YAHOOW~1.EXE []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-09-28 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlcrdplauncher]
C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll [2010-01-31 21840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"RunStartupScriptSync"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"RunStartupScriptSync"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
""=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe"
"C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe"="C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe:*:Enabled:Live Mesh Remote Desktop"
"C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Microsoft\Live Mesh\GacBase\Moe.exe"="C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Microsoft\Live Mesh\GacBase\Moe.exe:*:Enabled:Live Mesh"
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe"
"C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe"="C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe:*:Enabled:Live Mesh Remote Desktop"
"C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Microsoft\Live Mesh\GacBase\Moe.exe"="C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Microsoft\Live Mesh\GacBase\Moe.exe:*:Enabled:Live Mesh"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dfeb1dd-a39a-11da-a959-806d6172696f}]
shell\AutoRun\command - D:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dfeb1de-a39a-11da-a959-806d6172696f}]
shell\AutoRun\command - E:\install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4fd6f2-7c09-11db-a6b3-00508df7c373}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{470dd240-7fc3-11db-a6bd-00508df7c373}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99544b85-ddfa-11db-a7c4-00508df7c373}]
shell\AutoRun\command - I:\USBNB.exe


======File associations======

.js - edit -
.js - open - C:\Documents and Settings\Rodina\Plocha\SAT\Titulky\Titulky\Subtitle.exe "%1"

======List of files/folders created in the last 1 months======

2010-04-23 14:29:04 ----D---- C:\rsit
2010-04-22 22:23:53 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-22 22:14:01 ----A---- C:\WINDOWS\system32\Root.txt
2010-04-22 16:21:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2010-04-21 22:09:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-04-14 18:05:16 ----HD---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 18:05:04 ----HD---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 18:00:28 ----HD---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 18:00:21 ----HD---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 17:59:48 ----HD---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 17:59:32 ----HD---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-11 20:06:26 ----SHD---- C:\FOUND.000
2010-04-08 09:12:45 ----A---- C:\WINDOWS\canopus.ini
2010-04-08 09:00:35 ----D---- C:\Documents and Settings\Rodina\Data aplikací\Canopus
2010-04-08 08:52:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Canopus
2010-04-08 08:52:23 ----A---- C:\WINDOWS\system32\cvpcdvc.dll
2010-04-08 08:52:23 ----A---- C:\WINDOWS\system32\cuvccodc.dll
2010-04-08 08:52:23 ----A---- C:\WINDOWS\system32\csthread.dll
2010-04-08 08:52:23 ----A---- C:\WINDOWS\system32\csellc.dll
2010-04-08 08:52:23 ----A---- C:\WINDOWS\system32\csehqa.dll
2010-04-08 08:52:23 ----A---- C:\WINDOWS\system32\csedv.dll
2010-04-08 08:52:23 ----A---- C:\WINDOWS\system32\csccdvcx.dll
2010-04-08 08:52:23 ----A---- C:\WINDOWS\system32\csccdvc.dll
2010-04-08 08:52:23 ----A---- C:\WINDOWS\system32\cmiccodc.dll
2010-04-08 08:52:23 ----A---- C:\WINDOWS\system32\cllccodc.dll
2010-04-08 08:52:23 ----A---- C:\WINDOWS\system32\cdvhcodc.dll
2010-04-08 08:52:23 ----A---- C:\WINDOWS\system32\cdvccodc.dll
2010-04-08 08:52:23 ----A---- C:\WINDOWS\system32\cdv5codc.dll
2010-04-08 08:52:08 ----D---- C:\Program Files\Common Files\Canopus Shared
2010-04-08 08:52:08 ----D---- C:\Program Files\Canopus
2010-04-08 08:52:08 ----A---- C:\WINDOWS\system32\icmpeg2.dll
2010-04-08 08:52:08 ----A---- C:\WINDOWS\system32\cseuvec.dll
2010-04-08 08:52:08 ----A---- C:\WINDOWS\system32\csedvh.dll
2010-04-08 08:51:07 ----D---- C:\Program Files\MSXML 6.0
2010-04-08 08:50:25 ----D---- C:\Program Files\Common Files\Aladdin Shared
2010-04-08 08:50:14 ----A---- C:\WINDOWS\system32\hasplms.exe
2010-04-08 08:50:04 ----A---- C:\WINDOWS\system32\aksllmtp.exe
2010-04-08 08:48:05 ----A---- C:\WINDOWS\system32\MFC71FRA.DLL
2010-04-08 08:46:44 ----N---- C:\WINDOWS\system32\paveno.dll
2010-04-08 08:46:44 ----N---- C:\WINDOWS\system32\pavapi.dll
2010-04-08 08:46:44 ----A---- C:\WINDOWS\system32\pavplal.dll
2010-04-08 08:46:44 ----A---- C:\WINDOWS\system32\pavedius5db.dll
2010-04-08 08:46:44 ----A---- C:\WINDOWS\system32\pavedius.dll

======List of files/folders modified in the last 1 months======

2010-04-22 23:02:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-13 19:50:52 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-06 17:45:50 ----RASH---- C:\boot.ini
2010-04-05 10:31:00 ----A---- C:\WINDOWS\cdplayer.ini
2010-03-24 19:54:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrblock;cdrblock; C:\WINDOWS\system32\DRIVERS\cdrblock.sys [2008-05-30 27704]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-06-10 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R1 hugoio;hugoio; \??\C:\Program Files\i-Menu\hugoio.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2005-08-29 368256]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-09-20 12032]
R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys []
R2 aksfridge;aksfridge; \??\C:\WINDOWS\system32\drivers\aksfridge.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-06-10 39944]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2002-06-12 13300]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 nxsIO32;NextSensor Kernel I/O Driver; \??\C:\WINDOWS\System32\DRIVERS\nxsIO32.sys []
R2 tifsfilter;Acronis TrueImage FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2006-02-22 28896]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2002-06-08 4480]
R3 gMouPS2;PS2 Scroll Mouse Device; C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [2006-07-12 17408]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-10-04 6854464]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-09-20 53632]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2007-11-10 29728]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-09-20 22016]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-02-26 47360]
R3 RDPDISPM;RDPDISPM; C:\WINDOWS\system32\DRIVERS\rdpdispm.sys [2010-01-31 9040]
R3 RDPVDD;RDPVDD; C:\WINDOWS\system32\DRIVERS\rdpvmp.sys [2010-01-31 19408]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41600]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S2 BT848;WinFast TV2000 XP WDM Video Capture; C:\WINDOWS\system32\drivers\wf2kvcap.sys [2002-12-13 81356]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; C:\WINDOWS\system32\drivers\wf2ktunr.sys [2002-12-13 39182]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; C:\WINDOWS\system32\drivers\wf2kxbar.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 AIRPLUS;D-Link AirPlus Wireless Adapter; C:\WINDOWS\system32\DRIVERS\airplus.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 avu8nz4j;avu8nz4j; C:\WINDOWS\system32\drivers\avu8nz4j.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\DScaler\DSDrv4.sys []
S3 FileObjInfo;STFileDriver; \??\C:\Documents and Settings\Rodina\Plocha\bezpečpc\FileObjInfo.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 gHidPnp;USB Device Enhanced Function Driver; C:\WINDOWS\System32\Drivers\gHidPnp.Sys [2006-07-14 14848]
S3 gMouUsb;USB Mouse Device Drv; C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [2006-07-14 9984]
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25600]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HWIONT;HWIONT; \??\C:\Documents and Settings\Rodina\Plocha\mytv_211\HWIONT.sys []
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys []
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys []
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys []
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys []
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\SophosMEMSWEEP.SYS []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-09-13 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352]
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 rsvcdwdr;rsvcdwdr; C:\WINDOWS\system32\DRIVERS\rsvcdwdr.sys [2009-11-16 25120]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 StMp3Rec;Player Recovery Device Control Driver; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2005-05-13 68204]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2009-11-16 37920]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 usbvm328;A4 Tech USB2.0 PC Camera G; C:\WINDOWS\System32\Drivers\usbvm326.sys [2006-12-30 348160]
S3 vhidmini;Root Enumerated Hid Device; C:\WINDOWS\system32\DRIVERS\walvhid.sys [2007-11-17 5504]
S3 vmfilter326;326 MRD filter service; C:\WINDOWS\system32\drivers\vmfilter326.sys [2006-10-30 483072]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-02-22 151552]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2008-04-24 2562048]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-10 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-04-13 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-10-04 155716]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-09-04 1295616]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZONELABS\vsmon.exe [2005-08-29 1677056]
R2 wlcrasvc;Live Mesh Remote Desktop; C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe [2010-01-31 44880]
S2 gupdate1c98babf9ac31d0;Google Update Service (gupdate1c98babf9ac31d0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-06-10 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-25 654848]
S3 FMS;Flash Media Server (FMS); C:\Program Files\Adobe\Flash Media Server 3\FMSMaster.exe [2008-03-20 2281472]
S3 FMSAdmin;Flash Media Administration Server; C:\Program Files\Adobe\Flash Media Server 3\FMSAdmin.exe [2008-03-20 2453504]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-04 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JBCG;JBCG; C:\DOCUME~1\Rodina\LOCALS~1\Temp\JBCG.exe [2010-04-22 514944]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 usnjsvc;Služba Čtení deníku USN sdílených složek programu Messenger; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Snad jsem to vložil jen jednou, nějak mi zamrzá systém:-(

Vidím tam pár věcí, ktaré by v logu být neměly. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Pokud by to nešlo jinak, spusťte ho v nouz. režimu.

dnes později, nebo zítra ráno to provedu, a dám vědět, díky:-)

OK, dejte.

Po hodině scanováni
ComboFix 10-04-21.01 - Rodina 2010-04-24 7:30.8.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1917.1177 [GMT 2:00]
Spuštěný z: c:\documents and settings\Rodina\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-24 do 2010-04-24 )))))))))))))))))))))))))))))))
.

2010-04-23 15:36 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-23 15:36 . 2010-04-23 15:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-23 15:36 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 14:16 . 2010-04-23 14:16 -------- d-----w- C:\FOUND.001
2010-04-23 14:09 . 2010-04-23 14:09 170293 ----a-w- c:\windows\system32\drivers\vzbbgtlz.sys
2010-04-23 14:07 . 2010-04-23 14:09 170293 ----a-w- c:\windows\system32\drivers\IsDrv120.sys
2010-04-23 12:29 . 2010-04-23 12:29 -------- d-----w- C:\rsit
2010-04-22 20:50 . 2010-04-22 20:50 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-22 20:26 . 2010-04-22 20:26 -------- d-----w- c:\documents and settings\Administrator\PrivacIE
2010-04-22 20:24 . 2010-04-22 20:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-11 18:06 . 2010-04-11 18:06 -------- d-----w- C:\FOUND.000
2010-04-08 06:51 . 2010-04-08 06:51 -------- d-----w- c:\program files\MSXML 6.0
2010-04-08 06:50 . 2008-02-11 14:55 586240 ----a-w- c:\windows\system32\drivers\hardlock.sys
2010-04-08 06:50 . 2010-04-08 06:50 -------- d-----w- c:\program files\Common Files\Aladdin Shared
2010-04-08 06:50 . 2008-04-24 11:40 2562048 ----a-w- c:\windows\system32\hasplms.exe
2010-04-08 06:50 . 2008-04-24 11:40 2562048 ----a-w- c:\windows\system32\aksllmtp.exe
2010-04-08 06:50 . 2008-03-18 14:09 350720 ----a-w- c:\windows\system32\drivers\aksfridge.sys
2010-04-08 06:48 . 2003-03-19 11:44 61440 ----a-w- c:\windows\system32\MFC71FRA.DLL
2010-04-08 06:46 . 2008-09-13 17:51 30720 ----a-w- c:\windows\system32\pavedius.dll
2010-04-08 06:46 . 2008-05-15 00:00 65536 ----a-w- c:\windows\system32\pavedius5db.dll
2010-04-08 06:46 . 2008-03-18 06:04 6656 ------w- c:\windows\system32\paveno.dll
2010-04-08 06:46 . 2008-03-18 06:04 462848 ------w- c:\windows\system32\pavapi.dll
2010-04-08 06:46 . 2007-07-30 09:44 1024 ----a-w- c:\windows\system32\pavplal.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 05:17 . 2006-02-22 11:51 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-04-23 19:09 . 2008-02-21 12:10 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-23 14:09 . 2010-04-23 14:18 15761408 ------w- c:\windows\Internet Logs\xDB51.tmp
2010-04-23 13:49 . 2010-01-28 12:19 3072 ----a-w- c:\windows\system32\drivers\hugoio.sys
2010-04-23 12:17 . 2008-05-16 11:59 98304 ----a-w- c:\windows\DUMP7e57.tmp
2010-04-11 17:59 . 2010-04-11 18:09 15761408 ------w- c:\windows\Internet Logs\xDB50.tmp
2010-04-08 06:52 . 2010-04-08 06:52 -------- d-----w- c:\program files\Common Files\Canopus Shared
2010-04-08 06:52 . 2010-04-08 06:52 -------- d-----w- c:\program files\Canopus
2010-03-31 14:09 . 2010-03-31 14:18 15761408 ------w- c:\windows\Internet Logs\xDB4F.tmp
2010-03-24 17:54 . 2001-09-20 10:00 84458 ----a-w- c:\windows\system32\perfc005.dat
2010-03-24 17:54 . 2001-09-20 10:00 442762 ----a-w- c:\windows\system32\perfh005.dat
2010-03-21 07:30 . 2010-03-21 07:31 15761408 ------w- c:\windows\Internet Logs\xDB4E.tmp
2010-03-10 06:17 . 2002-09-20 15:04 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 18:48 . 2010-03-07 18:48 7036 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-03 15:56 . 2010-03-03 16:51 15761408 ------w- c:\windows\Internet Logs\xDB4D.tmp
2010-03-01 07:39 . 2010-03-01 12:19 15761408 ------w- c:\windows\Internet Logs\xDB4C.tmp
2010-02-25 15:21 . 2010-02-25 15:21 -------- d-----w- c:\program files\ICQ7.0
2010-02-25 06:18 . 2002-09-20 15:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2002-08-28 22:59 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 06:33 . 2010-02-24 06:33 -------- d--h--w- c:\program files\Zero G Registry
2010-02-24 06:33 . 2010-02-24 06:33 -------- d-----w- c:\program files\Sports Interactive
2010-02-23 08:25 . 2010-02-23 08:25 -------- d-----w- c:\program files\AnvSoft
2010-02-16 19:08 . 2002-09-20 15:12 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:08 . 2002-09-20 14:12 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 08:57 . 2010-02-16 09:06 15761408 ------w- c:\windows\Internet Logs\xDB4B.tmp
2010-02-12 04:35 . 2002-09-20 15:03 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2002-08-28 22:37 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 18:36 . 2010-02-11 10:20 15761408 ------w- c:\windows\Internet Logs\xDB4A.tmp
2010-02-03 20:59 . 2010-02-03 21:07 15761408 ------w- c:\windows\Internet Logs\xDB49.tmp
2010-02-02 11:53 . 2008-05-16 11:59 98304 ----a-w- c:\windows\DUMP5a83.tmp
2010-02-01 13:27 . 2010-02-01 13:27 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2010-01-31 10:06 . 2010-01-31 10:06 9040 ----a-w- c:\windows\system32\drivers\rdpdispm.sys
2010-01-31 10:06 . 2010-01-31 10:06 19408 ----a-w- c:\windows\system32\drivers\rdpvmp.sys
2010-01-31 10:06 . 2010-01-31 10:06 15696 ----a-w- c:\windows\system32\rdpvdd.dll
2010-01-31 10:06 . 2010-01-31 10:06 118736 ----a-w- c:\windows\system32\rdpdispd.dll
2010-01-28 14:43 . 2010-01-28 17:31 15761408 ------w- c:\windows\Internet Logs\xDB48.tmp
2010-01-28 07:42 . 2010-01-28 11:57 15761408 ------w- c:\windows\Internet Logs\xDB47.tmp
.

((((((((((((((((((((((((((((( SnapShot@2010-04-23_18.58.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-23 19:10 . 2010-04-23 19:10 16384 c:\windows\temp\Perflib_Perfdata_384.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-31 68856]
"MoeMonitor.exe"="c:\documents and settings\Rodina\Local Settings\Data aplikací\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe" [2010-01-31 1315152]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-04-13 2387968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-02-11 389120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-10 136600]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2006-12-08 241664]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= 0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 17:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlcrdplauncher]
2010-01-31 10:05 21840 ----a-w- c:\program files\Live Mesh\Remote Desktop\wlcrdplauncher.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IsDrv120.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^SJphone.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\SJphone.lnk
backup=c:\windows\pss\SJphone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Translate Client.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Translate Client.lnk
backup=c:\windows\pss\Translate Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rodina^Nabídka Start^Programy^Po spuštění^HDDlife.lnk]
path=c:\documents and settings\Rodina\Nabídka Start\Programy\Po spuštění\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rodina^Nabídka Start^Programy^Po spuštění^Yahoo! Widget Engine.lnk]
path=c:\documents and settings\Rodina\Nabídka Start\Programy\Po spuštění\Yahoo! Widget Engine.lnk
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-30 21:03 133104 ----a-w- c:\documents and settings\Rodina\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-01-19 10:55 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-12 10:34 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-09-28 00:17 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-11 10:00 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-08-03 04:22 1826816 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-31 06:53 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Live Mesh\\Remote Desktop\\wlcrasvc.exe"=
"c:\\Documents and Settings\\Rodina\\Local Settings\\Data aplikací\\Microsoft\\Live Mesh\\GacBase\\Moe.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2010-04-08 27704]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-06-10 34312]
R1 hugoio;hugoio;c:\program files\i-Menu\hugoio.sys [2010-01-28 9760]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [2006-10-16 2208]
R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [2010-01-31 44880]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [2007-05-28 17408]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2007-11-10 29728]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-01-31 9040]
R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [2010-01-31 19408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-01-15 691696]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2006-02-22 81356]
S2 gupdate1c98babf9ac31d0;Google Update Service (gupdate1c98babf9ac31d0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe --> c:\program files\ICQ6Toolbar\ICQ Service.exe [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2006-02-22 39182]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kxbar.sys --> c:\windows\system32\drivers\wf2kxbar.sys [?]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\Rodina\Plocha\bezpečpc\FileObjInfo.sys --> c:\documents and settings\Rodina\Plocha\bezpečpc\FileObjInfo.sys [?]
S3 FMS;Flash Media Server (FMS);c:\program files\Adobe\Flash Media Server 3\FMSMaster.exe [2008-10-07 2281472]
S3 FMSAdmin;Flash Media Administration Server;c:\program files\Adobe\Flash Media Server 3\FMSAdmin.exe [2008-10-07 2453504]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [2007-05-28 14848]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [2007-05-28 9984]
S3 JBCG;JBCG;c:\docume~1\Rodina\LOCALS~1\Temp\JBCG.exe --> c:\docume~1\Rodina\LOCALS~1\Temp\JBCG.exe [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS --> c:\windows\system32\SophosMEMSWEEP.SYS [?]
S3 rsvcdwdr;rsvcdwdr;c:\windows\system32\drivers\rsvcdwdr.sys [2009-11-16 25120]
S3 usbvm328;A4 Tech USB2.0 PC Camera G;c:\windows\system32\drivers\usbvm326.sys [2007-06-19 348160]
S3 vmfilter326;326 MRD filter service;c:\windows\system32\drivers\vmfilter326.sys [2007-06-19 483072]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 13:08 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 14:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5abdc0b00d84.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 17:18]

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 17:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
TCP: {5BEB2F98-487B-4A14-8C50-A2BDECB2D186} = 192.168.1.1,192.168.1.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\35hzb84v.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-sc10-CH_TSR - c:\games\Ski Challenge 2010 (TSR)\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-24 08:59
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1078081533-573735546-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1078081533-573735546-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F5C3ACAF-2613-5B70-7CB7-0F8AB972DF5D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pabmnnkchmjiighhdlkgmaefnegiodce"=hex:6a,61,6e,6b,61,6f,6d,66,64,6a,65,62,62,
6f,6b,68,63,68,69,6a,00,00
"oalmlchniofbpdnokgbpmmhhpfphig"=hex:6a,61,6e,6b,61,6f,6d,66,64,6a,65,62,62,6f,
6b,68,63,68,69,6a,00,00
"kadmhmeegfocellodkkham"=hex:62,61,70,6b,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="3C01532BDAF297FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6A0AC4980AC7933FEBC9E127BECC74C4A19EC75C3016E9E28764B53A637B670FE2B34EFFD0E765968B4CA145E7AB2A378F11A9E285D3C04961CB1300A82B50F224C1465D02BE5B3F28FEF9D81335F53179130DDD53BF36574CE54B371E8F6A32CE0A232F7B1D356D5CD1D7B6FC0731C86F2D5DE6A5DED53297D87010D6E118A27E87E13DE88B485E2205F22E5885E49FC1BA7719AC937466E9911DFA95BCE85F1683F6902D4306BBBBBB82CB6344610810DB1062D49921A5199AFBC2138AE364067ED3AF2042195D9D81F57C7AF8206F15379B47C6CF40F35F991A663D6622617F006AE554617F408347D8594AD21A47EFB76B8F9838846CDB8DB52F5C852C3D115F892658FD55F660E313CAAA1E04BAB989071A6A529C826D7251770E497DBA0E7AB57ED98558D68AB0D262DC5B63C543EA9DF1B2CE9021CDEFAF100C780260500F792515DC01DD656D491D1964B1DA28715AD8235904161585D01E3CF90B856782A7B841DF78FCB59C56E6256FBF8989096A21C2514387AD0BF8970207D913E728371105C0E4AB8068BD33D88583E0B7C6C303A9F2501435E89730E2032903D1239F313644A965FB0C8FC55F7A5BFA2EF4568C50FA395E7159749BA7ACDF9A4FC74A6BD3F2823D9B214C430B1DAB25B95C102B8222655EA113A3D039EA1F41C6051D4D4BE58FE9267763069062632079A7BD623CBF404A0EFB4A00FBFB4101DEA61E9B2773D22C931ED632D0A683D4B30FBE7A7418DC7B5553F6D15D4C1BAF851AA7744C06E6313736E28401734B41F0CC3577DFB22AEA56685BE611A37C9CFC9A4320A3638025697DC6D764BD3E0CE69446B713C98A5C3CF29D3D40DB7F59991BDF21B381A1ECF8812C4BB06C3EA7D83658FE0810A01343E3D1263F11AD9A1E7D5369E6B46BE0E3A5D630EED32E01E1E01D3BF944478F1E5C800164F67F6068F429DD238264C759D80247F6C86B6F9FD686816FD47A6497DC84A87F0E0B1B9514C6E89C9D2143FAE3204B52DD7C1AEEBDC267E0CCB8C5E3E2DC0E9E4F55303F7B010A6111FC6F3E79BA5EB22733CABB61507A751380BA4E6D957007F4F07FCD32110A5C18B7B76C95ACEEF00D84537B03E2B55242B6CE63CA726235846DD97B741A0915451AA795A01E8A4413D5EE72D75D3609D7659C302E1E73FC8E94B13FB2C948C065B3204221682802109EEAD88CDE9B09D1F632C06C87D53707D2988FCEC664C54C9D372AC13CD0D22D8C0C59DCF76C844DEFBE4940F6A7634F432629885B19805EE33F40CE51F6788FC02C7D0F4A93B79A37C0980DFD7CEB8FE88DDB26BB8512053DA0F537172C35EFAC51A852CD5ADE58F9F07"
"OODEFRAG11.00.00.01WORKSTATION"="802E01C415AB8D01032A21658D9C6D883DBC8EF213FB8AC4DE1B5E15729389DA424BC4E8B0CDAD647E6E2ABB4395547544A60F679BB644398F80412CFAD54A9B2DF15E28A076A48401EB29573C93BD2231733128B9C4BCC29055C31CDBF2DC3FDF64AFFB9D219FF9DEC05D19F3C3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B5555D575E7D6A3B98080B9F19E65CFE6FBFB5EF1F9040675AF75BCF590AC54612D06A2B40AE0C2F9FD53423BF48F82651971305D059D35D757D6CD54E81A78BDBAE76EFADE2784DB7855BA57DAAC617BD182187B39666BBA6CFE823529CA0F56E0EF7655210A792F5631901E86560A36354C5E91681EF3CE0B322E10896264821844D90C38F2D6DB7F6782EAD9493FE4564583F59961B7C6DF05F5E25EADF299F2D49962E00CE2BAE4AF94E8E976440B96428C1F214487D67D55A8B755CAB23EBA334444FC483805F6C91A55E1087E5EA72754D6B7F0AA4BEB24000D56E99245A0B48867D027B05256F271D84E668CF59337364DFA1283B37DAB4F3396B6EFE9388B3729DA296B12E6B963E7E45A6C0564ECDAA03059D7068A84C47A560216A95459BBD2BD4EBE8FAF9313B5C9C13E388709F68187A9BD2BDF711F9361EE000AFEE9543368BC3ECE0B939E5C19D3444EA48FB8CF99684D8772982B318B98BBD07B72C0262FB1BE48BCD67B768C145D1CD87E5A694326FDDA921913C8D8C378815D5DE1CE59FA45CF6DB684C1B433561D169D6EB6BE7A91CBB48A383ED342CA42602A1DA0C374643F6105B633BA026AB6FA73C35119731B7E98C141BA29066BBDAF9DAA6344118EC2F1854603C9EEE4C7081777FB0E639B4C2DC30382AC7965EA7FEE58F5287698F19A6DBCA274299C5F33C5D6C07BDAA7B2B2F3AB417C322FDD5D711C76D123A4785F1EC5018586479EC9D373FE547A0DB5AFA670F0FAFA1F0824E9F27A0AEC0931335F9403EEEC1312173BF61B1F4E985DCBD63E84D7EDF701EAE48A81B71E5583A30648EDE5A591AAC8A2BE0E3790A0F1278CA081F64DE1D6D4A37E9A02FC7DBC22385D1523105437DB99D6D894EB9702D2F315667DA527809788A2E8702384BCAD629C6844ED2A2D6562EDBC4AE638837691AE29B1E24E85D13D4DD3CC8BBB3C3940F4D7650868ECF3C6CA64A9C28978A36825D47B06EB92D751F033DA40D0B752CEB6A3B9C1645D14CD869E3D85844D725D51D87D604170A0462CA9DFC97A677EFE6447BD72BE69DE9E6E36D6E0016A24AF79C8F1A69945FA20E0B057A804338359C27746FA4F644FB01FD59A856FB42BEBDF725C8D5A869BB05B8AF8C997EF9D79D04758F165E2DEE05BE2D17CDC6E22071F2237136AE383B9F6FEB65EEDD5237EC6E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(25428)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2010-04-24 09:23:03
ComboFix-quarantined-files.txt 2010-04-24 07:22
ComboFix2.txt 2010-04-23 18:59
ComboFix3.txt 2008-05-18 07:07

Před spuštěním: 4,496,785,408
Po spuštění: 4,466,900,992

- - End Of File - - 1FE718768B6A0AE9906CD76B62DEA31A

Akorát v logu píše Zonealarm ENABLED, ale ten již nemám nainstalovaný ,, žeby nějaké zbytky??Stejně tak jsem vypnul Antivir a je tam Enabled??

Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\drivers\vzbbgtlz.sys

Driver::
vzbbgtlz

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4fd6f2-7c09-11db-a6b3-00508df7c373}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{470dd240-7fc3-11db-a6bd-00508df7c373}]

Regnull::
[HKEY_USERS\S-1-5-21-1078081533-573735546-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F5C3ACAF-2613-5B70-7CB7-0F8AB972DF5D}*]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonun ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Tak provedeno dle rady, ještě jsem odeslal, soubor na anylýzu, jak to chtělo na Bleeping Computeru.
A vložím poslední log. Tak když se podíváte budu rád:-)

ComboFix 10-04-21.01 - Rodina 2010-04-25 7:09.10.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1917.1465 [GMT 2:00]
Spuštěný z: c:\documents and settings\Rodina\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Rodina\Plocha\CFScript.txt
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

file zipped: c:\windows\system32\drivers\vzbbgtlz.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\vzbbgtlz.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-25 do 2010-04-25 )))))))))))))))))))))))))))))))
.

2010-04-23 15:36 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-23 15:36 . 2010-04-23 15:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-23 15:36 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 14:16 . 2010-04-23 14:16 -------- d-----w- C:\FOUND.001
2010-04-23 14:07 . 2010-04-23 14:09 170293 ----a-w- c:\windows\system32\drivers\IsDrv120.sys
2010-04-23 12:29 . 2010-04-23 12:29 -------- d-----w- C:\rsit
2010-04-22 20:50 . 2010-04-22 20:50 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-22 20:26 . 2010-04-22 20:26 -------- d-----w- c:\documents and settings\Administrator\PrivacIE
2010-04-22 20:24 . 2010-04-22 20:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-11 18:06 . 2010-04-11 18:06 -------- d-----w- C:\FOUND.000
2010-04-08 06:51 . 2010-04-08 06:51 -------- d-----w- c:\program files\MSXML 6.0
2010-04-08 06:50 . 2008-02-11 14:55 586240 ----a-w- c:\windows\system32\drivers\hardlock.sys
2010-04-08 06:50 . 2010-04-08 06:50 -------- d-----w- c:\program files\Common Files\Aladdin Shared
2010-04-08 06:50 . 2008-04-24 11:40 2562048 ----a-w- c:\windows\system32\hasplms.exe
2010-04-08 06:50 . 2008-04-24 11:40 2562048 ----a-w- c:\windows\system32\aksllmtp.exe
2010-04-08 06:50 . 2008-03-18 14:09 350720 ----a-w- c:\windows\system32\drivers\aksfridge.sys
2010-04-08 06:48 . 2003-03-19 11:44 61440 ----a-w- c:\windows\system32\MFC71FRA.DLL
2010-04-08 06:46 . 2008-09-13 17:51 30720 ----a-w- c:\windows\system32\pavedius.dll
2010-04-08 06:46 . 2008-05-15 00:00 65536 ----a-w- c:\windows\system32\pavedius5db.dll
2010-04-08 06:46 . 2008-03-18 06:04 6656 ------w- c:\windows\system32\paveno.dll
2010-04-08 06:46 . 2008-03-18 06:04 462848 ------w- c:\windows\system32\pavapi.dll
2010-04-08 06:46 . 2007-07-30 09:44 1024 ----a-w- c:\windows\system32\pavplal.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 05:05 . 2008-02-21 12:10 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-25 05:00 . 2006-02-22 11:51 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-04-23 14:09 . 2010-04-23 14:18 15761408 ------w- c:\windows\Internet Logs\xDB51.tmp
2010-04-23 13:49 . 2010-01-28 12:19 3072 ----a-w- c:\windows\system32\drivers\hugoio.sys
2010-04-23 12:17 . 2008-05-16 11:59 98304 ----a-w- c:\windows\DUMP7e57.tmp
2010-04-11 17:59 . 2010-04-11 18:09 15761408 ------w- c:\windows\Internet Logs\xDB50.tmp
2010-04-08 06:52 . 2010-04-08 06:52 -------- d-----w- c:\program files\Common Files\Canopus Shared
2010-04-08 06:52 . 2010-04-08 06:52 -------- d-----w- c:\program files\Canopus
2010-03-31 14:09 . 2010-03-31 14:18 15761408 ------w- c:\windows\Internet Logs\xDB4F.tmp
2010-03-24 17:54 . 2001-09-20 10:00 84458 ----a-w- c:\windows\system32\perfc005.dat
2010-03-24 17:54 . 2001-09-20 10:00 442762 ----a-w- c:\windows\system32\perfh005.dat
2010-03-21 07:30 . 2010-03-21 07:31 15761408 ------w- c:\windows\Internet Logs\xDB4E.tmp
2010-03-10 06:17 . 2002-09-20 15:04 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 18:48 . 2010-03-07 18:48 7036 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-03 15:56 . 2010-03-03 16:51 15761408 ------w- c:\windows\Internet Logs\xDB4D.tmp
2010-03-01 07:39 . 2010-03-01 12:19 15761408 ------w- c:\windows\Internet Logs\xDB4C.tmp
2010-02-25 15:21 . 2010-02-25 15:21 -------- d-----w- c:\program files\ICQ7.0
2010-02-25 06:18 . 2002-09-20 15:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2002-08-28 22:59 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 06:33 . 2010-02-24 06:33 -------- d--h--w- c:\program files\Zero G Registry
2010-02-24 06:33 . 2010-02-24 06:33 -------- d-----w- c:\program files\Sports Interactive
2010-02-16 19:08 . 2002-09-20 15:12 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:08 . 2002-09-20 14:12 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 08:57 . 2010-02-16 09:06 15761408 ------w- c:\windows\Internet Logs\xDB4B.tmp
2010-02-12 04:35 . 2002-09-20 15:03 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2002-08-28 22:37 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 18:36 . 2010-02-11 10:20 15761408 ------w- c:\windows\Internet Logs\xDB4A.tmp
2010-02-03 20:59 . 2010-02-03 21:07 15761408 ------w- c:\windows\Internet Logs\xDB49.tmp
2010-02-02 11:53 . 2008-05-16 11:59 98304 ----a-w- c:\windows\DUMP5a83.tmp
2010-02-01 13:27 . 2010-02-01 13:27 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2010-01-31 10:06 . 2010-01-31 10:06 9040 ----a-w- c:\windows\system32\drivers\rdpdispm.sys
2010-01-31 10:06 . 2010-01-31 10:06 19408 ----a-w- c:\windows\system32\drivers\rdpvmp.sys
2010-01-31 10:06 . 2010-01-31 10:06 15696 ----a-w- c:\windows\system32\rdpvdd.dll
2010-01-31 10:06 . 2010-01-31 10:06 118736 ----a-w- c:\windows\system32\rdpdispd.dll
2010-01-28 14:43 . 2010-01-28 17:31 15761408 ------w- c:\windows\Internet Logs\xDB48.tmp
2010-01-28 07:42 . 2010-01-28 11:57 15761408 ------w- c:\windows\Internet Logs\xDB47.tmp
.

((((((((((((((((((((((((((((( SnapShot@2010-04-23_18.58.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-25 05:06 . 2010-04-25 05:06 16384 c:\windows\temp\Perflib_Perfdata_6c0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-31 68856]
"MoeMonitor.exe"="c:\documents and settings\Rodina\Local Settings\Data aplikací\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe" [2010-01-31 1315152]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-04-13 2387968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-02-11 389120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-10 136600]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2006-12-08 241664]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= 0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 17:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlcrdplauncher]
2010-01-31 10:05 21840 ----a-w- c:\program files\Live Mesh\Remote Desktop\wlcrdplauncher.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IsDrv120.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^SJphone.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\SJphone.lnk
backup=c:\windows\pss\SJphone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Translate Client.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Translate Client.lnk
backup=c:\windows\pss\Translate Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rodina^Nabídka Start^Programy^Po spuštění^HDDlife.lnk]
path=c:\documents and settings\Rodina\Nabídka Start\Programy\Po spuštění\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rodina^Nabídka Start^Programy^Po spuštění^Yahoo! Widget Engine.lnk]
path=c:\documents and settings\Rodina\Nabídka Start\Programy\Po spuštění\Yahoo! Widget Engine.lnk
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-30 21:03 133104 ----a-w- c:\documents and settings\Rodina\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-01-19 10:55 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-12 10:34 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-09-28 00:17 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-11 10:00 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-08-03 04:22 1826816 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-31 06:53 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Live Mesh\\Remote Desktop\\wlcrasvc.exe"=
"c:\\Documents and Settings\\Rodina\\Local Settings\\Data aplikací\\Microsoft\\Live Mesh\\GacBase\\Moe.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2010-04-08 27704]
R1 hugoio;hugoio;c:\program files\i-Menu\hugoio.sys [2010-01-28 9760]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [2006-10-16 2208]
R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [2010-01-31 44880]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [2007-05-28 17408]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2007-11-10 29728]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-01-31 9040]
R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [2010-01-31 19408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-01-15 691696]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2006-02-22 81356]
S2 gupdate1c98babf9ac31d0;Google Update Service (gupdate1c98babf9ac31d0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe --> c:\program files\ICQ6Toolbar\ICQ Service.exe [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2006-02-22 39182]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kxbar.sys --> c:\windows\system32\drivers\wf2kxbar.sys [?]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\Rodina\Plocha\bezpečpc\FileObjInfo.sys --> c:\documents and settings\Rodina\Plocha\bezpečpc\FileObjInfo.sys [?]
S3 FMS;Flash Media Server (FMS);c:\program files\Adobe\Flash Media Server 3\FMSMaster.exe [2008-10-07 2281472]
S3 FMSAdmin;Flash Media Administration Server;c:\program files\Adobe\Flash Media Server 3\FMSAdmin.exe [2008-10-07 2453504]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [2007-05-28 14848]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [2007-05-28 9984]
S3 JBCG;JBCG;c:\docume~1\Rodina\LOCALS~1\Temp\JBCG.exe --> c:\docume~1\Rodina\LOCALS~1\Temp\JBCG.exe [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS --> c:\windows\system32\SophosMEMSWEEP.SYS [?]
S3 rsvcdwdr;rsvcdwdr;c:\windows\system32\drivers\rsvcdwdr.sys [2009-11-16 25120]
S3 usbvm328;A4 Tech USB2.0 PC Camera G;c:\windows\system32\drivers\usbvm326.sys [2007-06-19 348160]
S3 vmfilter326;326 MRD filter service;c:\windows\system32\drivers\vmfilter326.sys [2007-06-19 483072]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 13:08 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 14:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5abdc0b00d84.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 17:18]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 17:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
TCP: {5BEB2F98-487B-4A14-8C50-A2BDECB2D186} = 192.168.1.1,192.168.1.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\35hzb84v.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-25 08:12
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1078081533-573735546-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="3C01532BDAF297FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6A0AC4980AC7933FEBC9E127BECC74C4A19EC75C3016E9E28764B53A637B670FE2B34EFFD0E765968B4CA145E7AB2A378F11A9E285D3C04961CB1300A82B50F224C1465D02BE5B3F28FEF9D81335F53179130DDD53BF36574CE54B371E8F6A32CE0A232F7B1D356D5CD1D7B6FC0731C86F2D5DE6A5DED53297D87010D6E118A27E87E13DE88B485E2205F22E5885E49FC1BA7719AC937466E9911DFA95BCE85F1683F6902D4306BBBBBB82CB6344610810DB1062D49921A5199AFBC2138AE364067ED3AF2042195D9D81F57C7AF8206F15379B47C6CF40F35F991A663D6622617F006AE554617F408347D8594AD21A47EFB76B8F9838846CDB8DB52F5C852C3D115F892658FD55F660E313CAAA1E04BAB989071A6A529C826D7251770E497DBA0E7AB57ED98558D68AB0D262DC5B63C543EA9DF1B2CE9021CDEFAF100C780260500F792515DC01DD656D491D1964B1DA28715AD8235904161585D01E3CF90B856782A7B841DF78FCB59C56E6256FBF8989096A21C2514387AD0BF8970207D913E728371105C0E4AB8068BD33D88583E0B7C6C303A9F2501435E89730E2032903D1239F313644A965FB0C8FC55F7A5BFA2EF4568C50FA395E7159749BA7ACDF9A4FC74A6BD3F2823D9B214C430B1DAB25B95C102B8222655EA113A3D039EA1F41C6051D4D4BE58FE9267763069062632079A7BD623CBF404A0EFB4A00FBFB4101DEA61E9B2773D22C931ED632D0A683D4B30FBE7A7418DC7B5553F6D15D4C1BAF851AA7744C06E6313736E28401734B41F0CC3577DFB22AEA56685BE611A37C9CFC9A4320A3638025697DC6D764BD3E0CE69446B713C98A5C3CF29D3D40DB7F59991BDF21B381A1ECF8812C4BB06C3EA7D83658FE0810A01343E3D1263F11AD9A1E7D5369E6B46BE0E3A5D630EED32E01E1E01D3BF944478F1E5C800164F67F6068F429DD238264C759D80247F6C86B6F9FD686816FD47A6497DC84A87F0E0B1B9514C6E89C9D2143FAE3204B52DD7C1AEEBDC267E0CCB8C5E3E2DC0E9E4F55303F7B010A6111FC6F3E79BA5EB22733CABB61507A751380BA4E6D957007F4F07FCD32110A5C18B7B76C95ACEEF00D84537B03E2B55242B6CE63CA726235846DD97B741A0915451AA795A01E8A4413D5EE72D75D3609D7659C302E1E73FC8E94B13FB2C948C065B3204221682802109EEAD88CDE9B09D1F632C06C87D53707D2988FCEC664C54C9D372AC13CD0D22D8C0C59DCF76C844DEFBE4940F6A7634F432629885B19805EE33F40CE51F6788FC02C7D0F4A93B79A37C0980DFD7CEB8FE88DDB26BB8512053DA0F537172C35EFAC51A852CD5ADE58F9F07"
"OODEFRAG11.00.00.01WORKSTATION"="802E01C415AB8D01032A21658D9C6D883DBC8EF213FB8AC4DE1B5E15729389DA424BC4E8B0CDAD647E6E2ABB4395547544A60F679BB644398F80412CFAD54A9B2DF15E28A076A48401EB29573C93BD2231733128B9C4BCC29055C31CDBF2DC3FDF64AFFB9D219FF9DEC05D19F3C3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B5555D575E7D6A3B98080B9F19E65CFE6FBFB5EF1F9040675AF75BCF590AC54612D06A2B40AE0C2F9FD53423BF48F82651971305D059D35D757D6CD54E81A78BDBAE76EFADE2784DB7855BA57DAAC617BD182187B39666BBA6CFE823529CA0F56E0EF7655210A792F5631901E86560A36354C5E91681EF3CE0B322E10896264821844D90C38F2D6DB7F6782EAD9493FE4564583F59961B7C6DF05F5E25EADF299F2D49962E00CE2BAE4AF94E8E976440B96428C1F214487D67D55A8B755CAB23EBA334444FC483805F6C91A55E1087E5EA72754D6B7F0AA4BEB24000D56E99245A0B48867D027B05256F271D84E668CF59337364DFA1283B37DAB4F3396B6EFE9388B3729DA296B12E6B963E7E45A6C0564ECDAA03059D7068A84C47A560216A95459BBD2BD4EBE8FAF9313B5C9C13E388709F68187A9BD2BDF711F9361EE000AFEE9543368BC3ECE0B939E5C19D3444EA48FB8CF99684D8772982B318B98BBD07B72C0262FB1BE48BCD67B768C145D1CD87E5A694326FDDA921913C8D8C378815D5DE1CE59FA45CF6DB684C1B433561D169D6EB6BE7A91CBB48A383ED342CA42602A1DA0C374643F6105B633BA026AB6FA73C35119731B7E98C141BA29066BBDAF9DAA6344118EC2F1854603C9EEE4C7081777FB0E639B4C2DC30382AC7965EA7FEE58F5287698F19A6DBCA274299C5F33C5D6C07BDAA7B2B2F3AB417C322FDD5D711C76D123A4785F1EC5018586479EC9D373FE547A0DB5AFA670F0FAFA1F0824E9F27A0AEC0931335F9403EEEC1312173BF61B1F4E985DCBD63E84D7EDF701EAE48A81B71E5583A30648EDE5A591AAC8A2BE0E3790A0F1278CA081F64DE1D6D4A37E9A02FC7DBC22385D1523105437DB99D6D894EB9702D2F315667DA527809788A2E8702384BCAD629C6844ED2A2D6562EDBC4AE638837691AE29B1E24E85D13D4DD3CC8BBB3C3940F4D7650868ECF3C6CA64A9C28978A36825D47B06EB92D751F033DA40D0B752CEB6A3B9C1645D14CD869E3D85844D725D51D87D604170A0462CA9DFC97A677EFE6447BD72BE69DE9E6E36D6E0016A24AF79C8F1A69945FA20E0B057A804338359C27746FA4F644FB01FD59A856FB42BEBDF725C8D5A869BB05B8AF8C997EF9D79D04758F165E2DEE05BE2D17CDC6E22071F2237136AE383B9F6FEB65EEDD5237EC6E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2010-04-25 08:27:55
ComboFix-quarantined-files.txt 2010-04-25 06:27
ComboFix2.txt 2010-04-24 07:23
ComboFix3.txt 2010-04-23 18:59
ComboFix4.txt 2008-05-18 07:07

Před spuštěním: 3,611,000,832
Po spuštění: 3,602,644,992

- - End Of File - - 3F818065D3B33F9509AEB7AA918275CC

Spusťte ComboFix ještě jednou tímto skriptem:

Collect::
c:\docume~1\Rodina\LOCALS~1\Temp\JBCG.exe

Driver::
JBCG

tak další

ComboFix 10-04-21.01 - Rodina 2010-04-25 12:46:01.11.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1917.1421 [GMT 2:00]
Spuštěný z: c:\documents and settings\Rodina\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Rodina\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rodina\Dokumenty\cc_20100425_1157.reg

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JBCG
-------\Service_JBCG


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-25 do 2010-04-25 )))))))))))))))))))))))))))))))
.

2010-04-25 09:49 . 2010-04-25 09:49 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-04-25 07:46 . 2010-04-25 07:46 -------- d-----w- c:\program files\Zone Labs
2010-04-25 06:46 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-25 06:46 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-25 06:46 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-25 06:46 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-25 06:46 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-25 06:46 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-25 06:46 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-25 06:46 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-25 06:46 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-23 15:36 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-23 15:36 . 2010-04-23 15:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-23 15:36 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 14:16 . 2010-04-23 14:16 -------- d-----w- C:\FOUND.001
2010-04-23 14:07 . 2010-04-23 14:09 170293 ----a-w- c:\windows\system32\drivers\IsDrv120.sys
2010-04-23 12:29 . 2010-04-23 12:29 -------- d-----w- C:\rsit
2010-04-22 20:50 . 2010-04-22 20:50 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-22 20:26 . 2010-04-22 20:26 -------- d-----w- c:\documents and settings\Administrator\PrivacIE
2010-04-22 20:24 . 2010-04-22 20:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-11 18:06 . 2010-04-11 18:06 -------- d-----w- C:\FOUND.000
2010-04-08 06:51 . 2010-04-08 06:51 -------- d-----w- c:\program files\MSXML 6.0
2010-04-08 06:50 . 2008-02-11 14:55 586240 ----a-w- c:\windows\system32\drivers\hardlock.sys
2010-04-08 06:50 . 2010-04-08 06:50 -------- d-----w- c:\program files\Common Files\Aladdin Shared
2010-04-08 06:50 . 2008-04-24 11:40 2562048 ----a-w- c:\windows\system32\hasplms.exe
2010-04-08 06:50 . 2008-04-24 11:40 2562048 ----a-w- c:\windows\system32\aksllmtp.exe
2010-04-08 06:50 . 2008-03-18 14:09 350720 ----a-w- c:\windows\system32\drivers\aksfridge.sys
2010-04-08 06:48 . 2003-03-19 11:44 61440 ----a-w- c:\windows\system32\MFC71FRA.DLL
2010-04-08 06:46 . 2008-09-13 17:51 30720 ----a-w- c:\windows\system32\pavedius.dll
2010-04-08 06:46 . 2008-05-15 00:00 65536 ----a-w- c:\windows\system32\pavedius5db.dll
2010-04-08 06:46 . 2008-03-18 06:04 6656 ------w- c:\windows\system32\paveno.dll
2010-04-08 06:46 . 2008-03-18 06:04 462848 ------w- c:\windows\system32\pavapi.dll
2010-04-08 06:46 . 2007-07-30 09:44 1024 ----a-w- c:\windows\system32\pavplal.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 11:43 . 2006-02-22 11:51 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-04-25 11:40 . 2008-02-21 12:10 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-25 09:48 . 2009-07-22 20:42 1636 ------w- c:\windows\Internet Logs\ErrorLog.tmp
2010-04-23 14:09 . 2010-04-23 14:18 15761408 ------w- c:\windows\Internet Logs\xDB51.tmp
2010-04-23 13:49 . 2010-01-28 12:19 3072 ----a-w- c:\windows\system32\drivers\hugoio.sys
2010-04-23 12:17 . 2008-05-16 11:59 98304 ----a-w- c:\windows\DUMP7e57.tmp
2010-04-11 17:59 . 2010-04-11 18:09 15761408 ------w- c:\windows\Internet Logs\xDB50.tmp
2010-04-08 06:52 . 2010-04-08 06:52 -------- d-----w- c:\program files\Common Files\Canopus Shared
2010-04-08 06:52 . 2010-04-08 06:52 -------- d-----w- c:\program files\Canopus
2010-03-31 14:09 . 2010-03-31 14:18 15761408 ------w- c:\windows\Internet Logs\xDB4F.tmp
2010-03-24 17:54 . 2001-09-20 10:00 84458 ----a-w- c:\windows\system32\perfc005.dat
2010-03-24 17:54 . 2001-09-20 10:00 442762 ----a-w- c:\windows\system32\perfh005.dat
2010-03-21 07:30 . 2010-03-21 07:31 15761408 ------w- c:\windows\Internet Logs\xDB4E.tmp
2010-03-10 06:17 . 2002-09-20 15:04 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 18:48 . 2010-03-07 18:48 7036 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-03 15:56 . 2010-03-03 16:51 15761408 ------w- c:\windows\Internet Logs\xDB4D.tmp
2010-03-01 07:39 . 2010-03-01 12:19 15761408 ------w- c:\windows\Internet Logs\xDB4C.tmp
2010-02-25 15:21 . 2010-02-25 15:21 -------- d-----w- c:\program files\ICQ7.0
2010-02-25 06:18 . 2002-09-20 15:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2002-08-28 22:59 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2002-09-20 15:12 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:08 . 2002-09-20 14:12 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 08:57 . 2010-02-16 09:06 15761408 ------w- c:\windows\Internet Logs\xDB4B.tmp
2010-02-12 04:35 . 2002-09-20 15:03 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2002-08-28 22:37 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 18:36 . 2010-02-11 10:20 15761408 ------w- c:\windows\Internet Logs\xDB4A.tmp
2010-02-03 20:59 . 2010-02-03 21:07 15761408 ------w- c:\windows\Internet Logs\xDB49.tmp
2010-02-02 11:53 . 2008-05-16 11:59 98304 ----a-w- c:\windows\DUMP5a83.tmp
2010-02-01 13:27 . 2010-02-01 13:27 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2010-01-31 10:06 . 2010-01-31 10:06 9040 ----a-w- c:\windows\system32\drivers\rdpdispm.sys
2010-01-31 10:06 . 2010-01-31 10:06 19408 ----a-w- c:\windows\system32\drivers\rdpvmp.sys
2010-01-31 10:06 . 2010-01-31 10:06 15696 ----a-w- c:\windows\system32\rdpvdd.dll
2010-01-31 10:06 . 2010-01-31 10:06 118736 ----a-w- c:\windows\system32\rdpdispd.dll
2010-01-28 14:43 . 2010-01-28 17:31 15761408 ------w- c:\windows\Internet Logs\xDB48.tmp
2010-01-28 07:42 . 2010-01-28 11:57 15761408 ------w- c:\windows\Internet Logs\xDB47.tmp
.

((((((((((((((((((((((((((((( SnapShot@2010-04-23_18.58.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-04-25 11:42 . 2010-04-25 11:42 16384 c:\windows\temp\Perflib_Perfdata_258.dat
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2010-04-25 06:46 . 2010-04-25 06:46 219648 c:\windows\Installer\5c5357.msi
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
- 2006-06-23 11:58 . 2010-04-23 14:38 4569088 c:\windows\Installer\4e36e4.msi
+ 2006-06-23 11:58 . 2010-04-25 09:16 4569088 c:\windows\Installer\4e36e4.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-04-13 2387968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-02-11 389120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-10 136600]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2006-12-08 241664]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= 0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 17:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlcrdplauncher]
2010-01-31 10:05 21840 ----a-w- c:\program files\Live Mesh\Remote Desktop\wlcrdplauncher.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IsDrv120.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^SJphone.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\SJphone.lnk
backup=c:\windows\pss\SJphone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Translate Client.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Translate Client.lnk
backup=c:\windows\pss\Translate Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rodina^Nabídka Start^Programy^Po spuštění^HDDlife.lnk]
path=c:\documents and settings\Rodina\Nabídka Start\Programy\Po spuštění\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rodina^Nabídka Start^Programy^Po spuštění^Yahoo! Widget Engine.lnk]
path=c:\documents and settings\Rodina\Nabídka Start\Programy\Po spuštění\Yahoo! Widget Engine.lnk
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-30 21:03 133104 ----a-w- c:\documents and settings\Rodina\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-01-19 10:55 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-12 10:34 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-09-28 00:17 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-11 10:00 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-08-03 04:22 1826816 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-31 06:53 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Live Mesh\\Remote Desktop\\wlcrasvc.exe"=
"c:\\Documents and Settings\\Rodina\\Local Settings\\Data aplikací\\Microsoft\\Live Mesh\\GacBase\\Moe.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-01-15 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-04-25 162768]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2010-04-08 27704]
R1 hugoio;hugoio;c:\program files\i-Menu\hugoio.sys [2010-01-28 9760]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-04-25 19024]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [2006-10-16 2208]
R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [2010-01-31 44880]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [2007-05-28 17408]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2007-11-10 29728]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-01-31 9040]
R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [2010-01-31 19408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2006-02-22 81356]
S2 gupdate1c98babf9ac31d0;Google Update Service (gupdate1c98babf9ac31d0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe --> c:\program files\ICQ6Toolbar\ICQ Service.exe [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2006-02-22 39182]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kxbar.sys --> c:\windows\system32\drivers\wf2kxbar.sys [?]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\Rodina\Plocha\bezpečpc\FileObjInfo.sys --> c:\documents and settings\Rodina\Plocha\bezpečpc\FileObjInfo.sys [?]
S3 FMS;Flash Media Server (FMS);c:\program files\Adobe\Flash Media Server 3\FMSMaster.exe [2008-10-07 2281472]
S3 FMSAdmin;Flash Media Administration Server;c:\program files\Adobe\Flash Media Server 3\FMSAdmin.exe [2008-10-07 2453504]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [2007-05-28 14848]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [2007-05-28 9984]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS --> c:\windows\system32\SophosMEMSWEEP.SYS [?]
S3 rsvcdwdr;rsvcdwdr;c:\windows\system32\drivers\rsvcdwdr.sys [2009-11-16 25120]
S3 usbvm328;A4 Tech USB2.0 PC Camera G;c:\windows\system32\drivers\usbvm326.sys [2007-06-19 348160]
S3 vmfilter326;326 MRD filter service;c:\windows\system32\drivers\vmfilter326.sys [2007-06-19 483072]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 13:08 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 14:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5abdc0b00d84.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 17:18]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 17:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
TCP: {5BEB2F98-487B-4A14-8C50-A2BDECB2D186} = 192.168.1.1,192.168.1.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\35hzb84v.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-25 13:44
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spvg.sys >>UNKNOWN [0x8AD79938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba674cb8
\Driver\atapi -> atapi.sys @ 0xba609b40
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1078081533-573735546-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="3C01532BDAF297FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6A0AC4980AC7933FEBC9E127BECC74C4A19EC75C3016E9E28764B53A637B670FE2B34EFFD0E765968B4CA145E7AB2A378F11A9E285D3C04961CB1300A82B50F224C1465D02BE5B3F28FEF9D81335F53179130DDD53BF36574CE54B371E8F6A32CE0A232F7B1D356D5CD1D7B6FC0731C86F2D5DE6A5DED53297D87010D6E118A27E87E13DE88B485E2205F22E5885E49FC1BA7719AC937466E9911DFA95BCE85F1683F6902D4306BBBBBB82CB6344610810DB1062D49921A5199AFBC2138AE364067ED3AF2042195D9D81F57C7AF8206F15379B47C6CF40F35F991A663D6622617F006AE554617F408347D8594AD21A47EFB76B8F9838846CDB8DB52F5C852C3D115F892658FD55F660E313CAAA1E04BAB989071A6A529C826D7251770E497DBA0E7AB57ED98558D68AB0D262DC5B63C543EA9DF1B2CE9021CDEFAF100C780260500F792515DC01DD656D491D1964B1DA28715AD8235904161585D01E3CF90B856782A7B841DF78FCB59C56E6256FBF8989096A21C2514387AD0BF8970207D913E728371105C0E4AB8068BD33D88583E0B7C6C303A9F2501435E89730E2032903D1239F313644A965FB0C8FC55F7A5BFA2EF4568C50FA395E7159749BA7ACDF9A4FC74A6BD3F2823D9B214C430B1DAB25B95C102B8222655EA113A3D039EA1F41C6051D4D4BE58FE9267763069062632079A7BD623CBF404A0EFB4A00FBFB4101DEA61E9B2773D22C931ED632D0A683D4B30FBE7A7418DC7B5553F6D15D4C1BAF851AA7744C06E6313736E28401734B41F0CC3577DFB22AEA56685BE611A37C9CFC9A4320A3638025697DC6D764BD3E0CE69446B713C98A5C3CF29D3D40DB7F59991BDF21B381A1ECF8812C4BB06C3EA7D83658FE0810A01343E3D1263F11AD9A1E7D5369E6B46BE0E3A5D630EED32E01E1E01D3BF944478F1E5C800164F67F6068F429DD238264C759D80247F6C86B6F9FD686816FD47A6497DC84A87F0E0B1B9514C6E89C9D2143FAE3204B52DD7C1AEEBDC267E0CCB8C5E3E2DC0E9E4F55303F7B010A6111FC6F3E79BA5EB22733CABB61507A751380BA4E6D957007F4F07FCD32110A5C18B7B76C95ACEEF00D84537B03E2B55242B6CE63CA726235846DD97B741A0915451AA795A01E8A4413D5EE72D75D3609D7659C302E1E73FC8E94B13FB2C948C065B3204221682802109EEAD88CDE9B09D1F632C06C87D53707D2988FCEC664C54C9D372AC13CD0D22D8C0C59DCF76C844DEFBE4940F6A7634F432629885B19805EE33F40CE51F6788FC02C7D0F4A93B79A37C0980DFD7CEB8FE88DDB26BB8512053DA0F537172C35EFAC51A852CD5ADE58F9F07"
"OODEFRAG11.00.00.01WORKSTATION"="802E01C415AB8D01032A21658D9C6D883DBC8EF213FB8AC4DE1B5E15729389DA424BC4E8B0CDAD647E6E2ABB4395547544A60F679BB644398F80412CFAD54A9B2DF15E28A076A48401EB29573C93BD2231733128B9C4BCC29055C31CDBF2DC3FDF64AFFB9D219FF9DEC05D19F3C3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B5555D575E7D6A3B98080B9F19E65CFE6FBFB5EF1F9040675AF75BCF590AC54612D06A2B40AE0C2F9FD53423BF48F82651971305D059D35D757D6CD54E81A78BDBAE76EFADE2784DB7855BA57DAAC617BD182187B39666BBA6CFE823529CA0F56E0EF7655210A792F5631901E86560A36354C5E91681EF3CE0B322E10896264821844D90C38F2D6DB7F6782EAD9493FE4564583F59961B7C6DF05F5E25EADF299F2D49962E00CE2BAE4AF94E8E976440B96428C1F214487D67D55A8B755CAB23EBA334444FC483805F6C91A55E1087E5EA72754D6B7F0AA4BEB24000D56E99245A0B48867D027B05256F271D84E668CF59337364DFA1283B37DAB4F3396B6EFE9388B3729DA296B12E6B963E7E45A6C0564ECDAA03059D7068A84C47A560216A95459BBD2BD4EBE8FAF9313B5C9C13E388709F68187A9BD2BDF711F9361EE000AFEE9543368BC3ECE0B939E5C19D3444EA48FB8CF99684D8772982B318B98BBD07B72C0262FB1BE48BCD67B768C145D1CD87E5A694326FDDA921913C8D8C378815D5DE1CE59FA45CF6DB684C1B433561D169D6EB6BE7A91CBB48A383ED342CA42602A1DA0C374643F6105B633BA026AB6FA73C35119731B7E98C141BA29066BBDAF9DAA6344118EC2F1854603C9EEE4C7081777FB0E639B4C2DC30382AC7965EA7FEE58F5287698F19A6DBCA274299C5F33C5D6C07BDAA7B2B2F3AB417C322FDD5D711C76D123A4785F1EC5018586479EC9D373FE547A0DB5AFA670F0FAFA1F0824E9F27A0AEC0931335F9403EEEC1312173BF61B1F4E985DCBD63E84D7EDF701EAE48A81B71E5583A30648EDE5A591AAC8A2BE0E3790A0F1278CA081F64DE1D6D4A37E9A02FC7DBC22385D1523105437DB99D6D894EB9702D2F315667DA527809788A2E8702384BCAD629C6844ED2A2D6562EDBC4AE638837691AE29B1E24E85D13D4DD3CC8BBB3C3940F4D7650868ECF3C6CA64A9C28978A36825D47B06EB92D751F033DA40D0B752CEB6A3B9C1645D14CD869E3D85844D725D51D87D604170A0462CA9DFC97A677EFE6447BD72BE69DE9E6E36D6E0016A24AF79C8F1A69945FA20E0B057A804338359C27746FA4F644FB01FD59A856FB42BEBDF725C8D5A869BB05B8AF8C997EF9D79D04758F165E2DEE05BE2D17CDC6E22071F2237136AE383B9F6FEB65EEDD5237EC6E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1104)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(6988)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\documents and settings\Rodina\Local Settings\Data aplikací\Microsoft\Live Mesh\Bin\WLCShell.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\msdtc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\genius\ioCentre\gMouseTask.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\genius\ioCentre\gKbdTask.exe
c:\genius\ioCentre\gAutoPan.exe
c:\genius\ioCentre\gAutoScroll.exe
c:\windows\system32\RUNDLL32.EXE
c:\genius\ioCentre\gZoom.exe
c:\windows\system32\rundll32.exe
c:\genius\ioCentre\gMGlass.exe
c:\genius\ioCentre\gIMMgm.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\genius\ioCentre\gDeskMgm.exe
c:\genius\ioCentre\gTaskSwitch.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\genius\ioCentre\gZoom.exe
c:\genius\ioCentre\gMGlass.exe
c:\genius\ioCentre\gIMMgm.exe
c:\genius\ioCentre\gDeskMgm.exe
c:\genius\ioCentre\gTaskSwitch.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\genius\ioCentre\gZoom.exe
.
**************************************************************************
.
Celkový čas: 2010-04-25 13:47:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-25 11:47
ComboFix2.txt 2010-04-25 06:28
ComboFix3.txt 2010-04-24 07:23
ComboFix4.txt 2010-04-23 18:59
ComboFix5.txt 2010-04-25 10:44

Před spuštěním: 3,064,004,608
Po spuštění: 3,043,590,144

- - End Of File - - 89FF2915F4C6A1C9BF5ECC45F6E5193F

Log již vypadá čistý.