82 viru

[smirin]

Ahoj,

dostal se mi do ruky PC, že pry tam skace jeden virus.....
Po otestovani noda, ktery byl aktualizovan naposledy zacatkem roku 2009 našel NOD 82 viru.
Vetsina viru je tedy v C:\Sys. Vol. Inf.....
2x tam byl Win32/PSW.OnLineGames.OUM trojský kun

Dal jsem vylecit NODEM, ale pro jistotu prilozim log z RSIT pro kontrolu.
Predem dekuji za kontrolu.

Logfile of random's system information tool 1.08 (written by random/random)
Run by ___Kaata___ at 2010-11-06 21:36:33
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 33 GB (22%) free of 153 GB
Total RAM: 511 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:36:53, on 6.11.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Documents and Settings\Zdenek Panek\Plocha\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\TC UP\TOTALCMD.EXE
C:\Documents and Settings\___Kaata___\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\___Kaata___.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\___Kaata___\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\___Kaata___\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ6\ICQ.exe -minimize
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BMISR] C:\Program Files\KYE\WebMate\BM.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PHOTOfunSTUDIO.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm824YYCZ
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8793032685
O17 - HKLM\System\CCS\Services\Tcpip\..\{22D7C425-9966-427A-A5FA-21631C186CD9}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{22D7C425-9966-427A-A5FA-21631C186CD9}: NameServer = 192.168.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Documents and Settings\Zdenek Panek\Plocha\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10318 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [2007-02-11 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-10-10 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2007-02-11 376915]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E1500AC-87A5-416b-A211-82E848649DA9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\___Kaata___\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}]
WhenUSearch Helper - C:\Program Files\WhenUSearch\search.dll [2005-10-31 243264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre0.dll [2010-11-04 2735200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2007-02-11 376915]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre0.dll [2010-11-04 2735200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-07-26 13570048]
"nwiz"=nwiz.exe /install []
"Zástupce stránky vlastností sběrnice High Definition Audio"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2010-11-05 949376]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-12-07 30208]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-09-29 49152]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-11-08 128920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"Mirabilis ICQ"=C:\Program Files\ICQ6\ICQ.exe -minimize []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-07-26 86016]
"BMISR"=C:\Program Files\KYE\WebMate\BM.exe []
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-02-08 95800]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-11-12 2356088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\api32]
C:\DOCUME~1\ZDENEK~1\LOCALS~1\Temp\apiqq.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdoosoft]
C:\DOCUME~1\ZDENEK~1\LOCALS~1\Temp\herss.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dso32]
C:\DOCUME~1\ZDENEK~1\LOCALS~1\Temp\dsoqq.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\king_mg]
C:\DOCUME~1\ZDENEK~1\LOCALS~1\Temp\mgking.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2007-02-11 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Save]
C:\Program Files\Save\Save.exe [2006-08-25 803184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
C:\Program Files\WhenUSearch\Search.exe [2005-10-31 305728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE]
C:\Program Files\WhenUSearch\whse.exe [2005-10-31 179264]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
PHOTOfunSTUDIO.lnk - C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=4294967295

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\QIP1\qip.exe"="C:\Program Files\QIP1\qip.exe:*:Disabled:Quiet Internet Pager"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Age of Empires II\empires2.exe"="D:\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II"
"D:\EasySetupAssistant\EasySetupAssistant.exe"="D:\EasySetupAssistant\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.scr - open - "%1" /S "%3"

======List of files/folders created in the last 1 months======

2010-11-06 19:14:41 ----D---- C:\Documents and Settings\___Kaata___\Data aplikací\Malwarebytes
2010-11-06 19:14:13 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-11-06 19:14:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-11-06 19:14:09 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-11-06 19:14:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-06 19:12:07 ----D---- C:\Program Files\CCleaner
2010-11-06 19:10:22 ----D---- C:\Documents and Settings\___Kaata___\Data aplikací\GHISLER
2010-11-05 22:03:40 ----D---- C:\Documents and Settings\___Kaata___\Data aplikací\TeamViewer
2010-11-05 21:33:59 ----D---- C:\Program Files\trend micro
2010-11-05 21:33:54 ----D---- C:\rsit
2010-11-05 21:23:49 ----D---- C:\WINDOWS\pss
2010-11-05 21:20:05 ----A---- C:\WINDOWS\UC.PIF
2010-11-05 21:20:05 ----A---- C:\WINDOWS\RAR.PIF
2010-11-05 21:20:05 ----A---- C:\WINDOWS\PKZIP.PIF
2010-11-05 21:20:05 ----A---- C:\WINDOWS\PKUNZIP.PIF
2010-11-05 21:20:05 ----A---- C:\WINDOWS\NOCLOSE.PIF
2010-11-05 21:20:05 ----A---- C:\WINDOWS\LHA.PIF
2010-11-05 21:20:05 ----A---- C:\WINDOWS\ARJ.PIF
2010-11-05 17:56:54 ----RSH---- C:\egmjjb.exe
2010-11-04 17:48:59 ----RSH---- C:\l10.exe
2010-11-01 12:23:00 ----D---- C:\Program Files\Common Files\Skype
2010-10-25 14:19:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files

======List of files/folders modified in the last 1 months======

2010-11-06 21:36:36 ----D---- C:\WINDOWS\Prefetch
2010-11-06 21:08:48 ----D---- C:\WINDOWS\Temp
2010-11-06 19:14:13 ----D---- C:\WINDOWS\system32\drivers
2010-11-06 19:14:08 ----RD---- C:\Program Files
2010-11-06 19:02:05 ----A---- C:\WINDOWS\msicpl.ini
2010-11-06 18:38:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-06 05:10:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-05 21:47:43 ----D---- C:\WINDOWS\system32
2010-11-05 21:47:43 ----D---- C:\Program Files\ESET
2010-11-05 21:45:45 ----D---- C:\WINDOWS
2010-11-05 21:25:57 ----SH---- C:\boot.ini
2010-11-05 21:25:57 ----A---- C:\WINDOWS\win.ini
2010-11-05 21:25:57 ----A---- C:\WINDOWS\system.ini
2010-11-05 21:20:07 ----D---- C:\TC UP
2010-11-05 21:13:54 ----A---- C:\WINDOWS\system32\imon.dll
2010-11-04 17:49:07 ----D---- C:\Program Files\Save
2010-11-02 12:47:31 ----D---- C:\Program Files\Mozilla Firefox
2010-11-01 12:23:07 ----SHD---- C:\WINDOWS\Installer
2010-11-01 12:23:07 ----HD---- C:\Config.Msi
2010-11-01 12:23:01 ----D---- C:\Program Files\Skype
2010-11-01 12:23:00 ----D---- C:\Program Files\Common Files
2010-11-01 08:02:28 ----A---- C:\WINDOWS\NeroDigital.ini
2010-10-31 16:47:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-24 12:20:10 ----A---- C:\WINDOWS\IE4 Error Log.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2008-07-31 43872]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-04-28 721904]
R0 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2004-05-18 74112]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2010-11-05 15424]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2010-11-05 512096]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2006-02-15 1301568]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-02-05 223128]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-04-26 135168]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-07-26 6097536]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio; C:\WINDOWS\system32\DRIVERS\RLVrtAuCbl.sys [2007-03-19 31616]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-06-16 180480]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 as5xxrto;as5xxrto; C:\WINDOWS\system32\drivers\as5xxrto.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Ovladač funkcí Microsoft UAA pro služby sběrnice High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 PAC7302;Eye 312; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBModem000;LGE Mobile USB Modem TC; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 InterBaseGuardian;InterBase Guardian; C:\Program Files\Borland\InterBase\bin\ibguard.exe [2001-11-29 32768]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2010-11-05 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-07-26 159812]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936]
R2 StarWindServiceAE;StarWind AE Service; C:\Documents and Settings\Zdenek Panek\Plocha\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R3 InterBaseServer;InterBase Server; C:\Program Files\Borland\InterBase\bin\ibserver.exe [2001-11-29 1769472]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[smirin]

ComboFix 10-11-07.01 - ___Kaata___ 06.11.2010 21:58:20.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.114 [GMT 1:00]
Spuštěný z: c:\documents and settings\___Kaata___\Dokumenty\Stažené soubory\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\___Kaata___\kvarchvo.exe
c:\documents and settings\___Kaata___\kvro9999.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\0002303D.urr
c:\program files\FunWebProducts\ScreenSaver\Images\00324CC5.urr
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
c:\program files\MyWebSearch\bar\1.bin\F3CJpeg.dll
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\close.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\common-x.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\common.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js
c:\program files\MyWebSearch\bar\Avatar\COMMON\include.js
c:\program files\MyWebSearch\bar\Avatar\COMMON\index.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\loading.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\login.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\logo.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\max.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\min.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
c:\program files\MyWebSearch\bar\Avatar\COMMON\unmax.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\window.ico
c:\program files\MyWebSearch\bar\Cache\000143E9
c:\program files\MyWebSearch\bar\Cache\00028D32
c:\program files\MyWebSearch\bar\Cache\0003BA48.bin
c:\program files\MyWebSearch\bar\Cache\0003C823.bin
c:\program files\MyWebSearch\bar\Cache\0003CA17.bin
c:\program files\MyWebSearch\bar\Cache\000BD3C5
c:\program files\MyWebSearch\bar\Cache\000D49DB
c:\program files\MyWebSearch\bar\Cache\0016EEC9
c:\program files\MyWebSearch\bar\Cache\0022403F.bin
c:\program files\MyWebSearch\bar\Cache\002BBA65.bin
c:\program files\MyWebSearch\bar\Cache\002BBCF5.bin
c:\program files\MyWebSearch\bar\Cache\002BCAB1.bin
c:\program files\MyWebSearch\bar\Cache\002BCC28.bin
c:\program files\MyWebSearch\bar\Cache\002BCE5B
c:\program files\MyWebSearch\bar\Cache\0032001C.bin
c:\program files\MyWebSearch\bar\Cache\003202EA.bin
c:\program files\MyWebSearch\bar\Cache\00320684.bin
c:\program files\MyWebSearch\bar\Cache\00320905.bin
c:\program files\MyWebSearch\bar\Cache\00960BDD.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSrcas.dll
c:\program files\Ofb1
c:\program files\Ofb1\Uninstall.exe
c:\program files\WhenUSearch
c:\program files\WhenUSearch\Content\css\dialog.css
c:\program files\WhenUSearch\Content\css\menu.css
c:\program files\WhenUSearch\Content\css\module_weather.css
c:\program files\WhenUSearch\Content\css\module_weather_dialog.css
c:\program files\WhenUSearch\Content\css\quick.css
c:\program files\WhenUSearch\Content\customize.html
c:\program files\WhenUSearch\Content\daemon.ico
c:\program files\WhenUSearch\Content\dialog.css
c:\program files\WhenUSearch\Content\global.js
c:\program files\WhenUSearch\Content\images\add_image.gif
c:\program files\WhenUSearch\Content\images\add_image_down.gif
c:\program files\WhenUSearch\Content\images\add_image_on.gif
c:\program files\WhenUSearch\Content\images\arrow_down.gif
c:\program files\WhenUSearch\Content\images\arrow_down_on.gif
c:\program files\WhenUSearch\Content\images\arrow_right.gif
c:\program files\WhenUSearch\Content\images\arrow_right_on.gif
c:\program files\WhenUSearch\Content\images\button_go.gif
c:\program files\WhenUSearch\Content\images\button_go_down.gif
c:\program files\WhenUSearch\Content\images\button_go_on.gif
c:\program files\WhenUSearch\Content\images\button_search_down.gif
c:\program files\WhenUSearch\Content\images\button_search_off.gif
c:\program files\WhenUSearch\Content\images\button_search_on.gif
c:\program files\WhenUSearch\Content\images\button_search_sm_down.gif
c:\program files\WhenUSearch\Content\images\button_search_sm_off.gif
c:\program files\WhenUSearch\Content\images\button_search_sm_on.gif
c:\program files\WhenUSearch\Content\images\button_specials_on.gif
c:\program files\WhenUSearch\Content\images\corner_bottom_left.gif
c:\program files\WhenUSearch\Content\images\corner_top_left.gif
c:\program files\WhenUSearch\Content\images\delete_button.gif
c:\program files\WhenUSearch\Content\images\delete_button_down.gif
c:\program files\WhenUSearch\Content\images\delete_button_on.gif
c:\program files\WhenUSearch\Content\images\divider.gif
c:\program files\WhenUSearch\Content\images\dot_orange.gif
c:\program files\WhenUSearch\Content\images\dt_min_logo.gif
c:\program files\WhenUSearch\Content\images\gear.gif
c:\program files\WhenUSearch\Content\images\gear_down.gif
c:\program files\WhenUSearch\Content\images\gear_grey.gif
c:\program files\WhenUSearch\Content\images\gear_on.gif
c:\program files\WhenUSearch\Content\images\instructions_border_corner.gif
c:\program files\WhenUSearch\Content\images\instructions_border_right.gif
c:\program files\WhenUSearch\Content\images\instructions_border_top.gif
c:\program files\WhenUSearch\Content\images\link.gif
c:\program files\WhenUSearch\Content\images\lock.gif
c:\program files\WhenUSearch\Content\images\lock_down.gif
c:\program files\WhenUSearch\Content\images\lock_grey.gif
c:\program files\WhenUSearch\Content\images\lock_on.gif
c:\program files\WhenUSearch\Content\images\logo_searchbar_down.gif
c:\program files\WhenUSearch\Content\images\logo_searchbar_off.gif
c:\program files\WhenUSearch\Content\images\logo_searchbar_on.gif
c:\program files\WhenUSearch\Content\images\main_bg.gif
c:\program files\WhenUSearch\Content\images\manage.gif
c:\program files\WhenUSearch\Content\images\manage_down.gif
c:\program files\WhenUSearch\Content\images\manage_grey.gif
c:\program files\WhenUSearch\Content\images\manage_on.gif
c:\program files\WhenUSearch\Content\images\menu_aim_bw.gif
c:\program files\WhenUSearch\Content\images\menu_arrow_right.gif
c:\program files\WhenUSearch\Content\images\menu_bg.gif
c:\program files\WhenUSearch\Content\images\menu_left_bg.gif
c:\program files\WhenUSearch\Content\images\menu_main_bw.gif
c:\program files\WhenUSearch\Content\images\menu_pbandit_bw.gif
c:\program files\WhenUSearch\Content\images\menu_right_bg.gif
c:\program files\WhenUSearch\Content\images\menu_ucontrol_bw.gif
c:\program files\WhenUSearch\Content\images\menu_ucontrol_filler_bw.gif
c:\program files\WhenUSearch\Content\images\menu_whenu_bw.gif
c:\program files\WhenUSearch\Content\images\message_alert.gif
c:\program files\WhenUSearch\Content\images\min_new_res_menu.gif
c:\program files\WhenUSearch\Content\images\min_new_res_menu_down.gif
c:\program files\WhenUSearch\Content\images\min_new_res_menu_on.gif
c:\program files\WhenUSearch\Content\images\min_new_results_new.gif
c:\program files\WhenUSearch\Content\images\min_new_results_new_down.gif
c:\program files\WhenUSearch\Content\images\min_new_results_new_on.gif
c:\program files\WhenUSearch\Content\images\min_new_results_new_text.gif
c:\program files\WhenUSearch\Content\images\min_new_results_new_text_on.gif
c:\program files\WhenUSearch\Content\images\module_weather_left_bg_top.gif
c:\program files\WhenUSearch\Content\images\more_bg.gif
c:\program files\WhenUSearch\Content\images\more_bottom_bg.gif
c:\program files\WhenUSearch\Content\images\more_bottom_main.gif
c:\program files\WhenUSearch\Content\images\more_bottom_main_bg.gif
c:\program files\WhenUSearch\Content\images\more_left_bg.gif
c:\program files\WhenUSearch\Content\images\more_right_bg.gif
c:\program files\WhenUSearch\Content\images\more_top_bg.gif
c:\program files\WhenUSearch\Content\images\more_top_left.gif
c:\program files\WhenUSearch\Content\images\more_top_left_bw.gif
c:\program files\WhenUSearch\Content\images\more_top_right.gif
c:\program files\WhenUSearch\Content\images\more_top_right_bw.gif
c:\program files\WhenUSearch\Content\images\more_top_x.gif
c:\program files\WhenUSearch\Content\images\more_top_x_bw.gif
c:\program files\WhenUSearch\Content\images\more_top_x_down.gif
c:\program files\WhenUSearch\Content\images\more_top_x_on.gif
c:\program files\WhenUSearch\Content\images\mount.gif
c:\program files\WhenUSearch\Content\images\mount_down.gif
c:\program files\WhenUSearch\Content\images\mount_grey.gif
c:\program files\WhenUSearch\Content\images\mount_on.gif
c:\program files\WhenUSearch\Content\images\nav_button_bg.gif
c:\program files\WhenUSearch\Content\images\nav_button_bg_down.gif
c:\program files\WhenUSearch\Content\images\nav_button_bg_on.gif
c:\program files\WhenUSearch\Content\images\notyet.gif
c:\program files\WhenUSearch\Content\images\notyet_bw.gif
c:\program files\WhenUSearch\Content\images\open_bg.gif
c:\program files\WhenUSearch\Content\images\open_bottom_bg.gif
c:\program files\WhenUSearch\Content\images\open_bottom_left.gif
c:\program files\WhenUSearch\Content\images\open_bottom_left_bw.gif
c:\program files\WhenUSearch\Content\images\open_bottom_right.gif
c:\program files\WhenUSearch\Content\images\open_bottom_right_bw.gif
c:\program files\WhenUSearch\Content\images\open_cancel.gif
c:\program files\WhenUSearch\Content\images\open_cancel_down.gif
c:\program files\WhenUSearch\Content\images\open_cancel_on.gif
c:\program files\WhenUSearch\Content\images\open_defaults.gif
c:\program files\WhenUSearch\Content\images\open_defaults_down.gif
c:\program files\WhenUSearch\Content\images\open_defaults_on.gif
c:\program files\WhenUSearch\Content\images\open_open.gif
c:\program files\WhenUSearch\Content\images\open_open_down.gif
c:\program files\WhenUSearch\Content\images\open_open_on.gif
c:\program files\WhenUSearch\Content\images\open_save.gif
c:\program files\WhenUSearch\Content\images\open_save_down.gif
c:\program files\WhenUSearch\Content\images\open_save_on.gif
c:\program files\WhenUSearch\Content\images\open_search.gif
c:\program files\WhenUSearch\Content\images\open_search_down.gif
c:\program files\WhenUSearch\Content\images\open_search_on.gif
c:\program files\WhenUSearch\Content\images\right_bg.gif
c:\program files\WhenUSearch\Content\images\right_bg_grey.gif
c:\program files\WhenUSearch\Content\images\right_instructions.gif
c:\program files\WhenUSearch\Content\images\right_instructions_on.gif
c:\program files\WhenUSearch\Content\images\right_instructions_red.gif
c:\program files\WhenUSearch\Content\images\right_left.gif
c:\program files\WhenUSearch\Content\images\right_left_grey.gif
c:\program files\WhenUSearch\Content\images\right_main_bg.gif
c:\program files\WhenUSearch\Content\images\right_more_left.gif
c:\program files\WhenUSearch\Content\images\right_more_off.gif
c:\program files\WhenUSearch\Content\images\right_more_on.gif
c:\program files\WhenUSearch\Content\images\right_more_up.gif
c:\program files\WhenUSearch\Content\images\spacer.gif
c:\program files\WhenUSearch\Content\images\tab_left_bg.gif
c:\program files\WhenUSearch\Content\images\tab_left_bw.gif
c:\program files\WhenUSearch\Content\images\tab_left_down.gif
c:\program files\WhenUSearch\Content\images\tab_left_off.gif
c:\program files\WhenUSearch\Content\images\tab_left_on.gif
c:\program files\WhenUSearch\Content\images\tab_right_down.gif
c:\program files\WhenUSearch\Content\images\tab_right_off.gif
c:\program files\WhenUSearch\Content\images\tab_right_on.gif
c:\program files\WhenUSearch\Content\images\unmount.gif
c:\program files\WhenUSearch\Content\images\unmount_down.gif
c:\program files\WhenUSearch\Content\images\unmount_grey.gif
c:\program files\WhenUSearch\Content\images\unmount_on.gif
c:\program files\WhenUSearch\Content\index.htm
c:\program files\WhenUSearch\Content\instructions.html
c:\program files\WhenUSearch\Content\loading.html
c:\program files\WhenUSearch\Content\main_menu_sub.html
c:\program files\WhenUSearch\Content\menu.css
c:\program files\WhenUSearch\Content\menu_emu.html
c:\program files\WhenUSearch\Content\menu_main.html
c:\program files\WhenUSearch\Content\menu_manage.html
c:\program files\WhenUSearch\Content\menu_opt.html
c:\program files\WhenUSearch\Content\menu_ucontrol.html
c:\program files\WhenUSearch\Content\menu_whenu.html
c:\program files\WhenUSearch\Content\message.html
c:\program files\WhenUSearch\Content\min.html
c:\program files\WhenUSearch\Content\module_weather.css
c:\program files\WhenUSearch\Content\module_weather_dialog.css
c:\program files\WhenUSearch\Content\more.html
c:\program files\WhenUSearch\Content\movement.js
c:\program files\WhenUSearch\Content\newresults.html
c:\program files\WhenUSearch\Content\notyet.html
c:\program files\WhenUSearch\Content\open_browser.html
c:\program files\WhenUSearch\Content\open_search.html
c:\program files\WhenUSearch\Content\quick.css
c:\program files\WhenUSearch\Content\quick_coupon.html
c:\program files\WhenUSearch\Content\quick_instructions.html
c:\program files\WhenUSearch\Content\quick_search.html
c:\program files\WhenUSearch\Content\quick_tutorial.html
c:\program files\WhenUSearch\Content\right.html
c:\program files\WhenUSearch\Content\search.html
c:\program files\WhenUSearch\Content\splash.html
c:\program files\WhenUSearch\Content\tooltip_emu.html
c:\program files\WhenUSearch\Content\tooltip_go.html
c:\program files\WhenUSearch\Content\tooltip_logo.html
c:\program files\WhenUSearch\Content\tooltip_manage.html
c:\program files\WhenUSearch\Content\tooltip_more.html
c:\program files\WhenUSearch\Content\tooltip_opt.html
c:\program files\WhenUSearch\Content\tooltip_search.html
c:\program files\WhenUSearch\Content\tooltip_slider.html
c:\program files\WhenUSearch\Content\tooltip_whenu.html
c:\program files\WhenUSearch\Content\tooltip_whenu2.html
c:\program files\WhenUSearch\Content\ui.cfg
c:\program files\WhenUSearch\Content\uninst.ico
c:\program files\WhenUSearch\search.db
c:\program files\WhenUSearch\search.dll
c:\program files\WhenUSearch\Search.exe
c:\program files\WhenUSearch\search.htm
c:\program files\WhenUSearch\store.db
c:\program files\WhenUSearch\Uninst.exe
c:\program files\WhenUSearch\whse.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-06 do 2010-11-06 )))))))))))))))))))))))))))))))
.

2010-11-06 18:14 . 2010-11-06 18:14 -------- d-----w- c:\documents and settings\___Kaata___\Data aplikací\Malwarebytes
2010-11-06 18:14 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-06 18:14 . 2010-11-06 18:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-06 18:14 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-06 18:14 . 2010-11-06 18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-06 18:12 . 2010-11-06 18:12 -------- d-----w- c:\program files\CCleaner
2010-11-06 18:10 . 2010-11-06 18:10 -------- d-----w- c:\documents and settings\___Kaata___\Data aplikací\GHISLER
2010-11-05 21:03 . 2010-11-05 21:03 -------- d-----w- c:\documents and settings\___Kaata___\Data aplikací\TeamViewer
2010-11-05 20:33 . 2010-11-06 20:36 -------- d-----w- c:\program files\trend micro
2010-11-05 20:33 . 2010-11-05 20:34 -------- d-----w- C:\rsit
2010-11-05 20:20 . 2010-07-07 06:55 545 ----a-w- c:\windows\UC.PIF
2010-11-05 20:20 . 2010-07-07 06:55 545 ----a-w- c:\windows\RAR.PIF
2010-11-05 20:20 . 2010-07-07 06:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-11-05 20:20 . 2010-07-07 06:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-11-05 20:20 . 2010-07-07 06:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-11-05 20:20 . 2010-07-07 06:55 545 ----a-w- c:\windows\LHA.PIF
2010-11-05 20:20 . 2010-07-07 06:55 545 ----a-w- c:\windows\ARJ.PIF
2010-11-05 16:56 . 2010-11-05 16:56 176128 --sh--r- C:\egmjjb.exe
2010-11-04 16:48 . 2010-11-04 16:48 173568 --sh--r- C:\l10.exe
2010-11-01 11:23 . 2010-11-01 11:23 -------- d-----w- c:\program files\Common Files\Skype
2010-10-31 15:52 . 2010-10-31 15:52 1409 ----a-w- c:\windows\QTFont.for
2010-10-25 13:19 . 2010-10-25 13:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-05 20:13 . 2007-01-14 16:06 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2010-11-05 20:13 . 2007-01-14 16:06 298104 ----a-w- c:\windows\system32\imon.dll
2010-11-05 20:13 . 2007-01-14 16:06 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2010-11-04 07:49 2735200 ----a-w- c:\program files\free-downloads.net\tbfre0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-11-04 2735200]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-11-04 2735200]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-12 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048]
"nwiz"="nwiz.exe" [2008-07-26 1657376]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 61952]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-11-05 949376]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-29 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 86016]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PHOTOfunSTUDIO.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2009-8-11 44176]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2007-1-14 585728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Save]
2006-08-25 13:45 803184 ----a-w- c:\program files\Save\Save.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.2.2007 18:38 721904]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [14.1.2007 17:06 15424]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [14.1.2007 17:01 15872]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [1.7.2008 20:23 222456]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [14.1.2007 16:54 1301568]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [16.6.2010 7:16 31616]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 USBModem000;LGE Mobile USB Modem TC;c:\windows\system32\drivers\usbser.sys [28.6.2007 19:41 25600]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {22D7C425-9966-427A-A5FA-21631C186CD9} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\___Kaata___\Data aplikací\Mozilla\Firefox\Profiles\5ys9dzx0.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-Mirabilis ICQ - c:\program files\ICQ6\ICQ.exe
HKLM-Run-BMISR - c:\program files\KYE\WebMate\BM.exe
MSConfigStartUp-api32 - c:\docume~1\ZDENEK~1\LOCALS~1\Temp\apiqq.exe
MSConfigStartUp-cdoosoft - c:\docume~1\ZDENEK~1\LOCALS~1\Temp\herss.exe
MSConfigStartUp-dso32 - c:\docume~1\ZDENEK~1\LOCALS~1\Temp\dsoqq.exe
MSConfigStartUp-king_mg - c:\docume~1\ZDENEK~1\LOCALS~1\Temp\mgking.exe
MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-WhenUSearch - c:\program files\WhenUSearch\Search.exe
MSConfigStartUp-WhenUSearchWHSE - c:\program files\WhenUSearch\whse.exe
AddRemove-Info - c:\program files\Media Art\Kadeřník\Coiffeur.isu
AddRemove-DOBRODRUŽSTVÁ MYŠI - Demo verze_is1 - c:\program files\Play\DOBRODRUŽSTVÁ MYŠI - Demo verze\unins000.exe
AddRemove-FishTalesTrial_is1 - c:\program files\Fish Tales Trial\unins000.exe
AddRemove-Hair Studio - Vlasové studio_is1 - c:\program files\Hair Studio - Vlasové studio\unins000.exe
AddRemove-ICQ Password - c:\program files\ICQ Password\unsetup.exe
AddRemove-Krteček 1.9 beta 7_is1 - c:\program files\Krteček 1.9 beta 7\unins000.exe
AddRemove-Krteček_is1 - c:\program files\Krtecek_2_0\unins000.exe
AddRemove-Magic Ball 2_is1 - c:\program files\Magic Ball 2\unins000.exe
AddRemove-Newyeardanceparty.scr - c:\program files\Ofb1\Uninstall.exe
AddRemove-PhotoFiltre Studio - c:\program files\PhotoFiltre Studio\Uninst.exe
AddRemove-Rainbow Islands - Candyland - c:\program files\Rainbow Islands - Candyland\uninstall.exe
AddRemove-Tajuplný ostrov - c:\program files\Tajuplný ostrov\Uninstall.exe
AddRemove-TAXI MADNESS LONDON - c:\program files\TAXI MADNESS LONDON\uninstall.exe
AddRemove-Type Faster - c:\program files\Type Faster\Uninstal.exe
AddRemove-Vietcong - c:\program files\Vietcong\Uninstall.exe
AddRemove-WhenUSearch - c:\program files\WhenUSearch\Uninst.exe
AddRemove-ZAV1_is1 - c:\program files\ZAV1\unins000.exe
AddRemove-{75E578B8-848F-4FCE-82B3-B08AB2A561D2}_is1 - c:\program files\Rally Championship Xtreme\unins000.exe
AddRemove-{ADE91A13-434D-4229-00BC-182BAD607303} - c:\program files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-06 22:08
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-861567501-2111687655-682003330-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(836)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-11-06 22:14:00
ComboFix-quarantined-files.txt 2010-11-06 21:13

Před spuštěním: Volných bajtů: 35 001 167 872
Po spuštění: Volných bajtů: 34 957 578 240

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 887479AF10ACA59F470312A1A3CBD833

[Rudy]

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
C:\egmjjb.exe
C:\l10.exe

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[smirin]

ComboFix 10-11-07.01 - ___Kaata___ 07.11.2010 10:56:17.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.247 [GMT 1:00]
Spuštěný z: c:\documents and settings\___Kaata___\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\___Kaata___\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý


file zipped: C:\egmjjb.exe
file zipped: C:\l10.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\___Kaata___\Data aplikací\TMInc
c:\documents and settings\___Kaata___\Data aplikací\TMInc\game.cfg
c:\documents and settings\___Kaata___\Data aplikací\TMInc\user1.sav
C:\egmjjb.exe
C:\l10.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-07 do 2010-11-07 )))))))))))))))))))))))))))))))
.

2010-11-06 18:14 . 2010-11-06 18:14 -------- d-----w- c:\documents and settings\___Kaata___\Data aplikací\Malwarebytes
2010-11-06 18:14 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-06 18:14 . 2010-11-06 18:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-06 18:14 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-06 18:14 . 2010-11-06 18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-06 18:12 . 2010-11-06 18:12 -------- d-----w- c:\program files\CCleaner
2010-11-06 18:10 . 2010-11-06 18:10 -------- d-----w- c:\documents and settings\___Kaata___\Data aplikací\GHISLER
2010-11-05 21:03 . 2010-11-05 21:03 -------- d-----w- c:\documents and settings\___Kaata___\Data aplikací\TeamViewer
2010-11-05 20:33 . 2010-11-06 20:36 -------- d-----w- c:\program files\trend micro
2010-11-05 20:33 . 2010-11-05 20:34 -------- d-----w- C:\rsit
2010-11-05 20:20 . 2010-07-07 06:55 545 ----a-w- c:\windows\UC.PIF
2010-11-05 20:20 . 2010-07-07 06:55 545 ----a-w- c:\windows\RAR.PIF
2010-11-05 20:20 . 2010-07-07 06:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-11-05 20:20 . 2010-07-07 06:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-11-05 20:20 . 2010-07-07 06:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-11-05 20:20 . 2010-07-07 06:55 545 ----a-w- c:\windows\LHA.PIF
2010-11-05 20:20 . 2010-07-07 06:55 545 ----a-w- c:\windows\ARJ.PIF
2010-11-01 11:23 . 2010-11-01 11:23 -------- d-----w- c:\program files\Common Files\Skype
2010-10-31 15:52 . 2010-10-31 15:52 1409 ----a-w- c:\windows\QTFont.for
2010-10-25 13:19 . 2010-10-25 13:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-05 20:13 . 2007-01-14 16:06 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2010-11-05 20:13 . 2007-01-14 16:06 298104 ----a-w- c:\windows\system32\imon.dll
2010-11-05 20:13 . 2007-01-14 16:06 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2010-11-04 07:49 2735200 ----a-w- c:\program files\free-downloads.net\tbfre0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-11-04 2735200]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-11-04 2735200]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048]
"nwiz"="nwiz.exe" [2008-07-26 1657376]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 61952]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-11-05 949376]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-29 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 86016]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PHOTOfunSTUDIO.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2009-8-11 44176]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2007-1-14 585728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Save]
2006-08-25 13:45 803184 ----a-w- c:\program files\Save\Save.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.2.2007 18:38 721904]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [14.1.2007 17:06 15424]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [14.1.2007 17:01 15872]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [1.7.2008 20:23 222456]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [14.1.2007 16:54 1301568]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [16.6.2010 7:16 31616]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 USBModem000;LGE Mobile USB Modem TC;c:\windows\system32\drivers\usbser.sys [28.6.2007 19:41 25600]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {22D7C425-9966-427A-A5FA-21631C186CD9} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\___Kaata___\Data aplikací\Mozilla\Firefox\Profiles\5ys9dzx0.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-07 11:07
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-861567501-2111687655-682003330-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(924)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-11-07 11:11:51
ComboFix-quarantined-files.txt 2010-11-07 10:11
ComboFix2.txt 2010-11-06 21:14

Před spuštěním: Volných bajtů: 34 986 602 496
Po spuštění: Volných bajtů: 34 973 376 512

- - End Of File - - 90861CF329E7E19D00FC696DBC457C05
Nahr nˇ probŘhlo ŁspŘçnŘ

[Rudy]

Log již vypadá čistý.

[smirin]

Diky za pomoc.

smirin

[Rudy]

Nemáte zač!