VIRY.CZ

Logfile of random's system information tool 1.08 (written by random/random)
Run by pc at 2011-01-27 18:46:46
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 15 GB (10%) free of 153 GB
Total RAM: 479 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:46:54, on 27.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\D-Tools\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\pc\Plocha\RSIT.exe
C:\Program Files\trend micro\pc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\D-Tools\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RestartNeroSetup] "D:\Installation\SetupX.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Freedownloadmanager\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PCSpeedUp] "C:\Program Files\Zrychleni Pocitace\PCSpeedUp.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)" -"http://hry2.1001hry.cz/699bbd6eba34f4b3 ... =1&nobtn=1"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3479322224
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF819D75-CAF5-4284-9B4A-7E0E6794CA99}: NameServer = 212.111.0.10,193.179.148.42
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 7983 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Antivirus.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP3 Rocket 5.0.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"DAEMON Tools"=C:\Program Files\D-Tools\DAEMON Tools\daemon.exe [2006-11-12 157592]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-10-20 111928]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RestartNeroSetup"=D:\Installation\SetupX.exe [2007-06-18 1820208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"=C:\Program Files\Freedownloadmanager\Free Download Manager\fdm.exe -autorun []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Sony Ericsson PC Companion"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2009-12-08 774144]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-12-03 14944136]
"PCSpeedUp"=C:\Program Files\Zrychleni Pocitace\PCSpeedUp.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2009-01-16 460216]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-03-29 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"HonorAutoRunSetting"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe"="C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe:*:Enabled:SweetIM Installer"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\NeroExpress\Installation\SetupX.exe"="D:\NeroExpress\Installation\SetupX.exe:*:Enabled:Nero ProductSetup"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-01-27 18:46:46 ----D---- C:\Program Files\trend micro
2011-01-27 15:59:49 ----D---- C:\Program Files\Zrychleni Pocitace
2011-01-12 12:43:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$

======List of files/folders modified in the last 1 months======

2011-01-27 18:46:46 ----D---- C:\Program Files
2011-01-27 18:45:39 ----SHD---- C:\WINDOWS\Installer
2011-01-27 18:45:39 ----SHD---- C:\Config.Msi
2011-01-27 18:44:56 ----D---- C:\WINDOWS\temp
2011-01-27 18:32:56 ----D---- C:\Documents and Settings\pc\Data aplikací\Skype
2011-01-27 18:31:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-27 18:27:56 ----D---- C:\WINDOWS\Prefetch
2011-01-27 18:25:05 ----D---- C:\Documents and Settings\pc\Data aplikací\skypePM
2011-01-27 18:24:55 ----D---- C:\WINDOWS
2011-01-27 18:17:20 ----D---- C:\Program Files\Ahead
2011-01-27 18:16:42 ----D---- C:\WINDOWS\system32
2011-01-27 18:09:15 ----D---- C:\WINDOWS\inf
2011-01-27 17:43:20 ----D---- C:\WINDOWS\WinSxS
2011-01-27 15:14:33 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-22 15:06:02 ----A---- C:\WINDOWS\NeroDigital.ini
2011-01-12 12:44:43 ----A---- C:\WINDOWS\system32\MRT.exe
2011-01-12 12:44:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-01-12 12:43:22 ----DC---- C:\WINDOWS\system32\dllcache
2011-01-12 05:42:50 ----D---- C:\WINDOWS\$hf_mig$
2011-01-07 09:17:10 ----D---- C:\Program Files\Microsoft Silverlight
2011-01-05 13:44:15 ----D---- C:\WINDOWS\system32\cs-cz
2011-01-05 13:44:13 ----D---- C:\WINDOWS\system32\CatRoot
2011-01-04 19:16:23 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 m5288;m5288; C:\WINDOWS\system32\DRIVERS\m5288.sys [2005-12-23 210304]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x); C:\WINDOWS\System32\drivers\sfsync03.sys [2005-12-06 35328]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2006-10-04 639224]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-03-29 2873856]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S3 afla2on0;afla2on0; C:\WINDOWS\system32\drivers\afla2on0.sys []
S3 Asushwio;Asushwio; \??\C:\WINDOWS\system32\drivers\Asushwio.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RTSTOR;USB Mass Stroage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-01-15 34816]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1039bus.sys [2009-11-19 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1039mdfl.sys [2009-11-19 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1039mdm.sys [2009-11-19 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1039mgmt.sys [2009-11-19 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1039nd5.sys [2009-11-19 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1039obex.sys [2009-11-19 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1039unic.sys [2009-11-19 123504]
S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 61536]
S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 9360]
S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 97088]
S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624]
S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18704]
S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 86432]
S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 90800]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-03-29 536576]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-19 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-06-14 189784]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-03-28 593920]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Ještě jednou prosím o kontrolu logu, mám jen malé podezření, že není něco úplně v pořádku.

Hezký večer

Copak se Vám nezdá?

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Pěkný večer přeju

Tady je ten log z MBAM. Asi v něm nic není, ale stejně se mi něco nezdá. Poslouchal jsem ve Windows media playeru jedno album, které mám uložené na C:čku a jakmile jsem vložil do USBéčka flashku s filmama, začal mi WMplayer sám synchronizovat asi všechny mp3 z PC. A včera se mi dost často sekaly programy, je sice pravda, že mám teď málo místa na HDD, cca 20 GB, ale i tak nevím nevím. Zítra začnu vypalovat a mazat soubory, tak uvidíme. Zatím děkuju za pomoc

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5631

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

28.1.2011 22:20:16
mbam-log-2011-01-28 (22-20-16).txt

Typ kontroly: Rychlý test
Testované objekty: 150993
Uplynulý čas: 8 minut, 33 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

15GB je ještě dost

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

Tady je log z Combofixu.

ComboFix 11-01-28.02 - pc 29.01.2011 10:00:38.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.479.189 [GMT 1:00]
Spuštěný z: c:\documents and settings\pc\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DaemonTools_WhenUSave_Installer
c:\windows\system32\NeroCheck.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-28 do 2011-01-29 )))))))))))))))))))))))))))))))
.

2011-01-28 21:08 . 2011-01-28 21:08 -------- d-----w- c:\documents and settings\pc\Data aplikací\Malwarebytes
2011-01-28 21:08 . 2011-01-28 21:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-01-28 21:08 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-28 21:08 . 2011-01-28 21:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-28 21:08 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-28 08:56 . 2011-01-28 08:56 -------- d-----w- c:\program files\MSXML 4.0
2011-01-27 18:44 . 2011-01-27 18:44 -------- d-----w- c:\documents and settings\pc\Data aplikací\Nero
2011-01-27 18:42 . 2011-01-27 18:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nero
2011-01-27 18:42 . 2011-01-27 18:42 -------- d-----w- c:\program files\Common Files\Nero
2011-01-27 18:41 . 2011-01-27 18:44 -------- d-----w- c:\program files\Nero
2011-01-27 18:34 . 2011-01-27 18:34 -------- d-----w- c:\program files\Ask.com
2011-01-27 17:46 . 2011-01-27 17:46 -------- d-----w- c:\program files\trend micro
2011-01-27 17:08 . 2011-01-27 17:08 53248 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\msihook.dll
2011-01-27 17:08 . 2011-01-27 17:08 126976 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe
2011-01-27 17:08 . 2011-01-27 17:08 114688 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\scpthdlr.dll
2011-01-27 14:59 . 2011-01-27 16:29 -------- d-----w- c:\program files\Zrychleni Pocitace

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:15 . 2006-07-21 15:35 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-18 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:25 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:25 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:25 . 2004-08-18 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:25 . 2004-08-18 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2004-08-18 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-18 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-21 11:17 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-12-08 774144]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"DAEMON Tools"="c:\program files\D-Tools\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [21.7.2006 17:45 210304]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 16:11 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.10.2006 11:07 639224]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [4.5.2010 12:07 503080]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.2.2010 13:04 135664]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [21.7.2006 17:44 5824]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [29.11.2010 18:23 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [29.11.2010 18:23 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [29.11.2010 18:23 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [29.11.2010 18:23 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [29.11.2010 18:23 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [29.11.2010 18:23 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [29.11.2010 18:23 123504]
.
Obsah adresáře 'Naplánované úlohy'

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 12:04]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 12:04]

2011-01-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-21 11:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {DF819D75-CAF5-4284-9B4A-7E0E6794CA99} = 212.111.0.10,193.179.148.42
FF - ProfilePath - c:\documents and settings\pc\Data aplikací\Mozilla\Firefox\Profiles\ibrobymz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: ÄŚeskĂ© slovnĂky pro kontrolu pravopisu: cs@dictionaries.addons.mozilla.org - %profile%\extensions\cs@dictionaries.addons.mozilla.org
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ShowIP: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} - %profile%\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - %profile%\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Free Download Manager - c:\program files\Freedownloadmanager\Free Download Manager\fdm.exe
HKCU-Run-PCSpeedUp - c:\program files\Zrychleni Pocitace\PCSpeedUp.exe
HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
HKLM-Run-NeroCheck - c:\windows\system32\NeroCheck.exe
HKLM-Run-RestartNeroSetup - d:\installation\SetupX.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-29 10:13
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-01-29 10:19:32
ComboFix-quarantined-files.txt 2011-01-29 09:19
ComboFix2.txt 2009-03-28 19:12

Před spuštěním: Volných bajtů: 18 698 510 336
Po spuštění: Volných bajtů: 19 841 482 752

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B5BCAFD94E3BDADAF99FAD653C3E9048

Používáte Nero?

Otestujte na www.virustotal.com
C:\Qoobox\Quarantine\c\windows\system32\NeroCheck.exe

Nero používám. Předevčírem jsem nechtěně Nero přeinstaloval, chvíli to nechtělo vzít žádnou verzi a pak jsem stáhnul Nero burnlite 10 a to už šlo.
Tohle mi to napsalo na tom www.virustotal.com

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
MD5: 263665a3832069a95550501b340a7299
Date first seen: 2010-12-07 07:07:56 (UTC)
Date last seen: 2010-12-07 07:07:56 (UTC)
Detection ratio: 0/42

What do you wish to do?

dejte reanalyse, potřebuji zjistit, proč Vám ho combofix smazal

Nevím, zda-li je to to co chcete.

File name:
NeroStartSmart.ex_2882597C6E684EBDA23F3CF2CA0CBC30.exe
Submission date:
2011-01-29 10:03:03 (UTC)
Current status:
queued (#93) queued analysing finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.01.27.01 2011.01.27 -
AntiVir 7.11.2.31 2011.01.28 -
Antiy-AVL 2.0.3.7 2011.01.28 -
Avast 4.8.1351.0 2011.01.28 -
Avast5 5.0.677.0 2011.01.28 -
AVG 10.0.0.1190 2011.01.29 -
BitDefender 7.2 2011.01.29 -
CAT-QuickHeal 11.00 2011.01.29 -
ClamAV 0.96.4.0 2011.01.29 -
Commtouch 5.2.11.5 2011.01.28 -
Comodo 7528 2011.01.29 -
DrWeb 5.0.2.03300 2011.01.29 -
Emsisoft 5.1.0.1 2011.01.29 -
eSafe 7.0.17.0 2011.01.27 -
eTrust-Vet 36.1.8126 2011.01.28 -
F-Prot 4.6.2.117 2011.01.28 -
F-Secure 9.0.16160.0 2011.01.29 -
Fortinet 4.2.254.0 2011.01.29 -
GData 21 2011.01.29 -
Ikarus T3.1.1.97.0 2011.01.29 -
Jiangmin 13.0.900 2011.01.29 -
K7AntiVirus 9.78.3680 2011.01.29 -
Kaspersky 7.0.0.125 2011.01.28 -
McAfee 5.400.0.1158 2011.01.29 -
McAfee-GW-Edition 2010.1C 2011.01.28 -
Microsoft 1.6502 2011.01.29 -
NOD32 5828 2011.01.28 -
Norman 6.06.12 2011.01.29 -
nProtect 2011-01-18.01 2011.01.18 -
Panda 10.0.3.5 2011.01.28 -
PCTools 7.0.3.5 2011.01.27 -
Prevx 3.0 2011.01.29 -
Rising 23.42.04.06 2011.01.28 -
Sophos 4.61.0 2011.01.29 -
SUPERAntiSpyware 4.40.0.1006 2011.01.29 -
Symantec 20101.3.0.103 2011.01.29 -
TheHacker 6.7.0.1.120 2011.01.26 -
TrendMicro 9.120.0.1004 2011.01.29 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.29 -
VBA32 3.12.14.3 2011.01.29 -
VIPRE 8235 2011.01.29 -
ViRobot 2011.1.29.4282 2011.01.29 -
VirusBuster 13.6.170.3 2011.01.28 -
Additional information
Show all
MD5 : 898bdbc1c7ce4235c1a3e2dd99f50fe8
SHA1 : 8e32f23619cf99e4453a3bdd3ad5df2a5064f1d2
SHA256: bfb7aa6822015f37135e5f7ba2cbe21b679087cdaa298c3551131e2119ba857b
ssdeep: 3072:qjc5pbPzX0lfUrZwIuZJwKsBAuKkTDEMFtwTMPppiRjX7Rxqz6lYOf+iS:LpbtrZwpZJ5L
TMPppwjX7RcDf
File size : 587048 bytes
First seen: 2010-12-04 12:30:58
Last seen : 2011-01-29 10:03:03
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Acresso Software Inc.
copyright....: Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.
product......: InstallShield
description..: InstallShield
original name: _IsIcoRes.exe
internal name: _IsIcoRes.exe
file version.: 15.0.498
comments.....: n/a
signers......: Nero AG
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 5:49 PM 11/25/2010
verified.....: -
PEiD: Armadillo v1.71
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1005
timedatestamp....: 0x482527EE (Sat May 10 04:43:26 2008)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x35AE, 0x4000, 5.95, 125d4361997b933c25cdfaa441c403f6
.rdata, 0x5000, 0x7A0, 0x1000, 3.17, 15e13969f0737bb4ec50592b029c02f2
.data, 0x6000, 0x29DC, 0x3000, 0.36, 9b57a8510b2e985a48115bbaee120bb5
.rsrc, 0x9000, 0x8459C, 0x85000, 5.75, ab55c190c4bfb8d21d3ab5472049575e

[[ 1 import(s) ]]
KERNEL32.dll: GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, GetCPInfo, GetACP, GetOEMCP, HeapAlloc, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 16384
CompanyName: Acresso Software Inc.
EntryPoint: 0x1005
FileDescription: InstallShield
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 573 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 15.0.498
FileVersionNumber: 15.0.0.498
ImageVersion: 0.0
InitializedDataSize: 561152
InternalBuildNumber: 77018
InternalName: _IsIcoRes.exe
LanguageCode: English (U.S.)
LegalCopyright: Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: _IsIcoRes.exe
PEType: PE32
ProductName: InstallShield
ProductVersion: 15.0
ProductVersionNumber: 15.0.0.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2008:05:10 06:43:26+02:00
UninitializedDataSize: 0

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team

Asi ne

. Složku qoobox hodte do raru a pošlete mi ji na www.leteckaposta.cz. Link mi vložte do sz, otestuji ho sama.

Jak to vypadá s počítačem?

Jen to tam nedalo složku Backenv a ani nejde otevřít. Zatím nemůžu říct jak to vypadá, uvidíme po pár dnech.
http://leteckaposta.cz/368732296

Ten soubor je v pořádku, já Vám ho pak vrátím, ted musím od počítače. Jak to vypadá s počítačem?

VIRY.CZ

prosím o kontrolu

prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu