VIRY.CZ

Zdravim.

Řeším u známé PC, kde se po spuštění zobrzuje tabulka s tím, že činnost systemu Windows byla obnovena po závažné chybě. (pravděpodobně virus...)

Logy:

RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Romca at 2009-08-02 15:18:39
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (6%) free of 26 GB
Total RAM: 1024 MB (64% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL [2009-07-10 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2009-07-10 434271]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-13 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-13 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-13 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2009-07-10 434271]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TWCU"=C:\Program Files\TP-LINK\TWCU\TWCU.exe [2006-03-29 364544]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-13 136600]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-01-13 111928]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"MyWebSearch Plugin"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF []
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe [2009-07-10 24688]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2009-07-10 32838]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"nodenable"=C:\Program Files\eset\nodenable.exe [2008-09-22 326829]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2009-07-10 32838]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-08-02 15:18:40 ----D---- C:\Program Files\trend micro
2009-08-02 15:18:39 ----D---- C:\rsit
2009-07-10 19:00:37 ----D---- C:\Program Files\FunWebProducts
2009-07-10 19:00:34 ----D---- C:\Program Files\MyWebSearch

======List of files/folders modified in the last 1 months======

2009-08-02 15:18:40 ----RD---- C:\Program Files
2009-08-02 15:18:36 ----A---- C:\WINDOWS\wincmd.ini
2009-08-02 15:18:24 ----D---- C:\WINDOWS\Prefetch
2009-08-02 15:16:54 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-02 15:10:47 ----D---- C:\WINDOWS\Temp
2009-08-02 15:08:59 ----D---- C:\WINDOWS\system32\config
2009-08-02 15:08:45 ----D---- C:\WINDOWS\system32\wbem
2009-08-02 15:08:44 ----D---- C:\WINDOWS\Registration
2009-08-02 15:08:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-02 15:08:06 ----D---- C:\WINDOWS\system32\Restore
2009-08-02 15:02:27 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-02 15:00:19 ----D---- C:\Program Files\Mozilla Firefox
2009-08-02 14:55:40 ----D---- C:\Documents and Settings
2009-08-02 14:51:43 ----D---- C:\WINDOWS
2009-08-02 14:48:41 ----D---- C:\WINDOWS\Minidump
2009-07-24 18:40:55 ----A---- C:\WINDOWS\DUMP5321.tmp
2009-07-24 18:39:13 ----A---- C:\WINDOWS\DUMP51ac.tmp
2009-07-24 18:38:23 ----A---- C:\WINDOWS\DUMP5515.tmp
2009-07-24 18:32:32 ----A---- C:\WINDOWS\DUMP5063.tmp
2009-07-24 18:28:46 ----A---- C:\WINDOWS\DUMP5073.tmp
2009-07-24 16:37:20 ----A---- C:\WINDOWS\DUMP5b5e.tmp
2009-07-17 21:39:10 ----A---- C:\WINDOWS\DUMP610b.tmp
2009-07-17 21:37:16 ----A---- C:\WINDOWS\DUMP5d92.tmp
2009-07-17 21:36:22 ----A---- C:\WINDOWS\DUMP6273.tmp
2009-07-17 21:00:35 ----A---- C:\WINDOWS\DUMP6282.tmp
2009-07-17 20:58:17 ----A---- C:\WINDOWS\DUMP6f25.tmp
2009-07-17 20:30:47 ----A---- C:\WINDOWS\DUMP608f.tmp
2009-07-17 20:23:06 ----A---- C:\WINDOWS\DUMP61b7.tmp
2009-07-17 20:22:11 ----A---- C:\WINDOWS\DUMP61d7.tmp
2009-07-17 20:20:12 ----A---- C:\WINDOWS\DUMP608e.tmp
2009-07-17 20:19:17 ----A---- C:\WINDOWS\DUMP5ef9.tmp
2009-07-17 20:17:12 ----A---- C:\WINDOWS\DUMP5f18.tmp
2009-07-17 20:16:17 ----A---- C:\WINDOWS\DUMP6179.tmp
2009-07-17 20:14:24 ----A---- C:\WINDOWS\DUMP60ed.tmp
2009-07-17 20:13:30 ----A---- C:\WINDOWS\DUMP5ff3.tmp
2009-07-17 20:12:34 ----A---- C:\WINDOWS\DUMP5fc3.tmp
2009-07-17 19:41:15 ----A---- C:\WINDOWS\DUMP5c6a.tmp
2009-07-17 19:39:54 ----A---- C:\WINDOWS\DUMP60bd.tmp
2009-07-17 19:38:57 ----A---- C:\WINDOWS\DUMP5c98.tmp
2009-07-17 19:37:36 ----A---- C:\WINDOWS\DUMP60ae.tmp
2009-07-17 19:35:19 ----A---- C:\WINDOWS\DUMP5db1.tmp
2009-07-17 19:32:36 ----A---- C:\WINDOWS\DUMP5d16.tmp
2009-07-17 19:31:15 ----A---- C:\WINDOWS\DUMP5d15.tmp
2009-07-17 19:29:52 ----A---- C:\WINDOWS\DUMP5da1.tmp
2009-07-17 19:28:58 ----A---- C:\WINDOWS\DUMP5f85.tmp
2009-07-17 19:20:48 ----A---- C:\WINDOWS\DUMP5c69.tmp
2009-07-17 19:19:27 ----A---- C:\WINDOWS\DUMP5ca6.tmp
2009-07-17 19:18:33 ----A---- C:\WINDOWS\DUMP5e0f.tmp
2009-07-17 19:16:42 ----A---- C:\WINDOWS\DUMP5e00.tmp
2009-07-17 19:14:04 ----A---- C:\WINDOWS\DUMP5ebd.tmp
2009-07-17 19:11:48 ----A---- C:\WINDOWS\DUMP5ce5.tmp
2009-07-17 19:10:54 ----A---- C:\WINDOWS\DUMP5dff.tmp
2009-07-17 19:10:00 ----A---- C:\WINDOWS\DUMP5d44.tmp
2009-07-17 19:09:06 ----A---- C:\WINDOWS\DUMP5d65.tmp
2009-07-17 19:06:22 ----A---- C:\WINDOWS\DUMP5d91.tmp
2009-07-17 19:05:28 ----A---- C:\WINDOWS\DUMP5e6b.tmp
2009-07-17 19:04:33 ----A---- C:\WINDOWS\DUMP5e3f.tmp
2009-07-17 18:35:32 ----A---- C:\WINDOWS\DUMP6011.tmp
2009-07-17 18:30:31 ----A---- C:\WINDOWS\DUMP5fd3.tmp
2009-07-17 18:28:38 ----A---- C:\WINDOWS\DUMP6040.tmp
2009-07-17 18:27:16 ----A---- C:\WINDOWS\DUMP5e2f.tmp
2009-07-17 18:26:22 ----A---- C:\WINDOWS\DUMP5ebc.tmp
2009-07-17 18:25:29 ----A---- C:\WINDOWS\DUMP5ff2.tmp
2009-07-17 18:21:37 ----A---- C:\WINDOWS\DUMP5d23.tmp
2009-07-17 18:20:16 ----A---- C:\WINDOWS\DUMP5c87.tmp
2009-07-17 18:18:55 ----A---- C:\WINDOWS\DUMP5bec.tmp
2009-07-17 18:16:41 ----A---- C:\WINDOWS\DUMP5d33.tmp
2009-07-17 18:15:21 ----A---- C:\WINDOWS\DUMP5c29.tmp
2009-07-17 18:10:55 ----A---- C:\WINDOWS\DUMP5e9a.tmp
2009-07-17 18:10:02 ----A---- C:\WINDOWS\DUMP5de0.tmp
2009-07-17 18:09:08 ----A---- C:\WINDOWS\DUMP5c49.tmp
2009-07-17 18:06:54 ----A---- C:\WINDOWS\DUMP5e2e.tmp
2009-07-17 18:06:00 ----A---- C:\WINDOWS\DUMP5eda.tmp
2009-07-17 18:03:41 ----A---- C:\WINDOWS\DUMP5dfe.tmp
2009-07-17 18:02:47 ----A---- C:\WINDOWS\DUMP5ddf.tmp
2009-07-17 18:01:53 ----A---- C:\WINDOWS\DUMP5ed9.tmp
2009-07-17 18:00:59 ----A---- C:\WINDOWS\DUMP5ead.tmp
2009-07-17 18:00:04 ----A---- C:\WINDOWS\DUMP5da0.tmp
2009-07-17 17:58:41 ----A---- C:\WINDOWS\DUMP5eac.tmp
2009-07-17 17:57:45 ----A---- C:\WINDOWS\DUMP5ee8.tmp
2009-07-17 17:56:49 ----A---- C:\WINDOWS\DUMP5d64.tmp
2009-07-17 17:55:28 ----A---- C:\WINDOWS\DUMP5e0e.tmp
2009-07-17 17:54:33 ----A---- C:\WINDOWS\DUMP5ebb.tmp
2009-07-17 17:52:38 ----A---- C:\WINDOWS\DUMP5d14.tmp
2009-07-17 17:51:17 ----A---- C:\WINDOWS\DUMP5d53.tmp
2009-07-17 17:49:56 ----A---- C:\WINDOWS\DUMP5d04.tmp
2009-07-17 17:48:35 ----A---- C:\WINDOWS\DUMP5cf4.tmp
2009-07-17 17:47:12 ----A---- C:\WINDOWS\DUMP5ef8.tmp
2009-07-17 17:44:54 ----A---- C:\WINDOWS\DUMP5eab.tmp
2009-07-17 17:43:59 ----A---- C:\WINDOWS\DUMP5e8b.tmp
2009-07-17 17:43:05 ----A---- C:\WINDOWS\DUMP5e2d.tmp
2009-07-17 17:42:11 ----A---- C:\WINDOWS\DUMP5eca.tmp
2009-07-17 17:41:16 ----A---- C:\WINDOWS\DUMP5eaa.tmp
2009-07-17 16:49:04 ----A---- C:\WINDOWS\DUMP639c.tmp
2009-07-17 16:27:27 ----A---- C:\WINDOWS\DUMP57a7.tmp
2009-07-17 16:26:06 ----A---- C:\WINDOWS\DUMP5798.tmp
2009-07-17 16:23:56 ----A---- C:\WINDOWS\DUMP5788.tmp
2009-07-17 16:22:37 ----A---- C:\WINDOWS\DUMP5797.tmp
2009-07-17 16:18:41 ----A---- C:\WINDOWS\DUMP56fd.tmp
2009-07-17 16:10:49 ----A---- C:\WINDOWS\DUMP572a.tmp
2009-07-17 16:09:31 ----A---- C:\WINDOWS\DUMP58ce.tmp
2009-07-17 16:08:38 ----A---- C:\WINDOWS\DUMP56fc.tmp
2009-07-17 16:06:01 ----A---- C:\WINDOWS\DUMP59f7.tmp
2009-07-17 16:05:08 ----A---- C:\WINDOWS\DUMP58b2.tmp
2009-07-17 16:03:23 ----A---- C:\WINDOWS\DUMP57e6.tmp
2009-07-17 15:58:07 ----A---- C:\WINDOWS\DUMP58ef.tmp
2009-07-17 15:57:15 ----A---- C:\WINDOWS\DUMP57a6.tmp
2009-07-17 15:55:56 ----A---- C:\WINDOWS\DUMP5d52.tmp
2009-07-17 15:50:19 ----A---- C:\WINDOWS\DUMP5815.tmp
2009-07-17 15:48:59 ----A---- C:\WINDOWS\DUMP57c6.tmp
2009-07-17 15:47:40 ----A---- C:\WINDOWS\DUMP5796.tmp
2009-07-17 15:46:22 ----A---- C:\WINDOWS\DUMP5832.tmp
2009-07-17 15:45:02 ----A---- C:\WINDOWS\DUMP56dc.tmp
2009-07-17 15:43:43 ----A---- C:\WINDOWS\DUMP57e5.tmp
2009-07-17 15:42:24 ----A---- C:\WINDOWS\DUMP57b9.tmp
2009-07-17 15:40:14 ----A---- C:\WINDOWS\DUMP5768.tmp
2009-07-17 15:38:56 ----A---- C:\WINDOWS\DUMP5841.tmp
2009-07-17 15:38:03 ----A---- C:\WINDOWS\DUMP590f.tmp
2009-07-17 15:35:53 ----A---- C:\WINDOWS\DUMP5866.tmp
2009-07-17 15:33:41 ----A---- C:\WINDOWS\DUMP596c.tmp
2009-07-17 15:32:49 ----A---- C:\WINDOWS\DUMP58be.tmp
2009-07-17 15:30:38 ----A---- C:\WINDOWS\DUMP59ca.tmp
2009-07-17 15:27:36 ----A---- C:\WINDOWS\DUMP588f.tmp
2009-07-17 15:26:43 ----A---- C:\WINDOWS\DUMP57f5.tmp
2009-07-17 15:25:23 ----A---- C:\WINDOWS\DUMP5851.tmp
2009-07-17 15:24:30 ----A---- C:\WINDOWS\DUMP59b9.tmp
2009-07-17 15:23:38 ----A---- C:\WINDOWS\DUMP595b.tmp
2009-07-17 15:22:45 ----A---- C:\WINDOWS\DUMP58b1.tmp
2009-07-17 15:18:23 ----A---- C:\WINDOWS\DUMP58b0.tmp
2009-07-17 15:17:31 ----A---- C:\WINDOWS\DUMP590e.tmp
2009-07-17 15:16:39 ----A---- C:\WINDOWS\DUMP590d.tmp
2009-07-17 15:15:46 ----A---- C:\WINDOWS\DUMP5f94.tmp
2009-07-17 15:14:49 ----A---- C:\WINDOWS\DUMP590c.tmp
2009-07-17 15:11:41 ----A---- C:\WINDOWS\DUMP5814.tmp
2009-07-17 15:10:49 ----A---- C:\WINDOWS\DUMP58ee.tmp
2009-07-17 15:09:57 ----A---- C:\WINDOWS\DUMP5eba.tmp
2009-07-17 15:08:59 ----A---- C:\WINDOWS\DUMP596b.tmp
2009-07-17 15:08:05 ----A---- C:\WINDOWS\DUMP5813.tmp
2009-07-17 15:07:12 ----A---- C:\WINDOWS\DUMP596a.tmp
2009-07-17 15:03:58 ----A---- C:\WINDOWS\DUMP5ec9.tmp
2009-07-17 12:40:21 ----A---- C:\WINDOWS\DUMP5803.tmp
2009-07-17 12:39:18 ----A---- C:\WINDOWS\DUMP58fd.tmp
2009-07-17 11:48:21 ----A---- C:\WINDOWS\DUMP571a.tmp
2009-07-17 11:47:30 ----A---- C:\WINDOWS\DUMP56db.tmp
2009-07-17 11:46:23 ----A---- C:\WINDOWS\DUMP5b7d.tmp
2009-07-17 11:45:31 ----A---- C:\WINDOWS\DUMP560f.tmp
2009-07-17 11:42:53 ----A---- C:\WINDOWS\DUMP5564.tmp
2009-07-17 11:40:15 ----A---- C:\WINDOWS\DUMP5600.tmp
2009-07-17 11:37:38 ----A---- C:\WINDOWS\DUMP56fb.tmp
2009-07-17 11:36:47 ----A---- C:\WINDOWS\DUMP55d1.tmp
2009-07-17 11:35:28 ----A---- C:\WINDOWS\DUMP5719.tmp
2009-07-17 11:34:35 ----A---- C:\WINDOWS\DUMP5739.tmp
2009-07-17 11:32:10 ----A---- C:\WINDOWS\DUMP56ca.tmp
2009-07-17 11:31:19 ----A---- C:\WINDOWS\DUMP5729.tmp
2009-07-17 11:28:41 ----A---- C:\WINDOWS\DUMP56fa.tmp
2009-07-17 11:27:49 ----A---- C:\WINDOWS\DUMP5718.tmp
2009-07-17 11:26:29 ----A---- C:\WINDOWS\DUMP565e.tmp
2009-07-17 11:25:36 ----A---- C:\WINDOWS\DUMP5757.tmp
2009-07-17 11:14:41 ----A---- C:\WINDOWS\DUMP5748.tmp
2009-07-17 11:13:49 ----A---- C:\WINDOWS\DUMP5865.tmp
2009-07-17 11:12:56 ----A---- C:\WINDOWS\DUMP56ea.tmp
2009-07-17 11:11:37 ----A---- C:\WINDOWS\DUMP57c5.tmp
2009-07-17 11:09:00 ----A---- C:\WINDOWS\DUMP5582.tmp
2009-07-17 11:07:41 ----A---- C:\WINDOWS\DUMP56f9.tmp
2009-07-17 11:06:22 ----A---- C:\WINDOWS\DUMP5767.tmp
2009-07-16 21:45:50 ----A---- C:\WINDOWS\DUMP5c97.tmp
2009-07-16 21:44:55 ----A---- C:\WINDOWS\DUMP5cb6.tmp
2009-07-16 21:41:03 ----A---- C:\WINDOWS\DUMP5a56.tmp
2009-07-16 21:38:35 ----A---- C:\WINDOWS\DUMP5c68.tmp
2009-07-16 21:37:41 ----A---- C:\WINDOWS\DUMP5af2.tmp
2009-07-15 13:13:08 ----A---- C:\WINDOWS\DUMP592c.tmp
2009-07-15 13:08:59 ----A---- C:\WINDOWS\DUMP5864.tmp
2009-07-15 13:07:10 ----A---- C:\WINDOWS\DUMP57e4.tmp
2009-07-14 19:33:02 ----A---- C:\WINDOWS\DUMP5091.tmp
2009-07-14 18:35:43 ----A---- C:\WINDOWS\DUMP51ab.tmp
2009-07-14 18:30:10 ----A---- C:\WINDOWS\DUMP51f8.tmp
2009-07-14 18:29:18 ----A---- C:\WINDOWS\DUMP52c3.tmp
2009-07-14 18:26:18 ----A---- C:\WINDOWS\DUMP5218.tmp
2009-07-14 18:25:27 ----A---- C:\WINDOWS\DUMP5311.tmp
2009-07-14 18:22:46 ----A---- C:\WINDOWS\DUMP5228.tmp
2009-07-14 18:21:55 ----A---- C:\WINDOWS\DUMP5023.tmp
2009-07-14 18:19:21 ----A---- C:\WINDOWS\DUMP5227.tmp
2009-07-14 18:18:31 ----A---- C:\WINDOWS\DUMP5217.tmp
2009-07-14 18:17:40 ----A---- C:\WINDOWS\DUMP5237.tmp
2009-07-14 18:15:33 ----A---- C:\WINDOWS\DUMP5042.tmp
2009-07-14 18:12:17 ----A---- C:\WINDOWS\DUMP5294.tmp
2009-07-14 18:09:10 ----A---- C:\WINDOWS\DUMP5246.tmp
2009-07-14 18:06:10 ----A---- C:\WINDOWS\DUMP52b4.tmp
2009-07-14 18:04:00 ----A---- C:\WINDOWS\DUMP52b3.tmp
2009-07-10 19:00:37 ----D---- C:\WINDOWS\system32
2009-07-06 19:35:35 ----A---- C:\WINDOWS\DUMP5236.tmp
2009-07-05 19:44:51 ----A---- C:\WINDOWS\DUMP5302.tmp
2009-07-05 19:43:59 ----A---- C:\WINDOWS\DUMP4f0a.tmp
2009-07-05 19:42:43 ----A---- C:\WINDOWS\DUMP5072.tmp
2009-07-05 19:41:25 ----A---- C:\WINDOWS\DUMP51aa.tmp
2009-07-05 19:39:18 ----A---- C:\WINDOWS\DUMP50a1.tmp
2009-07-05 19:38:00 ----A---- C:\WINDOWS\DUMP512e.tmp
2009-07-05 19:37:10 ----A---- C:\WINDOWS\DUMP5071.tmp
2009-07-05 19:35:50 ----A---- C:\WINDOWS\DUMP4f48.tmp
2009-07-05 19:34:34 ----A---- C:\WINDOWS\DUMP516c.tmp
2009-07-05 19:33:44 ----A---- C:\WINDOWS\DUMP50a0.tmp
2009-07-05 19:32:26 ----A---- C:\WINDOWS\DUMP4fe5.tmp
2009-07-05 19:30:19 ----A---- C:\WINDOWS\DUMP512d.tmp
2009-07-05 19:29:28 ----A---- C:\WINDOWS\DUMP517b.tmp
2009-07-05 19:27:20 ----A---- C:\WINDOWS\DUMP5062.tmp
2009-07-05 19:25:13 ----A---- C:\WINDOWS\DUMP4f39.tmp
2009-07-05 19:22:39 ----A---- C:\WINDOWS\DUMP4f68.tmp
2009-07-05 19:21:22 ----A---- C:\WINDOWS\DUMP5005.tmp
2009-07-05 19:20:06 ----A---- C:\WINDOWS\DUMP50cf.tmp
2009-07-05 19:17:59 ----A---- C:\WINDOWS\DUMP5052.tmp
2009-07-05 19:17:03 ----A---- C:\WINDOWS\DUMP516b.tmp
2009-07-05 19:14:55 ----A---- C:\WINDOWS\DUMP4efa.tmp
2009-07-05 19:11:05 ----A---- C:\WINDOWS\DUMP4f29.tmp
2009-07-05 19:08:29 ----A---- C:\WINDOWS\DUMP518c.tmp
2009-07-05 19:05:30 ----A---- C:\WINDOWS\DUMP50df.tmp
2009-07-05 19:03:23 ----A---- C:\WINDOWS\DUMP51e8.tmp
2009-07-05 19:00:21 ----A---- C:\WINDOWS\DUMP518b.tmp
2009-07-05 18:59:31 ----A---- C:\WINDOWS\DUMP5004.tmp
2009-07-05 18:56:09 ----A---- C:\WINDOWS\DUMP4e6e.tmp
2009-07-05 16:25:21 ----A---- C:\WINDOWS\DUMP5a36.tmp
2009-07-04 15:53:06 ----A---- C:\WINDOWS\DUMP5777.tmp
2009-07-04 13:22:43 ----A---- C:\WINDOWS\DUMP5534.tmp
2009-07-04 13:21:25 ----A---- C:\WINDOWS\DUMP55e0.tmp
2009-07-04 13:10:44 ----A---- C:\WINDOWS\DUMP56ab.tmp
2009-07-04 13:05:37 ----A---- C:\WINDOWS\DUMP55d0.tmp
2009-07-03 22:11:44 ----A---- C:\WINDOWS\DUMP5709.tmp
2009-07-03 21:57:32 ----A---- C:\WINDOWS\DUMP5728.tmp
2009-07-03 21:49:22 ----A---- C:\WINDOWS\DUMP569b.tmp
2009-07-03 21:48:30 ----A---- C:\WINDOWS\DUMP5812.tmp
2009-07-03 21:44:19 ----A---- C:\WINDOWS\DUMP59c9.tmp
2009-07-03 21:43:26 ----A---- C:\WINDOWS\DUMP59c8.tmp
2009-07-03 21:42:32 ----A---- C:\WINDOWS\DUMP594b.tmp
2009-07-03 21:41:38 ----A---- C:\WINDOWS\DUMP5a16.tmp
2009-07-03 21:40:44 ----A---- C:\WINDOWS\DUMP5ae2.tmp
2009-07-03 21:27:39 ----A---- C:\WINDOWS\DUMP5a35.tmp
2009-07-03 21:24:44 ----A---- C:\WINDOWS\DUMP5863.tmp
2009-07-03 21:23:50 ----A---- C:\WINDOWS\DUMP57d4.tmp
2009-07-03 21:21:57 ----A---- C:\WINDOWS\DUMP58a1.tmp
2009-07-03 21:18:46 ----A---- C:\WINDOWS\DUMP59b8.tmp
2009-07-03 20:06:05 ----A---- C:\WINDOWS\DUMP58ed.tmp
2009-07-03 20:04:13 ----A---- C:\WINDOWS\DUMP5880.tmp
2009-07-03 19:29:51 ----A---- C:\WINDOWS\DUMP54c7.tmp
2009-07-03 13:46:37 ----SHD---- C:\WINDOWS\Installer
2009-07-03 13:42:35 ----D---- C:\Program Files\rajce

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-01-12 21275]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-04 105984]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-04 13824]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
S3 AR5211;TP-LINK Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-12-21 470048]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-09-04 41984]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\Sacm2A.sys [2004-06-10 15429]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;TP-LINK Configuration Service; C:\WINDOWS\system32\acs.exe [2005-12-30 36864]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-07-14 468224]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-13 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2005-05-11 225280]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2009-07-10 28762]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------



A jeste z Combofixu:

ComboFix 09-08-01.06 - Romca 02.08.2009 15:22.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1024.664 [GMT 2:00]
Spuštěný z: c:\documents and settings\Romca\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\000537FF
c:\program files\MyWebSearch\bar\Cache\000A2AD8.bin
c:\program files\MyWebSearch\bar\Cache\000A2E91.bin
c:\program files\MyWebSearch\bar\Cache\0021AE31
c:\program files\MyWebSearch\bar\Cache\0021AF89.bin
c:\program files\MyWebSearch\bar\Cache\0021B0E0.bin
c:\program files\MyWebSearch\bar\Cache\0021B219.bin
c:\program files\MyWebSearch\bar\Cache\0021B4D8.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\system32\AutoRun.inf
c:\windows\system32\f3PSSavr.scr
D:\AUTORUN.INF

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Soubory vytvořené od 2009-07-02 do 2009-08-02 )))))))))))))))))))))))))))))))
.

2009-08-02 13:18 . 2009-08-02 13:18 -------- d-----w- c:\program files\trend micro
2009-08-02 13:18 . 2009-08-02 13:18 -------- d-----w- C:\rsit
2009-08-02 13:08 . 2009-08-02 13:08 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-02 12:55 . 2009-08-02 13:08 -------- d-s---w- c:\documents and settings\Administrator
2009-08-02 12:55 . 2009-08-02 13:08 -------- d-----w- c:\documents and settings\Administrator\Šablony
2009-08-02 12:55 . 2009-08-02 13:08 -------- d-----w- c:\documents and settings\Administrator\Data aplikací
2009-08-02 12:55 . 2009-04-13 13:36 -------- d-----w- c:\documents and settings\Administrator\Oblíbené položky

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 16:40 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5321.tmp
2009-07-24 16:39 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP51ac.tmp
2009-07-24 16:38 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5515.tmp
2009-07-24 16:32 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5063.tmp
2009-07-24 16:28 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5073.tmp
2009-07-24 14:37 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5b5e.tmp
2009-07-17 19:39 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP610b.tmp
2009-07-17 19:37 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5d92.tmp
2009-07-17 19:36 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP6273.tmp
2009-07-17 19:00 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP6282.tmp
2009-07-17 18:58 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP6f25.tmp
2009-07-17 18:30 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP608f.tmp
2009-07-17 18:23 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP61b7.tmp
2009-07-17 18:22 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP61d7.tmp
2009-07-17 18:20 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP608e.tmp
2009-07-17 18:19 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5ef9.tmp
2009-07-17 18:17 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5f18.tmp
2009-07-17 18:16 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP6179.tmp
2009-07-17 18:14 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP60ed.tmp
2009-07-17 18:13 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5ff3.tmp
2009-07-17 18:12 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5fc3.tmp
2009-07-17 17:41 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5c6a.tmp
2009-07-17 17:39 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP60bd.tmp
2009-07-17 17:38 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5c98.tmp
2009-07-17 17:37 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP60ae.tmp
2009-07-17 17:35 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5db1.tmp
2009-07-17 17:32 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5d16.tmp
2009-07-17 17:31 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5d15.tmp
2009-07-17 17:29 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5da1.tmp
2009-07-17 17:28 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5f85.tmp
2009-07-17 17:20 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5c69.tmp
2009-07-17 17:19 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5ca6.tmp
2009-07-17 17:18 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5e0f.tmp
2009-07-17 17:16 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5e00.tmp
2009-07-17 17:14 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5ebd.tmp
2009-07-17 17:11 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5ce5.tmp
2009-07-17 17:10 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5dff.tmp
2009-07-17 17:10 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5d44.tmp
2009-07-17 17:09 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5d65.tmp
2009-07-17 17:06 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5d91.tmp
2009-07-17 17:05 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5e6b.tmp
2009-07-17 17:04 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5e3f.tmp
2009-07-17 16:35 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP6011.tmp
2009-07-17 16:30 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5fd3.tmp
2009-07-17 16:28 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP6040.tmp
2009-07-17 16:27 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5e2f.tmp
2009-07-17 16:26 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5ebc.tmp
2009-07-17 16:25 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5ff2.tmp
2009-07-17 16:21 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5d23.tmp
2009-07-17 16:20 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5c87.tmp
2009-07-17 16:18 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5bec.tmp
2009-07-17 16:16 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5d33.tmp
2009-07-17 16:15 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5c29.tmp
2009-07-17 16:10 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5e9a.tmp
2009-07-17 16:10 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5de0.tmp
2009-07-17 16:09 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5c49.tmp
2009-07-17 16:06 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5e2e.tmp
2009-07-17 16:06 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5eda.tmp
2009-07-17 16:03 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5dfe.tmp
2009-07-17 16:02 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5ddf.tmp
2009-07-17 16:01 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5ed9.tmp
2009-07-17 16:00 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5ead.tmp
2009-07-17 16:00 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5da0.tmp
2009-07-17 15:58 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5eac.tmp
2009-07-17 15:57 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5ee8.tmp
2009-07-17 15:56 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5d64.tmp
2009-07-17 15:55 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5e0e.tmp
2009-07-17 15:54 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5ebb.tmp
2009-07-17 15:52 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5d14.tmp
2009-07-17 15:51 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5d53.tmp
2009-07-17 15:49 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5d04.tmp
2009-07-17 15:48 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5cf4.tmp
2009-07-17 15:47 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5ef8.tmp
2009-07-17 15:44 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5eab.tmp
2009-07-17 15:43 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5e8b.tmp
2009-07-17 15:43 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5e2d.tmp
2009-07-17 15:42 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5eca.tmp
2009-07-17 15:41 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5eaa.tmp
2009-07-17 14:49 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP639c.tmp
2009-07-17 14:27 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP57a7.tmp
2009-07-17 14:26 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5798.tmp
2009-07-17 14:23 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5788.tmp
2009-07-17 14:22 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5797.tmp
2009-07-17 14:18 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP56fd.tmp
2009-07-17 14:10 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP572a.tmp
2009-07-17 14:09 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP58ce.tmp
2009-07-17 14:08 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP56fc.tmp
2009-07-17 14:06 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP59f7.tmp
2009-07-17 14:05 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP58b2.tmp
2009-07-17 14:03 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP57e6.tmp
2009-07-17 13:58 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP58ef.tmp
2009-07-17 13:57 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP57a6.tmp
2009-07-17 13:55 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5d52.tmp
2009-07-17 13:50 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5815.tmp
2009-07-17 13:48 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP57c6.tmp
2009-07-17 13:47 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5796.tmp
2009-07-17 13:46 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP5832.tmp
2009-07-17 13:45 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP56dc.tmp
2009-07-17 13:43 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP57e5.tmp
2009-07-17 13:42 . 2009-04-27 17:52 90112 ----a-w- c:\windows\DUMP57b9.tmp
2009-07-23 18:09 . 2009-01-12 22:20 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"nodenable"="c:\program files\eset\nodenable.exe" [2008-09-22 326829]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 364544]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-12 136600]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-13 111928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-13 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [12.12.2003 17:49 77312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.7.2008 10:53 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.1.2009 0:29 222456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZQfox000&ptb=WJnOgKZAuzwUoBKSsdSD1w
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZQfox000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {99966FFA-5229-4D47-A9E3-87B5C985DEBB} = 212.96.161.6
FF - ProfilePath - c:\documents and settings\Romca\Data aplikací\Mozilla\Firefox\Profiles\prtyaqc3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp? ... searchfor=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 15:28
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="725C8AF9D6C3180DD2DA270F460BA47F162E1640FBBD73232D602A55E06B0DC1FEEAED3F6BC3A18DCC834D17B0EC946170EC1726C45CE5115EE2C37FED48E7D1040E172B21A3C2256A87095FD4AE45E4B57704D12196FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D1407FEBC9E127BECC74C1F6D70F8D2BC6394EEC99508282E42D441209341337B664257D7418F691395690FCC98BA3E3B998BB759377D60DB68BCB8639F28C2DA11920281D55D7B847DE2532CC55471850413CF817E2ED67845F5E415B7E076FD5CB77A57AAAB4FE764E27902BB9B82F2C3E5229F75A390934DBB2F9BC845614C3511C66630C3A51DCA87C5A411EB81FB8D064F75F46A89DC0E1132C215B20CCF1B3FA0242E7533A84436ADD1AFA66E3DAB35A8A8AE142DAAA23940B62E0BEF369F2AF366BC939EB0F8935BA9D7AEBC76F9FC38412633DFF83F3FDD0B00B4FBD4EBF9E4694AF30582268D2DB01BEA570F6AA9372D32E276622970C235C61893213B9EC64B98F0760E1C5037CE60481C0E82CA173E7FBEBA2CBBDBDB1291A20F365B4AA4113DEAF5E63ED1BE4FE135D821DB35F9AA8E66EB396458C8DCC6C6B8D1AF71BAA1A2C1FBC305C7BFE4B0A6D4982300380AB17FB995A4FDDFBA9E7ACD59B1CFFBC7855F7582FDACE6232D92C8E919885DDB10B2CDEE142BA7AF26B683D26A620DB3F72BC122474217830FF562AD156E280028ACBE16DC7FDD283DF900E87A6C4779601734C61708E6DF61D040A0FD950D3B471E1D023D6172719A44DEE994F2388E789316B7B44822F903A57AA3522732B8933BE8CB077A0BBEC41DADC87F41224FCD17A1E17B8B467626FC983C238D750582BC1A31A03600241A8DF01D96E3F9FA419E0AD35E24065E51619714157A6512E0DF191505C6DB1FCAA220A1CA2FE8368AA5EFC25FA2471CDF63E8756361C3344DE4C4FC41A0610DDAED24B51D384D063132EC85975E250280167053D87A0AA53E10ED12787E04AF2507DDDAA658B85894470D1933F36FC23612094258C16383F8ABDC23DF5BECAD5484A0B991AF6FF965F2CF1CF1C1A5F8D7F2FD7AD6F7AF4F1A02C9A2C3F97791E987B01B9D1EEC212BC1AAD4A96A011E0FD6915ADC21806E91E5E225805E35CA3BAD4C709D4B5D63BD4604284156EA95DCE1786189059F2AA32A4B6489536BA9F0A021CAF9A022BCCB983824352F82A2913E5A348B30883166A8184064E41165868751E1ACCCD18B57D218F616E4996D5593D71D2AF16992483D53382CE35399CE90750FC54234153613E67607AAB602A2157D883EDF26C406C9FB740F6692C2EC6D97D3E736497F917C5C98C2779551C774D30735D05622B532033DCDC463C55AD4B751CA244056"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3504)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\WinRAR\rarext.dll
c:\program files\WinRAR\rarlng.dll
c:\program files\ESET\ESET Smart Security\shellExt.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\oodag.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Celkový čas: 2009-08-02 15:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-02 13:31

Před spuštěním: 1 495 502 848
Po spuštění: 4 631 048 192

352 --- E O F --- 2009-01-17 18:19

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\DUMP5321.tmp
c:\windows\DUMP51ac.tmp
c:\windows\DUMP5515.tmp
c:\windows\DUMP5063.tmp
c:\windows\DUMP5073.tmp
c:\windows\DUMP5b5e.tmp
c:\windows\DUMP610b.tmp
c:\windows\DUMP5d92.tmp
c:\windows\DUMP6273.tmp
c:\windows\DUMP6282.tmp
c:\windows\DUMP6f25.tmp
c:\windows\DUMP608f.tmp
c:\windows\DUMP61b7.tmp
c:\windows\DUMP61d7.tmp
c:\windows\DUMP608e.tmp
c:\windows\DUMP5ef9.tmp
c:\windows\DUMP5f18.tmp
c:\windows\DUMP6179.tmp
c:\windows\DUMP60ed.tmp
c:\windows\DUMP5ff3.tmp
c:\windows\DUMP5fc3.tmp
c:\windows\DUMP5c6a.tmp
c:\windows\DUMP60bd.tmp
c:\windows\DUMP5c98.tmp
c:\windows\DUMP60ae.tmp
c:\windows\DUMP5db1.tmp
c:\windows\DUMP5d16.tmp
c:\windows\DUMP5d15.tmp
c:\windows\DUMP5da1.tmp
c:\windows\DUMP5f85.tmp
c:\windows\DUMP5c69.tmp
c:\windows\DUMP5ca6.tmp
c:\windows\DUMP5e0f.tmp
c:\windows\DUMP5e00.tmp
c:\windows\DUMP5ebd.tmp
c:\windows\DUMP5ce5.tmp
c:\windows\DUMP5dff.tmp
c:\windows\DUMP5d44.tmp
c:\windows\DUMP5d65.tmp
c:\windows\DUMP5d91.tmp
c:\windows\DUMP5e6b.tmp
c:\windows\DUMP5e3f.tmp
c:\windows\DUMP6011.tmp
c:\windows\DUMP5fd3.tmp
c:\windows\DUMP6040.tmp
c:\windows\DUMP5e2f.tmp
c:\windows\DUMP5ebc.tmp
c:\windows\DUMP5ff2.tmp
c:\windows\DUMP5d23.tmp
c:\windows\DUMP5c87.tmp
c:\windows\DUMP5bec.tmp
c:\windows\DUMP5d33.tmp
c:\windows\DUMP5c29.tmp
c:\windows\DUMP5e9a.tmp
c:\windows\DUMP5de0.tmp
c:\windows\DUMP5c49.tmp
c:\windows\DUMP5e2e.tmp
c:\windows\DUMP5eda.tmp
c:\windows\DUMP5dfe.tmp
c:\windows\DUMP5ddf.tmp
c:\windows\DUMP5ed9.tmp
c:\windows\DUMP5ead.tmp
c:\windows\DUMP5da0.tmp
c:\windows\DUMP5eac.tmp
c:\windows\DUMP5ee8.tmp
c:\windows\DUMP5d64.tmp
c:\windows\DUMP5e0e.tmp
c:\windows\DUMP5ebb.tmp
c:\windows\DUMP5d14.tmp
c:\windows\DUMP5d53.tmp
c:\windows\DUMP5d04.tmp
c:\windows\DUMP5cf4.tmp
c:\windows\DUMP5ef8.tmp
c:\windows\DUMP5eab.tmp
c:\windows\DUMP5e8b.tmp
c:\windows\DUMP5e2d.tmp
c:\windows\DUMP5eca.tmp
c:\windows\DUMP5eaa.tmp
c:\windows\DUMP639c.tmp
c:\windows\DUMP57a7.tmp
c:\windows\DUMP5798.tmp
c:\windows\DUMP5788.tmp
c:\windows\DUMP5797.tmp
c:\windows\DUMP56fd.tmp
c:\windows\DUMP572a.tmp
c:\windows\DUMP58ce.tmp
c:\windows\DUMP56fc.tmp
c:\windows\DUMP59f7.tmp
c:\windows\DUMP58b2.tmp
c:\windows\DUMP57e6.tmp
c:\windows\DUMP58ef.tmp
c:\windows\DUMP57a6.tmp
c:\windows\DUMP5d52.tmp
c:\windows\DUMP5815.tmp
c:\windows\DUMP57c6.tmp
c:\windows\DUMP5796.tmp
c:\windows\DUMP5832.tmp
c:\windows\DUMP56dc.tmp
c:\windows\DUMP57e5.tmp
c:\windows\DUMP57b9.tmp

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Děkuji,

možno zavřít.

Nemáte zač!