VIRY.CZ

Logfile of random's system information tool 1.06 (written by random/random)
Run by Fantas at 2010-01-18 18:58:17
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (20%) free of 30 GB
Total RAM: 2046 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:45, on 18.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\ASTSRV.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Microsoft Office\Office10\MSACCESS.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\totalcmd\TOTALCMD.EXE
I:\ Programy\Miranda IM\miranda32.exe
C:\Program Files\Web Page Maker\WebPageMaker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\!Install\System\antiviry\RSIT.exe
C:\Program Files\trend micro\Fantas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://archiv.nova.cz/search?type_id=37 ... order=date
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: forteManager.lnk = C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {77FDC0EF-CAE0-4212-B6CA-3A121A3D7006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\System32\ASTSRV.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 21684 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-05-10 722472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-01-02 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-01-02 520192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-05-18 949376]
"CTStartup"=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE [2001-12-20 28672]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2007-09-13 292152]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-20 8429568]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-20 81920]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-08-18 1447168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"AdobeBridge"= []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
forteManager.lnk - C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"K:\ Programy\Miranda IM\miranda32.exe"="K:\ Programy\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"D:\hry\Battlefield 1942\BF1942.exe"="D:\hry\Battlefield 1942\BF1942.exe:*:Enabled:BF1942"
"K:\ Programy\Total_Commander_7.0b3\TOTALCMD.EXE"="K:\ Programy\Total_Commander_7.0b3\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:Program pro přenos souborů"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\ComputerMirandaPack\Computer Miranda Pack\Miranda IM\miranda32.exe"="C:\ComputerMirandaPack\Computer Miranda Pack\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\DebugMode\FrameServer\DFsNetServer.exe"="C:\Program Files\DebugMode\FrameServer\DFsNetServer.exe:*:Disabled:DFsNetServer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Miranda\Packy\Miranda_IM_Pack_v2.5\Miranda IM\miranda32.exe"="D:\Miranda\Packy\Miranda_IM_Pack_v2.5\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"D:\Miranda\Packy\Miranda IM\miranda32.exe"="D:\Miranda\Packy\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"D:\Miranda\!Miranda IM\miranda32.exe"="D:\Miranda\!Miranda IM\miranda32.exe:*:Disabled:Miranda IM"
"C:\!Miranda IM\!Miranda IM\miranda32.exe"="C:\!Miranda IM\!Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\!Miranda IM\Miranda IM\miranda32.exe"="C:\!Miranda IM\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Gigabyte\ET5\update.exe"="C:\Program Files\Gigabyte\ET5\update.exe:*:Enabled:ftptest"
"C:\Miranda IM\miranda32.exe"="C:\Miranda IM\miranda32.exe:*:Disabled:Miranda IM"
"C:\Program Files\dbQwikSite 5\dbQwikWebServer.exe"="C:\Program Files\dbQwikSite 5\dbQwikWebServer.exe:*:Disabled:Baby Web Server"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\SOTI\Pocket Controller-Pro\PocketController.exe"="C:\Program Files\SOTI\Pocket Controller-Pro\PocketController.exe:*:Enabled:Pocket Controller Professional"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"I:\ Programy\Miranda IM\miranda32.exe"="I:\ Programy\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"J:\ Programy\Miranda IM\miranda32.exe"="J:\ Programy\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Fantas\Plocha\My Mobile\MyMobiler\MyMobiler.exe"="C:\Documents and Settings\Fantas\Plocha\My Mobile\MyMobiler\MyMobiler.exe:*:Enabled:My Mobile - My Mobiler"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3015d54b-e7c8-11de-a4cd-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3798e7a1-512a-11de-b5a2-001a4d4043d0}]
shell\AutoRun\command - K:\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75005b0c-11ff-11dc-ab72-001a4d4043d0}]
shell\AutoRun\command - I:\tmf3w3g0.com
shell\explore\command - I:\tmf3w3g0.com
shell\open\command - I:\tmf3w3g0.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1306cce-da64-11dc-b202-001a4d4043d0}]
shell\Setup\command - I:\setup.exe


======List of files/folders created in the last 1 months======

2015-05-18 18:50:18 ----D---- C:\Program Files\Common Files\Ahead
2015-05-18 18:50:17 ----D---- C:\Program Files\Ahead
2010-01-18 18:58:17 ----D---- C:\rsit
2010-01-18 18:58:17 ----D---- C:\Program Files\trend micro
2010-01-15 19:25:34 ----A---- C:\WINDOWS\MONITOR.INI
2010-01-15 19:15:42 ----A---- C:\WINDOWS\system32\SerialMP.exe
2010-01-15 19:15:42 ----A---- C:\WINDOWS\system32\PConfig.ini
2010-01-15 19:15:42 ----A---- C:\WINDOWS\system32\ParallelMP.exe
2010-01-15 19:15:42 ----A---- C:\WINDOWS\system32\Config.ini
2010-01-15 19:15:41 ----A---- C:\WINDOWS\system32\MosUsbPrintConfig.exe
2010-01-15 19:15:25 ----D---- C:\MosUPPSP
2010-01-14 19:43:02 ----A---- C:\WINDOWS\{00000005-00000000-00000000-00001102-00000002-80651102}.BAK
2010-01-13 23:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 23:17:40 ----A---- C:\WINDOWS\imsins.BAK
2010-01-13 23:17:36 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-10 13:30:30 ----D---- C:\Program Files\iPod
2010-01-10 13:30:29 ----D---- C:\Program Files\iTunes
2010-01-10 13:30:19 ----D---- C:\Config.Msi
2010-01-10 10:15:38 ----RASH---- C:\NTDETECT.COM
2010-01-10 10:15:38 ----RASH---- C:\boot.ini
2010-01-10 10:15:38 ----A---- C:\Obnovený dokument.txt
2010-01-10 10:15:38 ----A---- C:\Boot.bak
2010-01-10 10:15:35 ----A---- C:\adorage-protocol.txt
2010-01-10 10:15:23 ----A---- C:\bf2_patch_14_full.exe
2010-01-10 10:03:23 ----SHD---- C:\$RECYCLE.BIN
2009-12-27 18:58:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-25 21:58:37 ----D---- C:\Program Files\FMA 2
2009-12-25 21:58:37 ----D---- C:\Documents and Settings\Fantas\Data aplikací\FMA
2009-12-25 21:53:09 ----D---- C:\Program Files\Usb to Serial Driver 1.12.28

======List of files/folders modified in the last 1 months======

2010-01-18 18:58:28 ----D---- C:\WINDOWS\temp
2010-01-18 18:58:17 ----D---- C:\Program Files
2010-01-18 18:58:09 ----D---- C:\WINDOWS\Prefetch
2010-01-18 18:54:15 ----D---- C:\Program Files\Mozilla Firefox
2010-01-18 18:10:56 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-18 18:06:04 ----D---- C:\Documents and Settings\Fantas\Data aplikací\vlc
2010-01-18 17:55:53 ----D---- C:\Program Files\Mozilla Thunderbird
2010-01-17 21:13:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-17 20:50:51 ----D---- C:\Documents and Settings\Fantas\Data aplikací\Skype
2010-01-17 20:08:36 ----D---- C:\Documents and Settings\Fantas\Data aplikací\dvdcss
2010-01-17 15:20:54 ----AD---- C:\WINDOWS
2010-01-17 11:37:01 ----A---- C:\WINDOWS\winamp.ini
2010-01-17 10:37:06 ----D---- C:\WINDOWS\system32\drivers
2010-01-17 10:36:03 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-16 12:12:18 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-15 19:17:10 ----HD---- C:\WINDOWS\inf
2010-01-15 19:15:42 ----D---- C:\WINDOWS\system32
2010-01-14 19:41:18 ----SHD---- C:\WINDOWS\Installer
2010-01-13 23:20:25 ----D---- C:\WINDOWS\AppPatch
2010-01-13 23:17:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-13 23:17:44 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-13 23:15:07 ----D---- C:\WINDOWS\Debug
2010-01-13 22:51:10 ----D---- C:\Program Files\WPMP150
2010-01-13 22:36:14 ----D---- C:\WINDOWS\Minidump
2010-01-13 22:34:59 ----D---- C:\Program Files\CCleaner
2010-01-13 22:18:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-13 21:29:03 ----A---- C:\WINDOWS\WTRAN32.INI
2010-01-11 23:07:01 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-10 13:53:38 ----A---- C:\WINDOWS\iun6002.exe
2010-01-10 13:31:39 ----D---- C:\WINDOWS\system32\config
2010-01-10 13:31:08 ----D---- C:\WINDOWS\system32\wbem
2010-01-10 13:31:07 ----D---- C:\WINDOWS\Registration
2010-01-10 13:30:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-10 12:03:31 ----D---- C:\Program Files\VeryPDF PDF2Word v3.0
2010-01-10 02:34:13 ----D---- C:\Program Files\EA GAMES
2010-01-10 01:59:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-01-10 01:59:08 ----D---- C:\Program Files\Common Files\Apple
2010-01-10 01:57:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2010-01-10 01:50:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-10 01:42:58 ----RSD---- C:\WINDOWS\assembly
2010-01-10 01:42:58 ----D---- C:\WINDOWS\system32\DirectX
2010-01-10 01:21:17 ----D---- C:\Program Files\Valve
2010-01-09 20:46:40 ----D---- C:\totalcmd
2010-01-09 20:34:49 ----D---- C:\Program Files\GameSpy Arcade
2010-01-06 19:52:18 ----A---- C:\WINDOWS\GeneralEffect.INI
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-26 22:57:07 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-26 22:21:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-25 21:59:05 ----D---- C:\WINDOWS\Help
2009-12-22 17:50:04 ----D---- C:\Documents and Settings\Fantas\Data aplikací\Canon
2009-12-22 17:37:49 ----A---- C:\WINDOWS\CSTBox.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrblock;cdrblock; C:\WINDOWS\system32\DRIVERS\cdrblock.sys [2005-06-14 10368]
R1 cdrport;cdrport; C:\WINDOWS\system32\DRIVERS\cdrport.sys [2005-03-11 4608]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-08-18 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2007-05-18 15424]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2008-02-06 225344]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-08-18 39944]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 Cap7134;Philips WDM Video Capture; C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-05-06 342048]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2004-02-23 645360]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2004-10-18 366352]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-10-08 6096]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-10-08 130288]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-10-13 145488]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2004-02-24 904784]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LGDDCDevice;LGDDCDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys []
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-07-22 26112]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-07-22 68864]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-20 6739168]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-10-08 178672]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-09-20 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-01-19 10368]
R3 PhTVTune;Philips WDM TV Tuner; C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-07-05 14624]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SPLITCAM;Splitcam, WDM Camera Stream Splitter; C:\WINDOWS\system32\DRIVERS\splitcam.sys [2008-01-06 13824]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-22 250496]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2007-05-18 512096]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 anzvtvvb;anzvtvvb; C:\WINDOWS\system32\drivers\anzvtvvb.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 AVCSTRM;AVC Streaming Filter Driver; C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2008-04-13 13696]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2007-08-28 20608]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2003-10-14 332800]
S3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 DBGMSG;DBGMSG; dbgmsg.sys []
S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
S3 FlyPCI;FlyPCI; \??\C:\WINDOWS\system32\drivers\FlyPCI.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-10-21 148432]
S3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2005-07-22 55040]
S3 LGII2CDevice;LGII2CDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:\WINDOWS\system32\DRIVERS\mstape.sys [2008-04-13 49024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-10-10 9216]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-10-10 12800]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-10-10 138240]
S3 Ouiidhos;Ouiidhos; C:\WINDOWS\system32\drivers\Ouiidhos.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SER120;OTI Serial port driver; C:\WINDOWS\system32\DRIVERS\SER120.sys [2006-02-08 32910]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211BU(TP-LINK);TL-WN422G Wireless USB Adapter Driver(TP-LINK); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2007-06-25 500736]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2007-08-28 17664]
S3 ZMUSBFLT;ZOOM USAT1 Filter Driver; C:\WINDOWS\system32\DRIVERS\ZMUSBFLT.SYS [2001-08-23 12297]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 astcc;AST Service; C:\Windows\System32\ASTSRV.exe [2008-01-07 57344]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]
R2 GhostStartService;GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [2002-08-14 200704]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-06-14 81920]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-05-18 552064]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-20 163908]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-02-07 173616]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-16 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-08-18 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-02 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-06 152984]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]

-----------------EOF-----------------

Dejte log z Combofix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

z Vaseho linku mi bohuzel stahnout ComboFix nejde bezchybne. Napise mi to pri spusteni, ze je soubor poskozeny. Zkousel jsem to tahat jak pres FF, tak pres IE.

Zkuste odtud: http://www.combofix.org/download.php .

je to zvlastni, nejde asi tak 5 downlouadlinku co jsem zkousel. Vypada, ze budu mit opravdu problem ja
Neslo by obejit combofix?

Před chvíli jsem se dověděl, že problém má verze CF nahraná na servery. Dejte log z MBAM: http://www.malwarebytes.org/mbam.php . Předem nic nemažte.

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3595
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18.1.2010 23:24:18
mbam-log-2010-01-18 (23-24-18).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 114239
Uplynulý čas: 4 minute(s), 57 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

CF by již měl být OK. Dejte log.

k cemu dalsi log, kdyz jsem jeste nic nevylecil?

Myslel jsem log ComboFix. Už by měl jít stáhnout. MBAM nic nenašel.

ComboFix 10-01-18.03 - Fantas 19.01.2010 19:36:37.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1571 [GMT 1:00]
Spuštěný z: d:\!install\System\VIRY\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2899413882-2245478662-2436477489-1001
C:\Thumbs.db
c:\windows\system32\Config.ini
c:\windows\system32\Data
c:\windows\system32\Data\CT0060W.DAT
c:\windows\system32\Data\CTP0060W.DAT
c:\windows\system32\Data\CTP0061W.DAT
c:\windows\system32\Data\CTP0070W.DAT
c:\windows\system32\Data\CTP0073W.DAT
c:\windows\system32\Data\CTP0090W.DAT
c:\windows\system32\Data\CTP0091W.DAT
c:\windows\system32\Data\CTP0092W.DAT
c:\windows\system32\Data\CTP0095W.DAT
c:\windows\system32\Data\CTP0100W.DAT
c:\windows\system32\Data\CTP0101W.DAT
c:\windows\system32\Data\CTP0102W.DAT
c:\windows\system32\Data\CTP0103W.DAT
c:\windows\system32\Data\CTP0105W.DAT
c:\windows\system32\Data\CTP0150W.DAT
c:\windows\system32\Data\CTP0161W.DAT
c:\windows\system32\Data\CTP0162W.DAT
c:\windows\system32\Data\CTP0170W.DAT
c:\windows\system32\Data\CTP017AW.DAT
c:\windows\system32\Data\CTP017BW.DAT
c:\windows\system32\Data\CTP017CW.DAT
c:\windows\system32\Data\CTP017DW.DAT
c:\windows\system32\Data\CTP017EW.DAT
c:\windows\system32\Data\CTP017FW.DAT
c:\windows\system32\Data\CTP017GW.DAT
c:\windows\system32\Data\CTP017HW.DAT
c:\windows\system32\Data\CTP0191W.DAT
c:\windows\system32\Data\CTP0192W.DAT
c:\windows\system32\Data\CTP0221W.DAT
c:\windows\system32\Data\CTP0222W.DAT
c:\windows\system32\Data\CTP0230W.DAT
c:\windows\system32\Data\CTP0231W.DAT
c:\windows\system32\Data\CTP0232W.DAT
c:\windows\system32\Data\CTP0238W.DAT
c:\windows\system32\Data\CTP0240W.DAT
c:\windows\system32\Data\CTP0242W.DAT
c:\windows\system32\Data\CTP0243W.DAT
c:\windows\system32\Data\CTP0244W.DAT
c:\windows\system32\Data\CTP0245W.DAT
c:\windows\system32\Data\CTP0249W.DAT
c:\windows\system32\Data\CTP0280W.DAT
c:\windows\system32\Data\CTP0320W.DAT
c:\windows\system32\Data\CTP0350W.DAT
c:\windows\system32\Data\CTP0352W.DAT
c:\windows\system32\Data\CTP0360W.DAT
c:\windows\system32\Data\CTP1140W.DAT
c:\windows\system32\Data\CTP4620W.DAT
c:\windows\system32\Data\CTP4670W.DAT
c:\windows\system32\Data\CTP4760W.DAT
c:\windows\system32\Data\CTP4780W.DAT
c:\windows\system32\Data\CTP4790W.DAT
c:\windows\system32\Data\CTP4820W.DAT
c:\windows\system32\Data\CTP4830W.DAT
c:\windows\system32\Data\CTP4831W.DAT
c:\windows\system32\Data\CTP4832W.DAT
c:\windows\system32\Data\CTP4840W.DAT
c:\windows\system32\Data\CTP4850W.DAT
c:\windows\system32\Data\CTP4870W.DAT
c:\windows\system32\Data\CTP4871W.DAT
c:\windows\system32\Data\CTP4872W.DAT
c:\windows\system32\Data\CTP4875W.DAT
c:\windows\system32\Data\CTP4890W.DAT
c:\windows\system32\Data\CTP4891W.DAT
c:\windows\system32\Data\CTP4893W.DAT
c:\windows\system32\Data\CTPDXW.DAT
c:\windows\system32\Data\CTPM002W.DAT
c:\windows\system32\Data\CTSBAS2W.DAT
c:\windows\system32\Data\CTSBASW.DAT

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-19 do 2010-01-19 )))))))))))))))))))))))))))))))
.

2015-05-18 17:50 . 2015-05-18 17:50 -------- d-----w- c:\program files\Common Files\Ahead
2015-05-18 17:50 . 2007-10-09 15:29 -------- d-----w- c:\program files\Ahead
2010-01-18 20:47 . 2010-01-18 20:50 -------- d-----w- C:\TRANSLAT
2010-01-18 19:08 . 2010-01-18 19:40 1123744 ----a-w- C:\ComboFix.exe
2010-01-18 17:58 . 2010-01-18 17:58 -------- d-----w- C:\rsit
2010-01-18 17:58 . 2010-01-18 17:58 -------- d-----w- c:\program files\trend micro
2010-01-15 18:15 . 2005-11-23 17:08 32768 ----a-w- c:\windows\system32\ParallelMP.exe
2010-01-15 18:15 . 2005-10-25 14:21 245760 ----a-w- c:\windows\system32\SerialMP.exe
2010-01-15 18:15 . 2005-10-25 11:32 204800 ----a-w- c:\windows\system32\MosUsbPrintConfig.exe
2010-01-15 18:15 . 2004-09-17 11:15 18240 ----a-w- c:\windows\system32\drivers\DbgMsg.sys
2010-01-15 18:15 . 2010-01-15 18:15 -------- d-----w- C:\MosUPPSP
2010-01-14 17:03 . 2010-01-13 21:38 41943040 ----a-w- C:\PlasaP.dat
2010-01-13 19:24 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 12:31 . 2010-01-10 12:31 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-10 12:30 . 2010-01-10 12:30 -------- d-----w- c:\program files\iPod
2010-01-10 12:30 . 2010-01-10 12:30 -------- d-----w- c:\program files\iTunes
2010-01-10 09:15 . 2009-02-17 22:43 190243 ----a-w- C:\tsb_XLS.zip
2010-01-10 09:15 . 2008-05-20 20:50 292210 ----a-w- C:\Za_skripta.zip
2010-01-10 09:15 . 2001-10-25 12:00 4952 --sha-r- C:\Bootfont.bin
2010-01-10 09:15 . 2008-07-18 08:39 8017888 ----a-w- C:\PPDB.zip
2010-01-10 09:15 . 2009-06-26 19:58 12995877 ----a-w- C:\WDTV_FW_1_02_10.zip
2010-01-10 09:15 . 2007-01-24 14:06 556773293 ----a-w- C:\bf2_patch_14_full.exe
2010-01-09 19:39 . 2010-01-10 12:49 532 ----a-w- c:\windows\eReg.dat
2009-12-25 21:01 . 2006-02-08 14:37 32910 ----a-r- c:\windows\system32\drivers\ser120.sys
2009-12-25 20:59 . 2006-02-08 14:37 35648 ----a-r- c:\windows\system32\drivers\serial98.sys
2009-12-25 20:58 . 2010-01-15 18:20 -------- d-----w- c:\program files\FMA 2
2009-12-25 20:53 . 2009-12-25 20:53 -------- d-----w- c:\program files\Usb to Serial Driver 1.12.28

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 18:32 . 2007-05-19 13:39 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000005-00000000-00000000-00001102-00000002-80651102}.dat
2010-01-19 18:32 . 2007-05-19 13:39 384 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000000-00001102-00000002-80651102}.dat
2010-01-19 16:56 . 2009-03-30 20:02 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-18 22:14 . 2009-01-25 19:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 21:51 . 2008-12-09 20:28 -------- d-----w- c:\program files\WPMP150
2010-01-13 21:34 . 2008-09-02 22:50 -------- d-----w- c:\program files\CCleaner
2010-01-11 22:07 . 2007-05-18 17:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-10 12:53 . 2007-10-21 15:42 729088 ----a-w- c:\windows\iun6002.exe
2010-01-10 11:03 . 2007-11-12 19:14 -------- d-----w- c:\program files\VeryPDF PDF2Word v3.0
2010-01-10 01:34 . 2007-06-27 21:56 -------- d-----w- c:\program files\EA GAMES
2010-01-10 00:59 . 2007-09-27 18:48 -------- d-----w- c:\program files\Common Files\Apple
2010-01-10 00:21 . 2008-01-12 17:05 -------- d-----w- c:\program files\Valve
2010-01-09 19:34 . 2008-12-19 22:30 -------- d-----w- c:\program files\GameSpy Arcade
2010-01-07 15:07 . 2009-01-25 19:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-01-25 19:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 21:21 . 2001-10-25 12:00 91336 ----a-w- c:\windows\system32\perfc005.dat
2009-12-26 21:21 . 2001-10-25 12:00 458146 ----a-w- c:\windows\system32\perfh005.dat
2009-12-15 21:44 . 2009-12-15 21:44 -------- d-----w- c:\program files\FastStone Image Viewer
2009-11-26 17:01 . 2009-11-26 17:01 -------- d-----w- c:\program files\RocketDock
2009-11-24 20:10 . 2008-05-15 14:52 -------- d-----w- c:\program files\Web Page Maker
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:43 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2007-03-27 19:20 . 2007-11-06 16:40 403456 ----a-w- c:\program files\IntergalacticMegastar.ttf
2007-11-25 20:33 . 2007-11-25 20:33 24 --sh--w- c:\windows\S7EE90334.tmp
2009-01-22 18:27 . 2009-01-22 18:16 88 --sh--r- c:\windows\system32\DCC06A9B9A.sys
2009-03-24 17:00 . 2007-05-18 23:33 3974 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-05-18 949376]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-19 28672]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-13 292152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568]
"nwiz"="nwiz.exe" [2007-04-20 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2009-7-10 1134592]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-5-18 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\ComputerMirandaPack\\Computer Miranda Pack\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\DebugMode\\FrameServer\\DFsNetServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Miranda\\Packy\\Miranda_IM_Pack_v2.5\\Miranda IM\\miranda32.exe"=
"d:\\Miranda\\Packy\\Miranda IM\\miranda32.exe"=
"d:\\Miranda\\!Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Gigabyte\\ET5\\update.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\SOTI\\Pocket Controller-Pro\\PocketController.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"i:\\ Programy\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Documents and Settings\\Fantas\\Plocha\\My Mobile\\MyMobiler\\MyMobiler.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [16.7.2007 15:43 10368]
R1 cdrport;cdrport;c:\windows\system32\drivers\cdrport.sys [16.7.2007 15:43 4608]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.8.2008 12:27 34312]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [14.8.2002 14:11 5632]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [18.5.2007 19:58 15424]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [18.8.2008 12:25 468224]
R3 PhTVTune;Philips WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [17.12.2004 19:51 14624]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.5.2007 0:14 685816]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [23.5.2009 5:51 20608]
S3 DBGMSG;DBGMSG;dbgmsg.sys --> dbgmsg.sys [?]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [18.5.2007 19:15 4134]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [10.7.2009 21:22 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [10.7.2009 21:22 17408]
S3 Ouiidhos;Ouiidhos; [x]
S3 SER120;OTI Serial port driver;c:\windows\system32\drivers\ser120.sys [25.12.2009 22:01 32910]
S3 ZD1211BU(TP-LINK);TL-WN422G Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [23.5.2009 5:51 500736]
S3 ZMUSBFLT;ZOOM USAT1 Filter Driver;c:\windows\system32\drivers\ZMUSBFLT.SYS [13.8.2009 16:07 12297]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://archiv.nova.cz/search?type_id=372&parent_id=394&group=true&order=date
uInternet Settings,ProxyOverride = *.local
IE: Download All Files by HiDownload - c:\program files\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\HiDownload\HDGet.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: c:\windows\system32\imon.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Fantas\Data aplikací\Mozilla\Firefox\Profiles\6wsngjb0.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-AdobeBridge - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 19:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&??????\??? ??? ???\???\???????????5?7~e?7~\???\?????????_??????C@?\???\??????s????\??????s\????&??A??s?&???C@?x???`|?w\?????@

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap]
@DACL=(02 0000)
@="bootstrap.xps.1"

[HKEY_LOCAL_MACHINE\software\Classes\giffile\shell\Open\ddeexec]
@DACL=(02 0000)
@="\"file:%1\",,-1,,,,,"

[HKEY_LOCAL_MACHINE\software\Eset\ESET Security\CurrentVersion\Info]
@Denied: (3) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Data aplikací\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"="Student Edition"
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"ProductBase"=dword:00000001
"ProductCode"="{55FFA15B-4B16-4E17-AD8B-95EC3C793DE3}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="3.0.672.0"
"UniqueId"="000237BF4A5BAB17"
"ScannerBuild"=dword:00000d45
"ScannerVersionId"=dword:00000d2d
"ScannerVersion"=""
"FixId"=dword:00000005

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•6~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\imon.dll
.
Celkový čas: 2010-01-19 19:44:51
ComboFix-quarantined-files.txt 2010-01-19 18:44

Před spuštěním: 5 569 249 280
Po spuštění: 5 586 911 232

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 11118128B4F18B3A81F3C7E3BA4567E8

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\S7EE90334.tmp
c:\windows\system32\DCC06A9B9A.sys

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

ComboFix 10-01-19.01 - Fantas 19.01.2010 21:53:46.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1508 [GMT 1:00]
Spuštěný z: c:\documents and settings\Fantas\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Fantas\Plocha\CFScript.txt.txt
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý


file zipped: c:\windows\S7EE90334.tmp
file zipped: c:\windows\system32\DCC06A9B9A.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\S7EE90334.tmp
c:\windows\system32\DCC06A9B9A.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-19 do 2010-01-19 )))))))))))))))))))))))))))))))
.

2015-05-18 17:50 . 2015-05-18 17:50 -------- d-----w- c:\program files\Common Files\Ahead
2015-05-18 17:50 . 2007-10-09 15:29 -------- d-----w- c:\program files\Ahead
2010-01-18 20:47 . 2010-01-18 20:50 -------- d-----w- C:\TRANSLAT
2010-01-18 19:08 . 2010-01-18 19:40 1123744 ----a-w- C:\ComboFix.exe
2010-01-18 17:58 . 2010-01-18 17:58 -------- d-----w- C:\rsit
2010-01-18 17:58 . 2010-01-18 17:58 -------- d-----w- c:\program files\trend micro
2010-01-15 18:15 . 2005-11-23 17:08 32768 ----a-w- c:\windows\system32\ParallelMP.exe
2010-01-15 18:15 . 2005-10-25 14:21 245760 ----a-w- c:\windows\system32\SerialMP.exe
2010-01-15 18:15 . 2005-10-25 11:32 204800 ----a-w- c:\windows\system32\MosUsbPrintConfig.exe
2010-01-15 18:15 . 2004-09-17 11:15 18240 ----a-w- c:\windows\system32\drivers\DbgMsg.sys
2010-01-15 18:15 . 2010-01-15 18:15 -------- d-----w- C:\MosUPPSP
2010-01-14 17:03 . 2010-01-13 21:38 41943040 ----a-w- C:\PlasaP.dat
2010-01-13 19:24 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 12:31 . 2010-01-10 12:31 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-10 12:30 . 2010-01-10 12:30 -------- d-----w- c:\program files\iPod
2010-01-10 12:30 . 2010-01-10 12:30 -------- d-----w- c:\program files\iTunes
2010-01-10 09:15 . 2009-02-17 22:43 190243 ----a-w- C:\tsb_XLS.zip
2010-01-10 09:15 . 2008-05-20 20:50 292210 ----a-w- C:\Za_skripta.zip
2010-01-10 09:15 . 2001-10-25 12:00 4952 --sha-r- C:\Bootfont.bin
2010-01-10 09:15 . 2008-07-18 08:39 8017888 ----a-w- C:\PPDB.zip
2010-01-10 09:15 . 2009-06-26 19:58 12995877 ----a-w- C:\WDTV_FW_1_02_10.zip
2010-01-10 09:15 . 2007-01-24 14:06 556773293 ----a-w- C:\bf2_patch_14_full.exe
2010-01-09 19:39 . 2010-01-10 12:49 532 ----a-w- c:\windows\eReg.dat
2009-12-25 21:01 . 2006-02-08 14:37 32910 ----a-r- c:\windows\system32\drivers\ser120.sys
2009-12-25 20:59 . 2006-02-08 14:37 35648 ----a-r- c:\windows\system32\drivers\serial98.sys
2009-12-25 20:58 . 2010-01-15 18:20 -------- d-----w- c:\program files\FMA 2
2009-12-25 20:53 . 2009-12-25 20:53 -------- d-----w- c:\program files\Usb to Serial Driver 1.12.28

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 19:28 . 2009-03-30 20:02 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-19 18:32 . 2007-05-19 13:39 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000005-00000000-00000000-00001102-00000002-80651102}.dat
2010-01-19 18:32 . 2007-05-19 13:39 384 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000000-00001102-00000002-80651102}.dat
2010-01-18 22:14 . 2009-01-25 19:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 21:51 . 2008-12-09 20:28 -------- d-----w- c:\program files\WPMP150
2010-01-13 21:34 . 2008-09-02 22:50 -------- d-----w- c:\program files\CCleaner
2010-01-11 22:07 . 2007-05-18 17:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-10 12:53 . 2007-10-21 15:42 729088 ----a-w- c:\windows\iun6002.exe
2010-01-10 11:03 . 2007-11-12 19:14 -------- d-----w- c:\program files\VeryPDF PDF2Word v3.0
2010-01-10 01:34 . 2007-06-27 21:56 -------- d-----w- c:\program files\EA GAMES
2010-01-10 00:59 . 2007-09-27 18:48 -------- d-----w- c:\program files\Common Files\Apple
2010-01-10 00:21 . 2008-01-12 17:05 -------- d-----w- c:\program files\Valve
2010-01-09 19:34 . 2008-12-19 22:30 -------- d-----w- c:\program files\GameSpy Arcade
2010-01-07 15:07 . 2009-01-25 19:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-01-25 19:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 21:21 . 2001-10-25 12:00 91336 ----a-w- c:\windows\system32\perfc005.dat
2009-12-26 21:21 . 2001-10-25 12:00 458146 ----a-w- c:\windows\system32\perfh005.dat
2009-12-15 21:44 . 2009-12-15 21:44 -------- d-----w- c:\program files\FastStone Image Viewer
2009-11-26 17:01 . 2009-11-26 17:01 -------- d-----w- c:\program files\RocketDock
2009-11-24 20:10 . 2008-05-15 14:52 -------- d-----w- c:\program files\Web Page Maker
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:43 . 2004-08-17 13:49 916480 ------w- c:\windows\system32\wininet.dll
2007-03-27 19:20 . 2007-11-06 16:40 403456 ----a-w- c:\program files\IntergalacticMegastar.ttf
2009-03-24 17:00 . 2007-05-18 23:33 3974 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-05-18 949376]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-19 28672]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-13 292152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568]
"nwiz"="nwiz.exe" [2007-04-20 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2009-7-10 1134592]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-5-18 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\ComputerMirandaPack\\Computer Miranda Pack\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\DebugMode\\FrameServer\\DFsNetServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Miranda\\Packy\\Miranda_IM_Pack_v2.5\\Miranda IM\\miranda32.exe"=
"d:\\Miranda\\Packy\\Miranda IM\\miranda32.exe"=
"d:\\Miranda\\!Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Gigabyte\\ET5\\update.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\SOTI\\Pocket Controller-Pro\\PocketController.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"i:\\ Programy\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Documents and Settings\\Fantas\\Plocha\\My Mobile\\MyMobiler\\MyMobiler.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [16.7.2007 15:43 10368]
R1 cdrport;cdrport;c:\windows\system32\drivers\cdrport.sys [16.7.2007 15:43 4608]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.8.2008 12:27 34312]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [14.8.2002 14:11 5632]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [18.5.2007 19:58 15424]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [18.8.2008 12:25 468224]
R3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [18.5.2007 19:15 4134]
R3 PhTVTune;Philips WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [17.12.2004 19:51 14624]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.5.2007 0:14 685816]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [23.5.2009 5:51 20608]
S3 DBGMSG;DBGMSG;dbgmsg.sys --> dbgmsg.sys [?]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [10.7.2009 21:22 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [10.7.2009 21:22 17408]
S3 Ouiidhos;Ouiidhos; [x]
S3 SER120;OTI Serial port driver;c:\windows\system32\drivers\ser120.sys [25.12.2009 22:01 32910]
S3 ZD1211BU(TP-LINK);TL-WN422G Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [23.5.2009 5:51 500736]
S3 ZMUSBFLT;ZOOM USAT1 Filter Driver;c:\windows\system32\drivers\ZMUSBFLT.SYS [13.8.2009 16:07 12297]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://archiv.nova.cz/search?type_id=372&parent_id=394&group=true&order=date
uInternet Settings,ProxyOverride = *.local
IE: Download All Files by HiDownload - c:\program files\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\HiDownload\HDGet.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: c:\windows\system32\imon.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Fantas\Data aplikací\Mozilla\Firefox\Profiles\6wsngjb0.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 21:56
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&??????\??? ??? ???\???\???????????5?7~e?7~\???\?????????_??????C@?\???\??????s????\??????s\????&??A??s?&???C@?x???`|?w\?????@

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap]
@DACL=(02 0000)
@="bootstrap.xps.1"

[HKEY_LOCAL_MACHINE\software\Classes\giffile\shell\Open\ddeexec]
@DACL=(02 0000)
@="\"file:%1\",,-1,,,,,"

[HKEY_LOCAL_MACHINE\software\Eset\ESET Security\CurrentVersion\Info]
@Denied: (3) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Data aplikací\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"="Student Edition"
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"ProductBase"=dword:00000001
"ProductCode"="{55FFA15B-4B16-4E17-AD8B-95EC3C793DE3}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="3.0.672.0"
"UniqueId"="000237BF4A5BAB17"
"ScannerBuild"=dword:00000d45
"ScannerVersionId"=dword:00000d2d
"ScannerVersion"=""
"FixId"=dword:00000005

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•6~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\imon.dll
.
Celkový čas: 2010-01-19 21:58:28
ComboFix-quarantined-files.txt 2010-01-19 20:58
ComboFix2.txt 2010-01-19 18:44

Před spuštěním: 5 662 961 664
Po spuštění: 5 624 242 176

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - C2FD1DC8F5F2C1DBAA20D90434439D0C
Nahr nˇ probŘhlo ŁspŘçnŘ

Log již vypadá čistý. Nastala nějaká nzměna?

Bohuzel po restartu problem s FireFoxem pretrvava