PC-HELP.CZ

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:10, on 30.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\WINDOWS\system32\WTMKM.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=021307 serial=DR12CEM-0321808-CKS lang=CZ
O4 - HKLM\..\Run: [PureLinkTimeBeep] C:\Documents and Settings\All Users\Data aplikací\heartwipepurelink\Glue Error.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [LogitechSetup] E:\Setup\Setup.exe /restart /l:enu
O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
O4 - HKCU\..\Run: [roam scr] C:\DOCUME~1\petr\DATAAP~1\DASHBU~1\cashhtm.exe
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\petr\Plocha\Rapget\rapget.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7893109062
O18 - Protocol: bw+0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WTService - Unknown owner - C:\WINDOWS\system32\atwtusb.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 23924 bytes
děkuju!aladin

Máš tam dva antiviry Avast a Nod, tak si tam nech jen jeden z nich a ten druhý odinstaluj.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Vlož sem ještě také log z LopFind

ComboFix 08-12-01.03 - petr 2008-12-02 18:11:43.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.637 [GMT 1:00]
Spuštěný z: c:\documents and settings\petr\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\petr\Data aplikací\inst.exe
c:\documents and settings\petr\Local Settings\Temporary Internet Files\MAILTRAN.INI
c:\documents and settings\petr\Local Settings\Temporary Internet Files\TRNCOM.INI
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Dvbpws.dll
c:\windows\system32\packet.dll
c:\windows\system32\Pncrt.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_new_drv
-------\Service_NPF

((((((((((((((((((((((((( Soubory vytvořené od 2008-11-02 do 2008-12-02 )))))))))))))))))))))))))))))))
.

2008-11-30 11:55 . 2008-11-30 11:56 <DIR> d-------- C:\Temp
2008-11-30 11:55 . 2008-11-30 12:06 <DIR> d-------- c:\program files\WM Recorder
2008-11-30 11:55 . 2008-11-30 11:55 <DIR> d-------- c:\program files\WinPcap
2008-11-30 11:54 . 2008-11-30 12:49 <DIR> d-------- c:\program files\WM Recorder 10.2
2008-11-30 11:19 . 2008-11-30 12:12 <DIR> d-------- c:\program files\Serials 2005
2008-11-28 20:33 . 2008-11-28 20:33 <DIR> d-------- c:\program files\Summitsoft
2008-11-28 20:26 . 2008-11-28 20:26 <DIR> d-------- c:\program files\IPACS
2008-11-28 19:38 . 2008-11-28 19:42 <DIR> d-------- c:\program files\Air Conflicts
2008-11-27 15:59 . 2008-11-27 15:58 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-26 15:59 . 2008-11-26 15:59 <DIR> d-------- c:\documents and settings\petr\Data aplikací\Ubisoft
2008-11-25 19:04 . 2008-11-25 19:04 <DIR> d-------- c:\documents and settings\petr\Data aplikací\Leadertech
2008-11-25 17:40 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-11-25 17:40 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2008-11-25 17:40 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2008-11-25 17:40 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll
2008-11-25 17:40 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll
2008-11-25 17:40 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll
2008-11-25 17:40 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll
2008-11-23 17:48 . 2008-11-23 17:48 <DIR> d-------- C:\Phenomedia AG
2008-11-20 23:47 . 2008-11-20 23:47 <DIR> d-------- C:\Phenomedia
2008-11-17 11:16 . 2008-11-17 11:34 0 --a------ c:\windows\KA.ini
2008-11-17 08:41 . 2008-11-17 08:41 <DIR> d-------- c:\documents and settings\petr\Data aplikací\Disney Interactive Studios
2008-11-17 08:30 . 2008-11-17 08:30 <DIR> d-------- c:\program files\Disney Interactive Studios
2008-11-17 02:26 . 2008-11-17 02:26 <DIR> d-------- c:\program files\Disney Interactive
2008-11-17 02:26 . 2008-11-17 08:39 2,299 --a------ c:\windows\disney.ini
2008-11-17 02:25 . 2008-11-17 08:29 374 --a------ c:\windows\disneysy.ini
2008-11-16 20:23 . 2008-11-16 20:36 <DIR> d-------- c:\program files\Vivid WorkshopData ATI
2008-11-16 19:14 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-11-16 19:14 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-11-16 19:14 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-11-16 19:14 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-11-16 19:14 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-11-16 19:14 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-11-16 19:14 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-11-13 21:43 . 2008-11-13 21:43 528 -r-hs---- c:\windows\PCGWIN32.LI4
2008-11-13 21:42 . 2008-11-13 21:42 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Autodata Limited
2008-11-13 21:40 . 2008-11-13 21:40 <DIR> d-------- c:\program files\Common Files\Autodata Limited Shared
2008-11-12 20:46 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 20:45 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-07 17:47 . 2001-08-17 21:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS
2008-11-07 17:47 . 2001-08-17 21:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 16:53 --------- d-----w c:\program files\ESET
2008-12-01 23:47 --------- d-----w c:\documents and settings\petr\Data aplikací\Skype
2008-12-01 23:09 --------- d-----w c:\documents and settings\petr\Data aplikací\skypePM
2008-11-30 13:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-30 10:55 737,280 ----a-w c:\windows\iun6002.exe
2008-11-30 10:17 --------- d-----w c:\program files\Azureus
2008-11-30 10:17 --------- d-----w c:\documents and settings\petr\Data aplikací\Azureus
2008-11-30 09:36 --------- d-----w c:\documents and settings\petr\Data aplikací\uTorrent
2008-11-30 09:24 --------- d-----w c:\documents and settings\petr\Data aplikací\Vso
2008-11-29 19:52 --------- d-----w c:\program files\Ricochet Infinity
2008-11-28 15:52 --------- d-----w c:\program files\FlashGet
2008-11-27 14:58 --------- d-----w c:\program files\Java
2008-11-26 18:22 --------- d-----w c:\documents and settings\petr\Data aplikací\Ahead
2008-11-26 14:56 --------- d-----w c:\program files\Ubisoft
2008-11-25 20:45 --------- d-----w c:\program files\Electronic Arts
2008-11-25 20:18 --------- d-----w c:\program files\eMule
2008-11-25 17:49 --------- d-----w c:\program files\EA GAMES
2008-11-25 16:40 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-25 16:40 47,360 ----a-w c:\documents and settings\petr\Data aplikací\pcouffin.sys
2008-11-25 16:40 --------- d-----w c:\program files\VSO
2008-11-14 16:58 --------- d-----w c:\program files\ABBYY FineReader 8.0 Professional Edition
2008-11-03 18:23 --------- d-----w c:\program files\XTB-Trader 4 Contest
2008-10-30 20:46 --------- d-----w c:\program files\Common Files\DirectX
2008-10-30 15:42 --------- d-----w c:\program files\Lighthouse Interactive
2008-10-30 14:59 --------- d-----w c:\program files\LuckyTender
2008-10-28 19:59 --------- d-----w c:\program files\Trend Micro
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 15:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\2DBoy
2008-10-19 15:40 --------- d-----w c:\program files\WorldOfGoo
2008-10-16 23:40 --------- d-----w c:\program files\Euro Truck Simulator
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-11 07:35 --------- d--h--w c:\program files\Zero G Registry
2008-10-05 15:36 --------- d-----w c:\documents and settings\petr\Data aplikací\PipeMania
2008-10-05 15:18 --------- d-----w c:\program files\Empire Interactive
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-07-19 05:19 81,920 ----a-w c:\documents and settings\petr\Data aplikací\ezpinst.exe
2008-04-13 11:00 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2006-12-30 21:49 92,064 ----a-w c:\documents and settings\petr\mqdmmdm.sys
2006-12-30 21:49 9,232 ----a-w c:\documents and settings\petr\mqdmmdfl.sys
2006-12-30 21:49 79,328 ----a-w c:\documents and settings\petr\mqdmserd.sys
2006-12-30 21:49 66,656 ----a-w c:\documents and settings\petr\mqdmbus.sys
2006-12-30 21:49 6,208 ----a-w c:\documents and settings\petr\mqdmcmnt.sys
2006-12-30 21:49 5,936 ----a-w c:\documents and settings\petr\mqdmwhnt.sys
2006-12-30 21:49 4,048 ----a-w c:\documents and settings\petr\mqdmcr.sys
2006-12-30 21:49 25,600 ----a-w c:\documents and settings\petr\usbsermptxp.sys
2006-12-30 21:49 22,768 ----a-w c:\documents and settings\petr\usbsermpt.sys
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"OEXPRESS"="c:\windows\OETRN.EXE" [2006-12-27 26624]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe" [2006-06-27 1211176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-15 4624384]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-11-15 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-27 136600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-04-07 225280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2006-07-07 348160]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2006-07-11 69632]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"nwiz"="nwiz.exe" [2004-11-15 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
"MacrokeyManager"="WTMKM.exe" [2007-05-29 c:\windows\system32\WTMKM.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-06-10 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= c:\program files\ffdshow\ffdshow.ax
"VIDC.FFDS"= c:\program files\ffdshow\ffdshow.ax

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Jeyo Mobile Companion\\JeyoMobileCompanion.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mv2Player\\Mv2PlayerPlus.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Defrag32b;Defrag32Boot;c:\windows\system32\drivers\Defrag32b.sys [2004-10-23 54424]
R0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2006-12-27 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-11 111184]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\DRIVERS\wfcxacap.sys [2008-04-11 9856]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51:58 13560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-11 20560]
R2 Defrag32;Defrag32;c:\windows\system32\drivers\Defrag32.sys [2004-10-23 54424]
R2 PDSched;PDScheduler;"c:\program files\Raxco\PerfectDisk\PDSched.exe" [2004-11-01 237635]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [2008-04-11 31616]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [2008-04-11 167296]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe [2008-04-24 360096]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2001-10-25 69120]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [2008-04-11 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [2008-04-11 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [2008-04-11 10368]
R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2008-04-11 9446]
S4 hpt3xx;hpt3xx; []
.
Obsah adresáře 'Naplánované úlohy'

2008-12-02 c:\windows\Tasks\AA689B7F918F11C3.job
- c:\docume~1\petr\dataap~1\dashbu~1\debugpureplay.exe []

2008-05-11 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1167845020.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-roam scr - c:\docume~1\petr\DATAAP~1\DASHBU~1\cashhtm.exe
HKCU-Run-Nero PhotoShow Media Manager - c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
HKLM-Run-CorelDRAW Graphics Suite 11b - c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe
HKLM-Run-PureLinkTimeBeep - c:\documents and settings\All Users\Data aplikací\heartwipepurelink\Glue Error.exe
HKLM-Run-LogitechSetup - e:\setup\Setup.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-NWEReboot - (no file)

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 18:18:50
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\windows\TEMP\_av_proI.tm~a02392

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
.
**************************************************************************
.
Celkový čas: 2008-12-02 18:27:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-12-02 17:27:00

Před spuštěním: 3 135 033 344
Po spuštění: Volných bajtů: 14,041,583,616

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn

264 --- E O F --- 2008-11-13 00:21:56

přidán log z lopfind.........
LopFind v4 © Čas: 18:39:06,04 Datum: út 02.12.2008

******************************************

1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:

Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.

Výpis adresáře C:\Documents and Settings\All Users\DATAAP~1

13.11.2008 21:42 <DIR> Autodata Limited
19.10.2008 16:45 <DIR> 2DBoy
14.08.2008 17:09 <DIR> ESET
03.08.2008 22:40 <DIR> Autodesk
06.07.2008 16:46 <DIR> QuickTime
10.06.2008 16:32 <DIR> Logitech
06.06.2008 18:46 <DIR> Sierra
27.05.2008 01:00 <DIR> PC Drivers HeadQuarters
21.05.2008 15:33 <DIR> MSScanAppDataDir
04.05.2008 14:47 <DIR> CyberLink
13.04.2008 12:00 32 ezsid.dat
13.04.2008 06:39 <DIR> Adobe
12.04.2008 17:31 <DIR> Tablet
11.04.2008 21:52 <DIR> Ulead Systems
11.04.2008 21:18 <DIR> ATI
10.02.2007 17:53 <DIR> heartwipepurelink
21.01.2007 09:19 <DIR> Ahead
14.01.2007 23:10 <DIR> InstallShield
07.01.2007 22:15 <DIR> Skype
03.01.2007 18:14 382 hpzinstall.log
01.01.2007 11:15 <DIR> Windows Genuine Advantage
29.12.2006 21:51 <DIR> BVRP Software
29.12.2006 09:40 <DIR> nView_Profiles
27.12.2006 14:53 <DIR> DVD Shrink
27.12.2006 11:33 62 desktop.ini
27.12.2006 11:32 <DIR> Microsoft
27.12.2006 11:32 <DIR> .
27.12.2006 11:32 <DIR> ..
3 souborů, 476 bajtů
Adresářů: 25, Volných bajtů: 14068400128
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.

Výpis adresáře C:\Documents and Settings\petr\DATAAP~1

26.11.2008 15:59 <DIR> Ubisoft
25.11.2008 19:04 <DIR> Leadertech
25.11.2008 17:44 668 vso_ts_preview.xml
17.11.2008 08:41 <DIR> Disney Interactive Studios
05.10.2008 16:36 <DIR> PipeMania
27.09.2008 10:02 <DIR> ABBYY
07.09.2008 08:54 <DIR> SPORE
03.08.2008 22:41 <DIR> Autodesk
19.07.2008 17:45 9353 Hodnoty oddělené čárkami (Windows).EML
19.07.2008 06:19 34 pcouffin.log
19.07.2008 06:19 81920 ezpinst.exe
19.07.2008 06:19 7887 pcouffin.cat
19.07.2008 06:19 47360 pcouffin.sys
19.07.2008 06:19 1144 pcouffin.inf
12.07.2008 23:06 <DIR> Vso
29.06.2008 09:10 <DIR> Ace
19.05.2008 00:49 <DIR> Player
10.05.2008 14:06 <DIR> Help
04.05.2008 14:49 <DIR> CyberLink
04.05.2008 10:02 <DIR> Expert SoftWorks
04.05.2008 09:37 <DIR> ICQ
24.04.2008 16:22 <DIR> Ulead Systems
23.04.2008 17:51 <DIR> Ice Age 2
19.04.2008 07:30 5368 froggy_scorebox
19.04.2008 07:30 936 pl_accounts.pl_acc
19.04.2008 07:30 556 Troll.options
13.04.2008 12:00 <DIR> skypePM
11.04.2008 21:24 <DIR> DAEMON Tools
11.04.2008 21:18 <DIR> ATI
24.02.2007 09:28 <DIR> Simple Star
24.02.2007 09:28 134 Setup.txt
23.02.2007 04:59 <DIR> Nero
10.02.2007 17:53 <DIR> NetPumper
03.02.2007 12:46 <DIR> dash burn name
21.01.2007 09:24 <DIR> Ahead
15.01.2007 20:43 <DIR> Sun
14.01.2007 23:33 <DIR> Corel
14.01.2007 19:33 <DIR> Azureus
14.01.2007 08:52 <DIR> uTorrent
06.01.2007 13:21 <DIR> BSplayer Pro
03.01.2007 19:41 <DIR> AdobeUM
03.01.2007 19:40 <DIR> Adobe
03.01.2007 18:24 <DIR> Hewlett-Packard
01.01.2007 21:54 <DIR> Macromedia
31.12.2006 01:06 <DIR> Nokia Multimedia Player
30.12.2006 22:28 <DIR> InstallShield
28.12.2006 21:50 <DIR> Skype
28.12.2006 16:30 80 MusicCatalystGT.txt
27.12.2006 15:49 <DIR> BSplayer
27.12.2006 13:19 2508 $_hpcst$.hpc
27.12.2006 10:49 <DIR> Identities
27.12.2006 10:49 62 desktop.ini
27.12.2006 10:49 <DIR> ..
27.12.2006 10:49 <DIR> .
27.12.2006 10:49 <DIR> Microsoft
14 souborů, 158010 bajtů
Adresářů: 41, Volných bajtů: 14068396032
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.

Výpis adresáře C:\Documents and Settings\Default User\DATAAP~1

27.12.2006 11:33 62 desktop.ini
27.12.2006 11:32 <DIR> ..
27.12.2006 11:32 <DIR> Microsoft
27.12.2006 11:32 <DIR> .
1 souborů, 62 bajtů
Adresářů: 3, Volných bajtů: 14068396032
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.

Výpis adresáře C:\Documents and Settings\LocalService\DATAAP~1

23.04.2008 15:25 2508 $_hpcst$.hpc
27.12.2006 10:48 <DIR> ..
27.12.2006 10:48 <DIR> Microsoft
27.12.2006 10:48 <DIR> .
1 souborů, 2508 bajtů
Adresářů: 3, Volných bajtů: 14068396032
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.

Výpis adresáře C:\Documents and Settings\NetworkService\DATAAP~1

27.12.2006 10:48 <DIR> ..
27.12.2006 10:48 <DIR> Microsoft
27.12.2006 10:48 <DIR> .
0 souborů, 0 bajtů
Adresářů: 3, Volných bajtů: 14068396032

******************************************

2) Zjišťování přítomnosti ve složce Program Files:

a) Výpis obsahu Program Files složky pro zjištění duplicitních kopií podezřelých adresářů:

Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.

Výpis adresáře C:\Program Files

30.11.2008 11:55 <DIR> .
30.11.2008 11:55 <DIR> ..
20.04.2008 07:40 <DIR> 3GP Player
01.03.2007 21:00 <DIR> A4Tech
14.11.2008 17:58 <DIR> ABBYY FineReader 8.0 Professional Edition
28.06.2008 04:17 <DIR> Activision Value
23.07.2008 21:14 <DIR> Adobe
24.02.2007 19:04 <DIR> Ahead
28.11.2008 19:42 <DIR> Air Conflicts
16.04.2008 18:00 <DIR> Allok RM RMVB to AVI MPEG DVD Converter
27.12.2006 12:44 <DIR> Alwil Software
30.01.2007 18:26 <DIR> Aspyr
17.05.2008 14:08 <DIR> Atari
11.04.2008 20:51 <DIR> ATI Technologies
26.04.2008 09:19 <DIR> audiograbber
03.08.2008 22:37 <DIR> Autodesk
30.11.2008 11:17 <DIR> Azureus
27.12.2006 15:50 <DIR> BSplayer_WhenUSave_Installer
28.12.2006 12:30 <DIR> CityTime Alarms for Smartphone
27.12.2006 11:44 <DIR> C-Media 3D Audio
02.12.2008 18:12 <DIR> Common Files
27.12.2006 10:41 <DIR> ComPlus Applications
14.01.2007 23:07 <DIR> Corel
04.05.2008 14:43 <DIR> CyberLink
11.04.2008 21:24 <DIR> DAEMON Tools
30.08.2008 22:51 <DIR> DAEMON Tools Lite
05.02.2007 17:24 <DIR> DaemonTools_WhenUSave_Installer
26.02.2007 21:15 <DIR> dash burn name
27.12.2006 14:58 <DIR> directx 9c
17.11.2008 02:26 <DIR> Disney Interactive
17.11.2008 08:30 <DIR> Disney Interactive Studios
23.09.2008 15:17 <DIR> Doc Convertor
28.09.2008 00:09 <DIR> DreamWorks Interactive
27.12.2006 14:53 <DIR> DVD Shrink
19.07.2008 06:12 <DIR> DVDFab Decrypter 3
19.07.2008 06:20 <DIR> DVDFab Platinum 3
25.11.2008 18:49 <DIR> EA GAMES
25.11.2008 21:45 <DIR> Electronic Arts
05.10.2008 16:18 <DIR> Empire Interactive
25.11.2008 21:18 <DIR> eMule
02.12.2008 17:53 <DIR> ESET
17.10.2008 00:40 <DIR> Euro Truck Simulator
14.09.2008 07:13 <DIR> ffdshow
07.03.2007 21:06 <DIR> Fichiers communs
28.11.2008 16:52 <DIR> FlashGet
14.05.2008 23:08 <DIR> FLVPlayer
24.02.2007 09:52 <DIR> Formosoft
17.02.2007 12:50 <DIR> FOTOLAB Home Print Service
27.09.2008 09:16 <DIR> Foxit Software
24.04.2008 11:01 <DIR> Free Notes & Office Ink
24.02.2007 19:08 <DIR> Gemeinsame Dateien
01.02.2007 20:50 <DIR> GSpot
12.08.2008 17:34 <DIR> HD Tune
03.01.2007 18:20 <DIR> Hewlett-Packard
24.03.2007 19:22 <DIR> ICQLite
30.11.2008 14:11 <DIR> InstallShield Installation Information
16.10.2008 00:14 <DIR> Internet Explorer
28.11.2008 20:26 <DIR> IPACS
27.11.2008 15:58 <DIR> Java
28.12.2006 01:11 <DIR> Jeyo Mobile Companion
06.07.2008 16:43 <DIR> Legacy Interactive
30.10.2008 16:42 <DIR> Lighthouse Interactive
03.05.2008 09:38 <DIR> Lineage II
30.12.2006 22:28 <DIR> LiveUpdate
10.06.2008 16:32 <DIR> Logitech
05.06.2008 17:50 <DIR> LucasArts
30.10.2008 15:59 <DIR> LuckyTender
07.09.2008 21:07 <DIR> Messenger
01.10.2008 22:59 <DIR> Microsoft ActiveSync
27.12.2006 10:45 <DIR> microsoft frontpage
01.10.2008 22:23 <DIR> Microsoft Office
11.06.2008 18:55 <DIR> Microsoft Silverlight
27.12.2006 12:00 <DIR> Microsoft Visual Studio
27.12.2006 12:01 <DIR> Microsoft Works
27.12.2006 12:04 <DIR> Microsoft.NET
31.12.2006 00:59 <DIR> MIKSOFT
31.12.2006 01:01 <DIR> Mobilator
29.12.2006 21:14 <DIR> Motorola
30.12.2006 22:50 <DIR> Motorola Phone Tools
20.01.2007 00:17 <DIR> MOV to AVI MPEG WMV Converter
07.09.2008 21:01 <DIR> Movie Maker
13.07.2008 08:52 <DIR> MP3 Player Utilities 3.13
27.12.2006 15:44 <DIR> MP3 Player Utilities 3.60
11.04.2008 21:09 <DIR> MSBuild
24.04.2008 04:25 <DIR> MSECache
27.12.2006 10:40 <DIR> MSN
27.12.2006 10:40 <DIR> MSN Gaming Zone
04.01.2007 09:59 <DIR> MSXML 4.0
12.04.2008 12:30 <DIR> MSXML 6.0
28.12.2006 15:29 <DIR> Music Catalyst GT
12.04.2008 16:20 <DIR> Mv2Player
07.09.2008 20:56 <DIR> NetMeeting
10.02.2007 18:02 <DIR> NetPumper
31.12.2006 01:02 <DIR> Nokia
27.12.2006 10:43 <DIR> Online Services
07.09.2008 20:56 <DIR> Outlook Express
01.09.2008 21:26 <DIR> Paint.NET
13.07.2008 10:34 <DIR> PC Drivers HeadQuarters
11.04.2008 18:17 <DIR> PCCloneEX
20.05.2008 10:08 <DIR> Player
12.04.2008 17:32 <DIR> Power Presenter RE
10.07.2008 14:50 <DIR> Power Video Converter
27.12.2006 15:39 <DIR> Raxco
11.04.2008 16:43 <DIR> Realtek AC97
11.04.2008 21:03 <DIR> Reference Assemblies
13.04.2008 07:32 <DIR> ReflexiveArcade
29.11.2008 20:52 <DIR> Ricochet Infinity
24.04.2008 18:02 <DIR> Ricochet Xtreme
24.02.2007 09:35 <DIR> ScreenSaver.com
30.11.2008 12:12 <DIR> Serials 2005
09.05.2008 08:16 <DIR> Shiny
23.04.2008 17:47 <DIR> Sierra
13.04.2008 12:00 <DIR> Skype
11.05.2008 12:03 <DIR> SMS Posílač
06.08.2008 17:47 <DIR> Softinterface, Inc
04.05.2008 10:40 <DIR> Správce CD a DVD
28.11.2008 20:33 <DIR> Summitsoft
24.07.2008 17:46 <DIR> Sytexis Software
06.07.2008 16:55 <DIR> TalonSoft
11.02.2007 16:49 <DIR> Testy Autoškola
09.06.2008 00:00 <DIR> ThirdWire
09.05.2008 20:05 <DIR> THQ
10.05.2008 14:06 <DIR> totalcmd
27.12.2006 12:30 <DIR> translator
28.10.2008 20:59 <DIR> Trend Micro
26.11.2008 15:56 <DIR> Ubisoft
24.04.2008 16:16 <DIR> Ulead Systems
03.08.2008 22:40 <DIR> Uninstall Information
14.01.2007 08:52 <DIR> uTorrent
27.12.2006 11:39 <DIR> VIA
16.11.2008 20:36 <DIR> Vivid WorkshopData ATI
25.11.2008 17:40 <DIR> VSO
06.01.2007 13:21 <DIR> Webteh
23.04.2008 14:37 <DIR> Windows Media Connect 2
07.09.2008 20:56 <DIR> Windows Media Player
07.09.2008 20:56 <DIR> Windows NT
04.01.2007 07:45 <DIR> WindowsUpdate
11.04.2008 22:42 <DIR> WinFast
30.11.2008 11:55 <DIR> WinPcap
27.12.2006 15:52 <DIR> WinRAR
30.11.2008 12:06 <DIR> WM Recorder
30.11.2008 12:49 <DIR> WM Recorder 10.2
19.10.2008 16:40 <DIR> WorldOfGoo
27.12.2006 10:45 <DIR> xerox
24.07.2008 17:28 <DIR> Xi
03.11.2008 19:23 <DIR> XTB-Trader 4 Contest
23.07.2008 21:20 <DIR> Zeallsoft
11.10.2008 08:35 <DIR> Zero G Registry
20.04.2008 20:17 <DIR> Zoo Digital Publishing
19.04.2008 07:23 <DIR> Žabka Kuňkalka na Kouzelné louce
01.01.2007 17:19 <DIR> Žolíky Carioca
0 souborů, 0 bajtů
Adresářů: 151, Volných bajtů: 14 068 379 648

b) Vyhledávání podvodných sponzorovaných programů ve složce Program Files:

Adresář C:\Program Files\NetPumper Přítomen !

******************************************

3) Vyhledávání a odstranění podezřelých .job souborů:

a) Soubory přítomné v C:\WINDOWS\tasks\ adresáři:

Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.

Výpis adresáře C:\WINDOWS\Tasks

26.02.2007 21:15 258 AA689B7F918F11C3.job
03.01.2007 18:24 340 FRU Task #Hewlett-Packard#hp psc 1200 series#1167845020.job
27.12.2006 10:44 6 SA.DAT
27.12.2006 10:41 65 desktop.ini
27.12.2006 10:41 <DIR> ..
27.12.2006 10:41 <DIR> .
4 souborů, 669 bajtů
Adresářů: 2, Volných bajtů: 14 068 387 840

––––––––––––––––––––––––––––––––––––––––––

b) Zjišťování vlastností přítomných .job souborů:

––––––––––––––––––––––––––––––––––––––––––

c) Nalezené a odstraněné nežádoucí soubory:

AA689B7F918F11C3.job

––––––––––––––––––––––––––––––––––––––––––

d) Soubory přítomné v adresáři po vymazání:

Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.

Výpis adresáře C:\WINDOWS\Tasks

03.01.2007 18:24 340 FRU Task #Hewlett-Packard#hp psc 1200 series#1167845020.job
27.12.2006 10:44 6 SA.DAT
27.12.2006 10:41 65 desktop.ini
27.12.2006 10:41 <DIR> ..
27.12.2006 10:41 <DIR> .
3 souborů, 411 bajtů
Adresářů: 2, Volných bajtů: 14 068 387 840

******************************************

4) Zjišťování přítomnosti v registru:

a) Vyhledávání spouštěcích bodů v registru:

Nebyly nalezeny žádné spouštěcí body v registru.

b) Export výjimek IE pop-up blockeru:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow]
"sis.cat.com"=hex:00,00
"PopupMgr"="yes"

c) Export povolení Windows firewallu:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

»»»»»»»»»»»»» Konec výpisu «««««««««««««««

Odinstaluj přes přidat nebo odebrat programy:
NetPumper

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

DirLook::
C:\Temp

FileLook::
c:\documents and settings\petr\mqdmmdm.sys

Folder::
C:\Documents and Settings\All Users\Data aplikací\heartwipepurelink
C:\Documents and Settings\petr\Data aplikací\NetPumper
C:\Documents and Settings\petr\Data aplikací\dash burn name
C:\Program Files\DaemonTools_WhenUSave_Installer
C:\Program Files\dash burn name
C:\Program Files\NetPumper

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Dej sem pak i nový log z HJT.

PC-HELP.CZ

moc prosím o kontrolu logu-combofix+lopfind

moc prosím o kontrolu logu-combofix+lopfind

Re: moc prosím o kontrolu logu-značně spomalené pc

Re: moc prosím o kontrolu logu-značně spomalené pc

Re: moc prosím o kontrolu logu-značně spomalené pc

Re: moc prosím o kontrolu logu-combofix+lopfind