PC zatuhne-prosím o kontrolu

[Karelfik]

Starý log jsem smazal Karelfik

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Pokud by PC v normálním režimu zatuhl, CF lze spustit i v nouz. režimu.

[Karelfik]

Momentálně mi nechce systém naběhnout. Až budu log mít hned jej umístím.
Díky

[Rudy]

Ani v nouz. režimu?

[Karelfik]

Ne ani v nouzové a ani nejde poslední známá konfigurace.
Až to rozběhnu, tak se ozvu- dnes už jdu spát.Díky a dobrou noc K.

[Rudy]

OK.

[Karelfik]

Tak jsem zpět.
PC jsem přeinstalova R- oprava stávajícího systému.
Jen jsem musel dát síťovou kartu. Možná to byl ten problém.
Přikládám nový log z RSIT a za ním bude následovat log z Combo Fix.
Díky

Logfile of random's system information tool 1.09 (written by random/random)
Run by Martinka at 2011-07-12 17:02:25
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 47 GB (64%) free of 73 GB
Total RAM: 1023 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:02:32, on 12.7.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\xmesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Martinka\Dokumenty\Stažené soubory\RSIT(3).exe
C:\Program Files\trend micro\Martinka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: CryptoPlus XME Engine Service (xmengine service) - Monet+, a.s. - C:\WINDOWS\system32\xmesrv.exe

--
End of file - 5401 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\RMSchedule.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Martinka\Data aplikací\Mozilla\Firefox\Profiles\ne3hnvcz.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, pdfforge@mybrowserbar.com:4.4, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198, wtxpcom@mybrowserbar.com:4.4, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, toolbar@ask.com:3.3.3.123, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =302398&p="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0]
"Description"=
"Path"=C:\Program Files\Sony\Media Go\npmediago.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=0.8.6b]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
NPOFFICE.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Documents and Settings\Martinka\Data aplikací\Mozilla\Firefox\Profiles\ne3hnvcz.default\extensions\
toolbar@ask.com
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll [2011-05-06 734048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-04-02 809864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-19 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-06-19 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll [2011-05-06 734048]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-04-02 809864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"= []
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-05-10 3459712]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-05-06 532320]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-12-20 131072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTVRemote]
C:\Program Files\LifeView DTV\RemoteControl.exe [2005-12-26 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.2\ICQ.exe [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-02-22 2209224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-05-06 532320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-05-23 431616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\Martinka\Plocha\Blbosti\RollerCoaster Tycoon\RollerCoaster Tycoon\rct.exe"="C:\Documents and Settings\Martinka\Plocha\Blbosti\RollerCoaster Tycoon\RollerCoaster Tycoon\rct.exe:*:Enabled:rct"
"C:\Documents and Settings\Martinka\Local Settings\Temp\Rar$EX00.906\RCT.EXE"="C:\Documents and Settings\Martinka\Local Settings\Temp\Rar$EX00.906\RCT.EXE:*:Enabled:RCT"
"C:\Documents and Settings\Martinka\Local Settings\Temp\Rar$EX04.921\RCT.EXE"="C:\Documents and Settings\Martinka\Local Settings\Temp\Rar$EX04.921\RCT.EXE:*:Enabled:RCT"
"C:\Documents and Settings\Martinka\Plocha\Blbosti\RollerCoaster Tycoon\RCT.EXE"="C:\Documents and Settings\Martinka\Plocha\Blbosti\RollerCoaster Tycoon\RCT.EXE:*:Enabled:RCT"
"C:\Documents and Settings\Martinka\Plocha\Blbosti\RollerCoaster Tycoon\Pouť.EXE"="C:\Documents and Settings\Martinka\Plocha\Blbosti\RollerCoaster Tycoon\Pouť.EXE:*:Enabled:Pouť"
"D:\!Archiv\Instalační programy\RollerCoaster Tycoon\Pouť.EXE"="D:\!Archiv\Instalační programy\RollerCoaster Tycoon\Pouť.EXE:*:Enabled:Pouť"
"D:\!Archiv\Instalační programy\RollerCoaster Tycoon\RollerCoaster Tycoon\rct.exe"="D:\!Archiv\Instalační programy\RollerCoaster Tycoon\RollerCoaster Tycoon\rct.exe:*:Enabled:rct"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 month======

2011-07-12 16:59:25 ----D---- C:\Program Files\Common Files\NVIDIA Shared
2011-07-12 16:59:24 ----D---- C:\Program Files\NVIDIA Corporation
2011-07-12 16:58:49 ----A---- C:\WINDOWS\system32\nvuaudio.exe
2011-07-12 16:58:48 ----D---- C:\WINDOWS\NV12082520.TMP
2011-07-12 16:57:13 ----D---- C:\NVIDIA
2011-07-12 16:52:27 ----D---- C:\WINDOWS\LastGood
2011-07-12 16:51:26 ----A---- C:\WINDOWS\system32\drivers\RTL8139.sys
2011-07-12 15:58:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2011-07-12 15:39:38 ----D---- C:\WINDOWS\Prefetch
2011-07-12 15:38:52 ----ASH---- C:\hiberfil.sys
2011-07-12 15:34:15 ----A---- C:\WINDOWS\OEWABLog.txt
2011-07-12 15:11:31 ----A---- C:\WINDOWS\system32\spxcoins.dll
2011-07-12 15:11:31 ----A---- C:\WINDOWS\system32\irclass.dll
2011-07-12 15:11:14 ----RA---- C:\WINDOWS\SETF6.tmp
2011-07-12 15:11:11 ----RA---- C:\WINDOWS\SETEA.tmp
2011-07-12 15:11:10 ----RA---- C:\WINDOWS\SETE7.tmp
2011-07-12 15:10:20 ----A---- C:\WINDOWS\setuplog.txt
2011-07-12 01:27:16 ----ASH---- C:\pagefile.sys
2011-07-11 22:22:52 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-11 22:11:16 ----SD---- C:\32788R22FWJFW
2011-07-11 22:06:23 ----D---- C:\Documents and Settings\Martinka\Data aplikací\SUPERAntiSpyware.com
2011-07-11 22:06:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-07-11 22:06:09 ----D---- C:\Program Files\SUPERAntiSpyware
2011-07-11 21:40:54 ----D---- C:\rsit
2011-07-11 21:40:54 ----D---- C:\Program Files\trend micro
2011-07-11 20:58:12 ----D---- C:\Program Files\SpeedFan
2011-07-11 20:53:34 ----A---- C:\WINDOWS\system32\drivers\cpuz132_x32.sys
2011-07-11 20:53:33 ----D---- C:\Program Files\CPUID
2011-07-11 20:53:27 ----D---- C:\Program Files\Ask.com
2011-07-11 20:49:50 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-07-11 20:40:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-06-23 08:52:39 ----D---- C:\Program Files\Google
2011-06-19 00:09:05 ----D---- C:\Program Files\Common Files\Java
2011-06-19 00:08:57 ----A---- C:\WINDOWS\system32\javaws.exe
2011-06-19 00:08:57 ----A---- C:\WINDOWS\system32\javaw.exe
2011-06-19 00:08:57 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 month======

2011-07-12 16:59:25 ----D---- C:\Program Files\Common Files
2011-07-12 16:59:24 ----RD---- C:\Program Files
2011-07-12 16:59:23 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-12 16:58:55 ----HD---- C:\WINDOWS\inf
2011-07-12 16:58:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-12 16:58:49 ----D---- C:\WINDOWS\system32
2011-07-12 16:58:48 ----D---- C:\WINDOWS\system32\drivers
2011-07-12 16:58:48 ----D---- C:\WINDOWS
2011-07-12 16:58:37 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-07-12 16:52:57 ----D---- C:\WINDOWS\Temp
2011-07-12 16:52:42 ----D---- C:\WINDOWS\SoftwareDistribution
2011-07-12 16:52:39 ----D---- C:\WINDOWS\Help
2011-07-12 16:51:20 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-12 16:34:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-12 15:58:02 ----SHD---- C:\WINDOWS\Installer
2011-07-12 15:58:02 ----SD---- C:\WINDOWS\Tasks
2011-07-12 15:55:01 ----D---- C:\WINDOWS\security
2011-07-12 15:47:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2011-07-12 15:47:48 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-07-12 15:47:45 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-07-12 15:42:32 ----D---- C:\WINDOWS\Registration
2011-07-12 15:41:00 ----SHD---- C:\System Volume Information
2011-07-12 15:41:00 ----D---- C:\WINDOWS\system32\Restore
2011-07-12 15:40:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-12 15:38:48 ----D---- C:\WINDOWS\system32\config
2011-07-12 15:34:10 ----A---- C:\WINDOWS\ODBCINST.INI
2011-07-12 15:33:57 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2011-07-12 15:33:27 ----RD---- C:\WINDOWS\Web
2011-07-12 15:33:18 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2011-07-12 15:33:08 ----A---- C:\WINDOWS\win.ini
2011-07-12 15:33:03 ----D---- C:\WINDOWS\system32\oobe
2011-07-12 15:33:00 ----D---- C:\Program Files\Windows Media Player
2011-07-12 15:32:58 ----D---- C:\Program Files\Movie Maker
2011-07-12 15:32:56 ----D---- C:\Program Files\Outlook Express
2011-07-12 15:32:56 ----D---- C:\Program Files\Common Files\System
2011-07-12 15:32:50 ----D---- C:\Program Files\Internet Explorer
2011-07-12 15:32:42 ----D---- C:\WINDOWS\system32\Com
2011-07-12 15:31:39 ----D---- C:\WINDOWS\system32\wbem
2011-07-12 15:30:50 ----SH---- C:\boot.ini
2011-07-12 15:11:37 ----A---- C:\WINDOWS\system.ini
2011-07-12 15:11:24 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2011-07-12 15:11:17 ----D---- C:\WINDOWS\system32\CatRoot
2011-07-12 01:34:26 ----D---- C:\WINDOWS\system32\Setup
2011-07-12 01:34:26 ----D---- C:\WINDOWS\system
2011-07-12 01:34:17 ----D---- C:\WINDOWS\system32\usmt
2011-07-12 01:34:09 ----D---- C:\WINDOWS\AppPatch
2011-07-12 01:34:08 ----D---- C:\WINDOWS\ime
2011-07-12 01:34:06 ----RSD---- C:\WINDOWS\Fonts
2011-07-12 01:34:05 ----D---- C:\WINDOWS\Media
2011-07-12 01:33:55 ----D---- C:\WINDOWS\PeerNet
2011-07-12 01:33:42 ----D---- C:\WINDOWS\system32\npp
2011-07-12 01:33:35 ----D---- C:\WINDOWS\msagent
2011-07-12 01:30:18 ----D---- C:\WINDOWS\system32\1029
2011-07-12 01:29:59 ----D---- C:\WINDOWS\twain_32
2011-07-12 01:28:57 ----D---- C:\WINDOWS\system32\icsxml
2011-07-12 01:28:28 ----D---- C:\WINDOWS\system32\ias
2011-07-12 01:28:23 ----D---- C:\WINDOWS\system32\1033
2011-07-12 01:27:16 ----D---- C:\WINDOWS\Driver Cache
2011-07-11 19:59:23 ----D---- C:\WINDOWS\Debug
2011-07-07 11:38:36 ----A---- C:\WINDOWS\NeroDigital.ini
2011-07-04 13:43:51 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-03 20:46:40 ----D---- C:\Program Files\Premier
2011-07-02 01:16:24 ----D---- C:\Program Files\John Deere American Farmer
2011-06-23 14:39:58 ----D---- C:\Program Files\Mozilla Firefox
2011-06-19 00:09:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
2011-06-19 00:09:08 ----D---- C:\Program Files\Sony Ericsson
2011-06-19 00:08:43 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-06-19 00:06:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-06-17 15:08:16 ----D---- C:\Program Files\ICQ7.2
2011-06-17 15:07:43 ----D---- C:\Documents and Settings\Martinka\Data aplikací\ICQ
2011-06-16 08:37:37 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248 begin_of_the_skype_highlighting              1996-04-03 5248      end_of_the_skype_highlighting]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2005-08-18 93568]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\drivers\nvatabus.sys [2005-05-17 92800]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2010-04-09 114048]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2010-12-18 21696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R2 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R2 rspndr;Odpovídající zařízení zjišťování topologie linkové vrstvy; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2005-04-13 53376]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2005-04-13 414464]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 26496]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt []
S3 GemCCID;GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [2009-10-09 87424]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-04-06 25512]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
S3 LVHybrid;LVHybrid service; C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [2005-08-26 660992]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-18 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-18 10880]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-18 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-18 15360]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-05-06 393112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-05-10 42184]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-06-19 153376]
R2 xmengine service;CryptoPlus XME Engine Service; C:\WINDOWS\system32\xmesrv.exe [2009-10-09 34696]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-04-20 152064]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Karelfik]

A ještě Combo fix

ComboFix 11-07-11.02 - Martinka 12.07.2011 17:17:29.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.588 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martinka\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-12 do 2011-07-12 )))))))))))))))))))))))))))))))
.
.
2011-07-12 13:36 . 2004-08-18 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-07-12 13:35 . 2004-08-18 12:00 111104 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe
2011-07-12 13:34 . 2004-08-18 12:00 330752 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2011-07-12 13:11 . 2004-08-18 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-07-12 13:11 . 2004-08-18 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-07-12 13:11 . 2004-08-18 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-07-12 13:11 . 2004-08-18 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-07-12 13:11 . 2004-08-18 12:00 14043 ----a-r- c:\windows\SETF6.tmp
2011-07-12 13:11 . 2004-08-18 12:00 1086058 ----a-r- c:\windows\SETEA.tmp
2011-07-12 13:11 . 2004-08-18 12:00 1014483 ----a-r- c:\windows\SETE7.tmp
2011-07-11 20:06 . 2011-07-11 20:06 -------- d-----w- c:\documents and settings\Martinka\Data aplikací\SUPERAntiSpyware.com
2011-07-11 20:06 . 2011-07-11 20:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-07-11 20:06 . 2011-07-11 20:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-11 19:40 . 2011-07-12 15:02 -------- d-----w- c:\program files\trend micro
2011-07-11 19:40 . 2011-07-11 19:41 -------- d-----w- C:\rsit
2011-07-11 18:58 . 2011-07-11 19:03 -------- d-----w- c:\program files\SpeedFan
2011-07-11 18:53 . 2009-03-26 23:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2011-07-11 18:53 . 2011-07-11 18:53 -------- d-----w- c:\program files\CPUID
2011-07-11 18:53 . 2011-07-11 18:53 -------- d-----w- c:\program files\Ask.com
2011-07-11 18:49 . 2011-07-11 20:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-11 18:40 . 2011-07-11 20:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-06-24 06:58 . 2011-06-30 08:58 -------- d-----w- c:\documents and settings\Martinka\Local Settings\Data aplikací\Temp
2011-06-23 06:55 . 2011-06-23 06:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-06-23 06:53 . 2011-06-23 06:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-06-23 06:52 . 2011-07-12 13:48 -------- d-----w- c:\documents and settings\Martinka\Local Settings\Data aplikací\Google
2011-06-23 06:52 . 2011-07-12 13:48 -------- d-----w- c:\program files\Google
2011-06-18 22:09 . 2011-06-18 22:09 -------- d-----w- c:\program files\Common Files\Java
2011-06-18 22:08 . 2011-06-18 22:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2010-07-05 15:42 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-04-09 20:16 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-05-31 19:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-04-09 20:16 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-04-09 20:16 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2010-04-09 20:16 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2010-04-09 20:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2010-04-09 20:16 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-04-09 20:16 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2010-04-09 20:16 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-18 22:08 . 2011-01-23 10:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-02 17:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-05-06 532320]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTVRemote]
2005-12-26 15:57 53248 ----a-w- c:\program files\LifeView DTV\RemoteControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
2007-02-22 17:53 2209224 ----a-w- c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2011-05-06 16:15 532320 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-05-23 07:09 431616 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-17 03:42 577536 ----a-r- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"d:\\!Archiv\\Instalační programy\\RollerCoaster Tycoon\\Pouť.EXE"=
"d:\\!Archiv\\Instalační programy\\RollerCoaster Tycoon\\RollerCoaster Tycoon\\rct.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [31.5.2011 21:17 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.4.2010 22:16 309848]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [6.5.2011 17:33 393112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.4.2010 22:16 19544]
R2 xmengine service;CryptoPlus XME Engine Service;c:\windows\system32\xmesrv.exe [11.6.2010 14:53 34696]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [30.5.2005 4736]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [11.6.2010 14:54 87424]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8.8.2010 19:01 13224]
S3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [9.4.2010 20:03 660992]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [18.8.2004 14:00 14336]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [1.8.2010 8:58 152064]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-07-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-04-02 17:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: business24.cz\www
Trusted Zone: servis24.cz\www
FF - ProfilePath - c:\documents and settings\Martinka\Data aplikací\Mozilla\Firefox\Profiles\ne3hnvcz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask.com Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-NWEReboot - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-12 17:25
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(368)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(2640)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-07-12 17:29:36
ComboFix-quarantined-files.txt 2011-07-12 15:29
.
Před spuštěním: Volných bajtů: 49 104 171 008
Po spuštění: Volných bajtů: 49 140 928 512
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
Current=4 Default=4 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - FDEEB21C3E466A60C840942B25A0700E
Děkuji

[Rudy]

Otevřte poznámkolvý blok a zkopírujte do něj:

KillAll::

Folder::
C:\Program Files\Ask.com
C:\Program Files\pdfforge Toolbar
C:\Program Files\Common Files\Spigot\Search Settings

Collect::
C:\## aswSnx private storage

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Karelfik]

Provedl jsem podle pokynu a prošlo to bez problémů.
Po přeinstalci a doplnění o sítovou kartu počítač běží spolehlivě.
Srdečně dějuji za pomoc.
Škoda, že není podpora možná jednoduchým bankovním převodem.

[Rudy]

Nemáte zač!

Škoda, že není podpora možná jednoduchým bankovním převodem.

Tohle je, bohužel, zatím v řešení.