Prosím o kontrolu - zasekané prohlížeče internetu

[f24]

Dobrý den,
měla jsem v plánu formátovat disk, ale zapomněla jsem si z domu vzít instalační CD a znova tam budu tak nejdřív o Velikonocích. Takže do doby, než se mi podaří přeinstalovat Windowsy, bych ráda ještě nějak fungovala, a teď je to na nic, protože se mi zasekává Google Chrome, při každém kliknutí na cokoliv musím čekat, a nejdou přehrávat online videa, ptž se co pár sekund seká obraz. Chvilku mi ještě jel IE a Opera, ale teď už i tyto prohlížeče dělají problémy. Celkově i PC je pomalé - dala jsem si všechny věci na externí disk, ale i tak se nic nerozjede bez dlouhého čekání.

Musím mít v PC hrozný nepořádek, tak milionkrát děkuji za váš čas.


Logfile of random's system information tool 1.09 (written by random/random)
Run by jana at 2012-01-12 18:12:21
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 77 GB (66%) free of 116 GB
Total RAM: 1022 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:12:32, on 12.1.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\hporclnr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe
C:\Program Files\WakeMeUp\WMUAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmW.exe
C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmwj.exe
C:\Program Files\WakeMeUp\WMUSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Data aplikací\xMlEO0Un.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\All Users\Data aplikací\xMlEO0Un.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jana\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\jana.exe
C:\Documents and Settings\All Users\Data aplikací\xMlEO0Un.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.centrum.cz/index.php?tool ... trum-1.0.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=d38d974e- ... 1558255f33
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://search.centrum.cz/index.php?tool ... trum-1.0.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=d38d974e- ... 1558255f33
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.centrum.cz/index.php?tool ... trum-1.0.0
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: pageshotsbho - {28CF50DA-4A17-4442-BBF9-D916BFDE072C} - C:\Documents and Settings\All Users\Data aplikací\PageshotsPro\pageshots_x86.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Shared\lib.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.3.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
O3 - Toolbar: Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP OrderReminder Cleaner] C:\WINDOWS\hporclnr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LauncherMX14] "C:\Program Files\EPSON_P2B\Printer Software\Launcher\selaunch.exe" /S EPSON AL-MX14
O4 - HKLM\..\Run: [DocuPrint MX14 RUN] "C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmRun.exe"
O4 - HKLM\..\Run: [StatusAutoRunMX14] "C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe"EPSON AL-MX14,hide,\S
O4 - HKLM\..\Run: [WMUAgent.exe] C:\Program Files\WakeMeUp\WMUAgent.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [UpdateMyDrivers] C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss
O4 - HKCU\..\Run: [WMUTray.exe] C:\Program Files\WakeMeUp\WMUTray.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O18 - Filter hijack: text/html - {31560f7b-b3b0-41de-b4cf-e8c104e5bb27} - C:\DOCUME~1\jana\LOCALS~1\Temp\mstmp.
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipameti kategorií soucástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate1c9b52ecaa98480) (gupdate1c9b52ecaa98480) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SEcnStatutsDatabase (SENADB) - Unknown owner - C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: WakeMeUp! Service (svcWMU) - Highspheres.com - C:\Program Files\WakeMeUp\WMUSvc.exe

--
End of file - 14490 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\Norton Security Scan for jana.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At1.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2011-06-28 241464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28CF50DA-4A17-4442-BBF9-D916BFDE072C}]
Pageshots for Internet Explorer PRO - C:\Documents and Settings\All Users\Data aplikací\PageshotsPro\pageshots_x86.dll [2010-12-22 197432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-10-27 414416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A}]
CentrumczToolbar BHO - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2009-10-22 1171760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
IE5BarLauncherBHO Class - C:\Program Files\vShare.tv plugin\BarLcher.dll [2011-09-22 177712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-29 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-11 342128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-11 1003576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}]
Browser Helper Object - C:\Program Files\Shared\lib.dll [2010-10-08 323597]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]
NTIECatcher Class - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2004-07-19 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-05-06 1145736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-01 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-01 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.3.dll [2010-10-07 1164568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_2.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D5D47440-0750-463D-BAEF-A47D02414806} - Centrum.cz Toolbar - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2009-10-22 1171760]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_2.dll [2011-01-17 175912]
{D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-05-06 1145736]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-29 266240]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2011-06-28 696000]
{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - VShareToolBar - C:\Program Files\vShare.tv plugin\BarLcher.dll [2011-09-22 177712]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-11 342128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2004-11-26 90112]
"OrderReminder"=C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2006-12-27 98304]
"HP OrderReminder Cleaner"=C:\WINDOWS\hporclnr.exe [2006-12-27 104960]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"NPSStartup"= []
"EEventManager"=C:\Program Files\Epson Software\Event Manager\EEventManager.exe [2009-12-03 976320]
"TkBellExe"=C:\program files\real\realplayer\update\realsched.exe [2011-10-27 273528]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888]
"LauncherMX14"=C:\Program Files\EPSON_P2B\Printer Software\Launcher\selaunch.exe [2011-05-12 2438112]
"DocuPrint MX14 RUN"=C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmRun.exe [2011-05-12 363488]
"StatusAutoRunMX14"=C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe [2011-05-12 3661784]
"WMUAgent.exe"=C:\Program Files\WakeMeUp\WMUAgent.exe [2006-11-25 160256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-24 1372160]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-14 68856]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-07-29 95576]
"UpdateMyDrivers"=C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe [2010-12-16 4280712]
"WMUTray.exe"=C:\Program Files\WakeMeUp\WMUTray.exe [2006-12-07 745984]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Documents and Settings\jana\Nabídka Start\Programy\Po spuštění
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer eConsole\MediaSync.exe"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\Program Files\Acer\Acer eConsole\eConsole.exe"="C:\Program Files\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\Program Files\Acer\Acer eConsole\MediaServerService.exe"="C:\Program Files\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\Real\RealPlayer\RealPlay.exe"="C:\Program Files\Real\RealPlayer\RealPlay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE"="C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE:*:Enabled:Microsoft FrontPage"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre1.6.0\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\System32\spool\drivers\W32X86\3\HP1005MC.EXE"="C:\WINDOWS\System32\spool\drivers\W32X86\3\HP1005MC.EXE:*:Enabled:SMLMProxy Module - HP1005MC.EXE"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\EasySetupAssistant\EasySetupAssistant.exe"="E:\EasySetupAssistant\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant"
"C:\Program Files\Google\Chrome\Application\CHROME.EXE"="C:\Program Files\Google\Chrome\Application\CHROME.EXE:*:Enabled:Google Chrome"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Documents and Settings\JANA\Plocha\MyPhoneExplorer portable\MyPhoneExplorer portable.exe"="C:\Documents and Settings\JANA\Plocha\MyPhoneExplorer portable\MyPhoneExplorer portable.exe:*:Enabled:MyPhoneExplorer"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Documents and Settings\JANA\Local Settings\Temp\Rar$EX00.266\rtmpexplorer\rtmpsrv.exe"="C:\Documents and Settings\JANA\Local Settings\Temp\Rar$EX00.266\rtmpexplorer\rtmpsrv.exe:*:Enabled:rtmpsrv"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"msacm.ac3acm"=ac3acm.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.mp43"=mpg4c32.dll
"VIDC.VDOM"=vdowave.drv
"MSACM.LHACM"=lhacm.acm
"VIDC.TR20"=tr2032.dll
"vidc.vivo"=ivvideo.dll
"msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"=C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.ac3filter"=ac3filter.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit -
.js - open - ""

======List of files/folders created in the last 1 month======

2012-01-12 18:12:20 ----D---- C:\rsit
2012-01-12 01:11:07 ----HD---- C:\WINDOWS\$NtUninstallKB2646524$
2012-01-12 01:11:02 ----HD---- C:\WINDOWS\$NtUninstallKB2631813$
2012-01-12 01:07:22 ----HD---- C:\WINDOWS\$NtUninstallKB2598479$
2012-01-12 01:03:00 ----HD---- C:\WINDOWS\$NtUninstallKB2603381$
2012-01-12 01:02:53 ----HD---- C:\WINDOWS\$NtUninstallKB2584146$
2012-01-11 12:40:32 ----D---- C:\Program Files\PdfMerge
2012-01-05 12:35:29 ----A---- C:\WINDOWS\system32\sesr2aimghelper.dll
2012-01-05 12:35:29 ----A---- C:\WINDOWS\system32\sesr2aimgfilter.dll
2012-01-04 19:44:41 ----A---- C:\WINDOWS\system32\sehr2aFM.DLL
2012-01-04 19:44:41 ----A---- C:\WINDOWS\system32\sehr2aCL.DLL
2012-01-04 19:44:02 ----HD---- C:\GrandeDevice
2012-01-04 19:43:42 ----D---- C:\Program Files\EPSON_P2B
2012-01-04 19:42:51 ----N---- C:\WINDOWS\system32\sesr2awia.dll
2012-01-04 19:42:51 ----A---- C:\WINDOWS\system32\seqsreg.dll
2011-12-15 21:19:32 ----HD---- C:\WINDOWS\$NtUninstallKB2639417$
2011-12-15 21:19:28 ----HD---- C:\WINDOWS\$NtUninstallKB2624667$
2011-12-15 21:15:13 ----HD---- C:\WINDOWS\$NtUninstallKB2633952$
2011-12-15 21:15:11 ----HD---- C:\WINDOWS\$NtUninstallKB2619339$
2011-12-15 21:15:07 ----HD---- C:\WINDOWS\$NtUninstallKB2618451$
2011-12-15 21:14:58 ----HD---- C:\WINDOWS\$NtUninstallKB2620712$
2011-12-15 21:14:50 ----HD---- C:\WINDOWS\$NtUninstallKB2633171$

======List of files/folders modified in the last 1 month======

2012-01-12 01:11:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-01-12 01:11:06 ----A---- C:\WINDOWS\imsins.BAK
2012-01-12 01:07:30 ----A---- C:\WINDOWS\system32\MRT.exe
2012-01-12 01:06:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-05-16 26944]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-05-16 42912]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-05-16 94416]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680]
R3 appliandMP;appliandMP; C:\WINDOWS\system32\DRIVERS\appliand.sys [2011-06-26 28256]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-05-16 23152]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-01-26 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 appliand;Applian Network Service; C:\WINDOWS\system32\DRIVERS\appliand.sys [2011-06-26 28256]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\jana\LOCALS~1\Temp\catchme.sys []
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20060807.097\symidsco.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
R2 Acer Media Server;Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [2005-09-21 438272]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-05-16 17272]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-05-16 144760]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2010-07-29 238952]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-01 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 SENADB;SEcnStatutsDatabase; C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe [2011-05-12 85976]
R2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]
R2 svcWMU;WakeMeUp! Service; C:\Program Files\WakeMeUp\WMUSvc.exe [2007-01-11 370688]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-05-16 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-05-16 349560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 gupdate1c9b52ecaa98480;Služba Google Update (gupdate1c9b52ecaa98480); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-04 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-30 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-04 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-07-14 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Poprosím o log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[f24]

Resetl se mi PC po scanu, ale nikde nevidím log. Avast jsem vypnula. Zkusím to ještě jednou...

[Rudy]

Zkuste to v nouz. režimu.

[f24]

Do nouzového režimu se nemůžu dostat. Zkoušela jsem dokonce všechny tři druhy nouzových režimů, co tam jsou na výběr, po potvrzení windowsu se zobrazí černá obrazovka. Nevím, jestli už jsem někdy tento problém neřešila...

[Rudy]

To bude nějaká chyba systému. Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

[f24]

Začínám se obávat, že to je nekonečné... Když instaluji ten program, tak mi to hned vypíše error, a že mám restartovat PC a rozjet ten program znova. Ale po restartu mi to píše to samé. Zkusím ale, jestli se něco nezměnilo po tom pročištění.

[Rudy]

Zkuste CureIt: http://www.freedrweb.com/cureit/ .

[f24]

To se mi zase nechce nainstalovat, po otevření je tam na výběr OK nebo cancel a obojí neudělá nic.
Mám pocit, že jsem něco smazala v tom CCleaner, co je teď potřeba. Ten Combofix mi píše Error writing temporary file.

[Rudy]

Tak ještě MBAM: http://www.malwarebytes.org/mbam.php . Udělejte kompletní sken a dejte log. Předem nic nemažte.

[f24]

Myslím, že je problém v uživatelských právech, píše mi to příštup byl odepřen, i když správcem počítače jsem já.

[Rudy]

Restartujte do nouz. režimu, kde byste měl mít možnost se nalogovat do účtu Adminstrator a zkuste to tam.

[f24]

Dneska večer se mi povedlo 2x se tam dostat. Poprvé jsem spustila ten program AVPTool, ten mi našel dva trojské koně, a vyskočilo tam okno, jestli to chci dezinfikovat, ale že by se to resetovalo, tak jsem radši nechala ten scan doběhnout celý... Pak už to vyléčit nešlo, ani dát do karantény... Tak jsem spustila Curelt, a ten mi našel jen 1 trojský kůň a smazal ho... Pak nouzový režim zase stávkoval... až teď se rozjel a mohla jsem udělat scan ComboFixem. Tak tady log:


ComboFix 12-01-13.03 - Administrator 13.01.2012 21:48:24.14.1 - FAT32x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.54.1029.18.1022.802 [GMT 1:00]
Running from: c:\documents and settings\jana\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 080531-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jana\lame_enc.dll
c:\documents and settings\jana\lametritonus.dll
c:\program files\Mozilla Firefox\chrome\p4ffxtbr.jar
c:\program files\Mozilla Firefox\chrome\p4ffxtbr.manifest
c:\program files\Mozilla Firefox\Plugins\NPPandBr.dll
c:\program files\Shared
c:\program files\Shared\lib.sig
c:\windows\alcrmv.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\CF12816.exe
c:\windows\system32\CF13472.exe
c:\windows\system32\delete.bat
c:\windows\system32\paypal.url
c:\windows\system32\TZLog.log
c:\windows\system32\winx.url
c:\windows\UA000059.DLL
c:\windows\UA000079.DLL
c:\windows\WindowsUpdate.log
.
-- Previous Run --
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe
.
-- Previous Run --
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe
.
--------
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2011-12-13 to 2012-01-13 )))))))))))))))))))))))))))))))
.
.
2012-01-13 20:22 . 2012-01-13 20:22 -------- d-----w- c:\windows\LastGood
2012-01-13 19:26 . 2012-01-13 19:26 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2012-01-13 19:02 . 2012-01-13 19:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Opera
2012-01-12 17:12 . 2012-01-12 17:12 -------- d-----w- C:\rsit
2012-01-11 11:40 . 2012-01-11 11:40 -------- d-----w- c:\program files\PdfMerge
2012-01-05 11:35 . 2011-03-28 11:01 22528 ----a-w- c:\windows\system32\sesr2aimgfilter.dll
2012-01-05 11:35 . 2011-03-28 10:30 109056 ----a-w- c:\windows\system32\sesr2aimghelper.dll
2012-01-04 18:44 . 2011-04-22 08:58 244224 ----a-w- c:\windows\system32\sehr2aFM.DLL
2012-01-04 18:44 . 2011-04-22 08:50 682496 ----a-w- c:\windows\system32\sehr2aCL.DLL
2012-01-04 18:44 . 2012-01-04 18:44 -------- d-----w- C:\GrandeDevice
2012-01-04 18:43 . 2012-01-04 18:43 -------- d-----w- c:\program files\EPSON_P2B
2012-01-04 18:42 . 2011-03-28 10:32 58368 ------w- c:\windows\system32\sesr2awia.dll
2012-01-04 18:42 . 2011-03-28 07:30 1694720 ----a-w- c:\windows\system32\seqsreg.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 22:15 . 2011-12-05 00:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-02 18:03 . 2011-02-23 19:24 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-11-25 21:57 . 2005-03-02 18:18 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2005-03-02 18:08 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-18 19:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-10 04:54 . 2010-11-01 11:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 02:27 . 2007-03-11 01:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-04 19:13 . 2005-07-03 02:17 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-08-18 19:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2004-08-18 19:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:24 . 2004-08-18 19:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:29 . 2004-08-18 19:00 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2004-08-18 19:00 1294848 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2005-04-28 19:32 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2004-08-18 19:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2005-03-02 18:09 2194944 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2005-03-02 18:08 2071552 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-23 22:14 . 2006-08-09 20:01 60416 ----a-w- c:\windows\ALCFDRTM.VER
2011-10-18 11:13 . 2004-08-18 19:00 186880 ----a-w- c:\windows\system32\encdec.dll
2009-08-20 00:42 . 2009-08-20 00:38 466944 ----a-w- c:\program files\U95.exe
2007-11-18 12:03 . 2007-11-18 12:03 2293848 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2007-11-18 12:02 . 2007-11-18 12:02 3928264 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-11-18 12:00 . 2007-11-18 11:59 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-06 17:11 1145736 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\BS_Player\prxtbBS_2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_2.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusAutoRunMX14"="c:\program files\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exeEPSON AL-MX14" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-12-27 98304]
"HP OrderReminder Cleaner"="c:\windows\hporclnr.exe" [2006-12-27 104960]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-27 273528]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"LauncherMX14"="c:\program files\EPSON_P2B\Printer Software\Launcher\selaunch.exe" [2011-05-12 2438112]
"DocuPrint MX14 RUN"="c:\program files\EPSON_P2B\Printer Software\Status Monitor\seksmRun.exe" [2011-05-12 363488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"WMUAgent.exe"="c:\program files\WakeMeUp\WMUAgent.exe" [2006-11-25 160256]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\System32\\spool\\drivers\\W32X86\\3\\HP1005MC.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\CHROME.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.4.2008 15:36 78416]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14.5.2009 17:07 759048]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.4.2008 15:36 20560]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [31.1.2011 12:57 238952]
S2 gupdate1c9b52ecaa98480;Služba Google Update (gupdate1c9b52ecaa98480);c:\program files\Google\Update\GoogleUpdate.exe [4.4.2009 16:08 133104]
S2 SENADB;SEcnStatutsDatabase;c:\program files\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe [12.5.2011 16:57 85976]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [4.11.2011 23:18 28256]
S3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [4.11.2011 23:18 28256]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [31.1.2011 12:57 36608]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4.4.2009 16:08 133104]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [31.1.2011 13:07 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [31.1.2011 13:07 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [31.1.2011 13:07 123648]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-01-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 12:40]
.
2012-01-13 c:\windows\Tasks\Norton Security Scan for jana.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-12 08:48]
.
2012-01-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 12:40]
.
2012-01-13 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-05-06 17:11]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 15:08]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 15:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://global.acer.com
mStart Page = hxxp://startsear.ch/?aff=1&cf=d38d974e-160b-11e1-98ce-001558255f33
TCP: DhcpNameServer = 88.81.64.1 88.81.92.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NPSStartup - (no file)
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-13 21:55
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-01-13 21:57:16
ComboFix-quarantined-files.txt 2012-01-13 20:57
.
Pre-Run: Volných bajtu: 83 093 913 600
Post-Run: Volných bajtu: 83 432 505 344
.
- - End Of File - - FAE7F3E1F4F58ABDF514C5338856A63B

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\ConduitEngine
c:\program files\Ask.com
c:\program files\Google\Update

Collect::
c:\windows\system32\sesr2aimgfilter.dll
c:\windows\system32\sesr2aimghelper.dll
c:\windows\system32\sehr2aFM.DLL
c:\windows\system32\sehr2aCL.DLL
c:\windows\system32\sesr2awia.dll
c:\windows\system32\seqsreg.dll
c:\program files\BS_Player\prxtbBS_2.dll
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
gupdate1c9b52ecaa98480
gupdatem

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[f24]

Super, provedeno, díky moc.

Mám znova dělat scan? Když tak vložím zítra.