Seká spomalený system překlikavá samo od sebe

[rewkon]

Prosím pomoc seká se my system celý je to spomalený system.Předem dík za pomoc log viz dole

Logfile of random's system information tool 1.06 (written by random/random)
Run by rewkon at 2010-04-14 18:01:50
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (5%) free of 153 GB
Total RAM: 2047 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:58, on 14.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Vista Components\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\BOINC\boinc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\rewkon\Plocha\RSIT.exe
C:\Program Files\trend micro\rewkon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cramit.in
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - Microsoft Windows XP 2009 Ultra Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Components\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NodTrialReset] regedit /s NodTrialReset.reg
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8F519EC-029A-4460-BEB4-F8E70B65BE3A}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8469 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-11-26 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-03 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2008-11-05 77312]
"DrvIcon"=C:\Program Files\Vista Components\Vista Drive Icon\DrvIcon.exe [2007-07-04 45056]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-02-03 149280]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"NodTrialReset"=regedit /s NodTrialReset.reg []
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"boincmgr"=C:\Program Files\BOINC\boincmgr.exe [2009-11-06 4793088]
"boinctray"=C:\Program Files\BOINC\boinctray.exe [2009-11-06 58112]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-03 98304]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-10-19 66560]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-07-06 87336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-03 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-24 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-09-23 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"

======List of files/folders created in the last 1 months======

2010-04-14 18:01:51 ----D---- C:\Program Files\trend micro
2010-04-14 18:01:50 ----D---- C:\rsit
2010-04-02 13:01:59 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2010-04-02 13:01:58 ----D---- C:\Program Files\Microsoft WSE
2010-03-30 17:01:51 ----D---- C:\WINDOWS\system32\NtmsData
2010-03-30 17:00:46 ----D---- C:\Documents and Settings\rewkon\Data aplikací\Avira
2010-03-30 16:57:47 ----D---- C:\Program Files\Avira
2010-03-30 16:57:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2010-03-21 12:17:56 ----RHD---- C:\Documents and Settings\rewkon\Data aplikací\SecuROM
2010-03-21 12:17:55 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2010-03-21 12:17:40 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2010-03-21 12:17:40 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2010-03-21 12:17:39 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2010-03-21 12:17:39 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2010-03-21 12:17:37 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2010-03-21 12:17:34 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2010-03-21 12:17:32 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2010-03-21 12:17:32 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2010-03-21 12:17:24 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2010-03-21 12:17:24 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2010-03-21 12:17:23 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2010-03-21 12:14:47 ----D---- C:\Program Files\Sierra Online
2010-03-21 12:14:22 ----D---- C:\Documents and Settings\rewkon\Data aplikací\InstallShield
2010-03-18 14:13:20 ----D---- C:\Downloads
2010-03-18 14:12:22 ----D---- C:\Documents and Settings\rewkon\Data aplikací\Free Download Manager
2010-03-18 14:12:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\FreeDownloadManager.ORG
2010-03-18 14:12:03 ----D---- C:\Program Files\Free Download Manager
2010-03-17 15:38:44 ----D---- C:\Program Files\Disney Interactive
2010-03-17 15:38:37 ----A---- C:\WINDOWS\disney.ini

======List of files/folders modified in the last 1 months======

2010-04-14 18:01:58 ----SD---- C:\WINDOWS\Tasks
2010-04-14 18:01:55 ----D---- C:\WINDOWS\Temp
2010-04-14 18:01:51 ----D---- C:\Program Files
2010-04-14 17:59:50 ----D---- C:\WINDOWS\system32\inetsrv
2010-04-14 17:58:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\BOINC
2010-04-14 17:58:25 ----D---- C:\WINDOWS\Registration
2010-04-14 17:58:18 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-14 17:57:49 ----D---- C:\WINDOWS
2010-04-14 17:54:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-14 17:54:16 ----D---- C:\Documents and Settings\rewkon\Data aplikací\ICQ
2010-04-14 17:09:27 ----D---- C:\WINDOWS\Prefetch
2010-04-14 07:12:42 ----HD---- C:\WINDOWS\inf
2010-04-14 07:12:02 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-13 21:10:37 ----D---- C:\Documents and Settings\rewkon\Data aplikací\uTorrent
2010-04-13 12:20:22 ----D---- C:\WINDOWS\system32\Restore
2010-04-13 11:11:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-10 15:12:17 ----D---- C:\WINDOWS\Minidump
2010-04-02 13:01:59 ----SHD---- C:\WINDOWS\Installer
2010-04-02 13:01:59 ----RSD---- C:\WINDOWS\assembly
2010-04-02 13:01:59 ----D---- C:\WINDOWS\system32
2010-04-02 13:01:59 ----D---- C:\Config.Msi
2010-04-02 12:57:19 ----D---- C:\Program Files\Electronic Arts
2010-04-02 12:57:17 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-31 22:07:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-31 22:07:03 ----D---- C:\Program Files\Internet Explorer
2010-03-31 22:06:57 ----D---- C:\WINDOWS\ie8updates
2010-03-30 20:12:47 ----D---- C:\Documents and Settings\rewkon\Data aplikací\BSplayer PRO
2010-03-30 17:01:50 ----SHD---- C:\System Volume Information
2010-03-30 17:01:50 ----D---- C:\WINDOWS\repair
2010-03-30 16:57:48 ----D---- C:\WINDOWS\system32\drivers
2010-03-29 13:24:27 ----D---- C:\WINDOWS\system32\wbem
2010-03-29 13:24:25 ----SD---- C:\Documents and Settings\rewkon\Data aplikací\Microsoft
2010-03-29 13:24:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-24 11:22:18 ----D---- C:\Program Files\Opera
2010-03-21 12:17:42 ----D---- C:\WINDOWS\system32\DirectX
2010-03-17 15:38:36 ----D---- C:\Program Files\Common Files\InstallShield

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipLogfile of HijackThis v1.99.1
Scan saved at 17:58:55, on 14.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Vista Components\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\BOINC\boinc.exe
C:\Documents and Settings\rewkon\Plocha\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cramit.in
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - Microsoft Windows XP 2009 Ultra Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Components\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NodTrialReset] regedit /s NodTrialReset.reg
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8F519EC-029A-4460-BEB4-F8E70B65BE3A}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

bb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/03 20:40:27]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2008-11-05 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2008-11-05 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2008-11-05 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2008-11-05 4992]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2008-11-05 10112]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-03 4605952]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-12-15 1368000]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 ab5nqacz;ab5nqacz; C:\WINDOWS\system32\drivers\ab5nqacz.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\rewkon\LOCALS~1\Temp\INA898.tmp []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-05-02 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-05-02 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-05-02 21568]
S3 MHNDRV;Ovladač platformy MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-09-23 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-09-23 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2008-11-05 58880]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-03 602112]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2008-10-10 238592]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-03 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 W3SVC;Publikování na webu; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[rewkon]

Je tu nějaký človíček co se my na to mrkne

[Roli]

Zdravím, musíš mít trochu trpělivost nejsi tu sám co potřebuje pomoct a nikdo z nás tu není celý den

tak že nemůžeš čekat že po 10 minutách budeš mít řešení na stole.


Pro začátek mi sem dej kompletní log z Rsit a ne tu slátaninu z několika.

[rewkon]

Tady
Logfile of random's system information tool 1.06 (written by random/random)
Run by rewkon at 2010-04-17 20:03:09
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (4%) free of 153 GB
Total RAM: 2047 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:20, on 17.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\rewkon\Plocha\RSIT.exe
C:\Program Files\trend micro\rewkon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cramit.in
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - Microsoft Windows XP 2009 Ultra Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Components\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NodTrialReset] regedit /s NodTrialReset.reg
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8F519EC-029A-4460-BEB4-F8E70B65BE3A}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8334 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-11-26 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-03 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2008-11-05 77312]
"DrvIcon"=C:\Program Files\Vista Components\Vista Drive Icon\DrvIcon.exe [2007-07-04 45056]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-02-03 149280]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"NodTrialReset"=regedit /s NodTrialReset.reg []
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"boincmgr"=C:\Program Files\BOINC\boincmgr.exe [2009-11-06 4793088]
"boinctray"=C:\Program Files\BOINC\boinctray.exe [2009-11-06 58112]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-03 98304]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-10-19 66560]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-07-06 87336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-03 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-24 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"

======List of files/folders created in the last 1 months======

2010-04-14 19:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 19:28:15 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 19:21:52 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 19:21:17 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 19:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 19:17:51 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-14 18:01:51 ----D---- C:\Program Files\trend micro
2010-04-14 18:01:50 ----D---- C:\rsit
2010-04-02 13:01:59 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2010-04-02 13:01:58 ----D---- C:\Program Files\Microsoft WSE
2010-03-30 17:01:51 ----D---- C:\WINDOWS\system32\NtmsData
2010-03-30 17:00:46 ----D---- C:\Documents and Settings\rewkon\Data aplikací\Avira
2010-03-30 16:57:47 ----D---- C:\Program Files\Avira
2010-03-30 16:57:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2010-03-21 12:17:56 ----RHD---- C:\Documents and Settings\rewkon\Data aplikací\SecuROM
2010-03-21 12:17:55 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2010-03-21 12:17:40 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2010-03-21 12:17:40 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2010-03-21 12:17:39 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2010-03-21 12:17:39 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2010-03-21 12:17:37 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2010-03-21 12:17:34 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2010-03-21 12:17:32 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2010-03-21 12:17:32 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2010-03-21 12:17:24 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2010-03-21 12:17:24 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2010-03-21 12:17:23 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2010-03-21 12:14:47 ----D---- C:\Program Files\Sierra Online
2010-03-21 12:14:22 ----D---- C:\Documents and Settings\rewkon\Data aplikací\InstallShield
2010-03-18 14:13:20 ----D---- C:\Downloads
2010-03-18 14:12:22 ----D---- C:\Documents and Settings\rewkon\Data aplikací\Free Download Manager
2010-03-18 14:12:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\FreeDownloadManager.ORG
2010-03-18 14:12:03 ----D---- C:\Program Files\Free Download Manager

======List of files/folders modified in the last 1 months======

2010-04-17 20:03:14 ----D---- C:\WINDOWS\Temp
2010-04-17 19:10:20 ----D---- C:\Documents and Settings\rewkon\Data aplikací\ICQ
2010-04-17 19:10:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\BOINC
2010-04-17 15:31:31 ----SD---- C:\WINDOWS\Tasks
2010-04-17 15:28:52 ----D---- C:\WINDOWS\system32\inetsrv
2010-04-17 15:27:36 ----D---- C:\WINDOWS\Registration
2010-04-17 15:27:22 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-17 15:26:51 ----D---- C:\WINDOWS
2010-04-16 21:27:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-15 18:46:49 ----D---- C:\WINDOWS\system32
2010-04-14 19:28:43 ----HD---- C:\WINDOWS\inf
2010-04-14 19:28:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-14 19:28:25 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 19:28:20 ----A---- C:\WINDOWS\imsins.BAK
2010-04-14 19:28:17 ----D---- C:\WINDOWS\system32\drivers
2010-04-14 19:20:10 ----D---- C:\WINDOWS\ie8updates
2010-04-14 18:01:51 ----D---- C:\Program Files
2010-04-14 17:09:27 ----D---- C:\WINDOWS\Prefetch
2010-04-13 21:10:37 ----D---- C:\Documents and Settings\rewkon\Data aplikací\uTorrent
2010-04-13 12:20:22 ----D---- C:\WINDOWS\system32\Restore
2010-04-13 11:11:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-10 15:12:17 ----D---- C:\WINDOWS\Minidump
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-02 13:01:59 ----SHD---- C:\WINDOWS\Installer
2010-04-02 13:01:59 ----RSD---- C:\WINDOWS\assembly
2010-04-02 13:01:59 ----D---- C:\Config.Msi
2010-04-02 12:57:19 ----D---- C:\Program Files\Electronic Arts
2010-04-02 12:57:17 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-31 22:07:03 ----D---- C:\Program Files\Internet Explorer
2010-03-30 20:12:47 ----D---- C:\Documents and Settings\rewkon\Data aplikací\BSplayer PRO
2010-03-30 17:01:50 ----SHD---- C:\System Volume Information
2010-03-30 17:01:50 ----D---- C:\WINDOWS\repair
2010-03-29 13:24:27 ----D---- C:\WINDOWS\system32\wbem
2010-03-29 13:24:25 ----SD---- C:\Documents and Settings\rewkon\Data aplikací\Microsoft
2010-03-29 13:24:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-24 11:22:18 ----D---- C:\Program Files\Opera
2010-03-21 12:17:42 ----D---- C:\WINDOWS\system32\DirectX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/03 20:40:27]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2008-11-05 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2008-11-05 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2008-11-05 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2008-11-05 4992]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2008-11-05 10112]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-03 4605952]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-12-15 1368000]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 atmgn2mt;atmgn2mt; C:\WINDOWS\system32\drivers\atmgn2mt.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\rewkon\LOCALS~1\Temp\INA898.tmp []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-05-02 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-05-02 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-05-02 21568]
S3 MHNDRV;Ovladač platformy MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-09-23 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-09-23 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2008-11-05 58880]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-03 602112]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2008-10-10 238592]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-03 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 W3SVC;Publikování na webu; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Roli]

To už je lepší.

Tohle fixni v HJT :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cramit.in
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NodTrialReset] regedit /s NodTrialReset.reg
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

HJT najdeš zde :

C:\Program Files\trend micro\rewkon.exe

Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

Čištění registru je třeba několikrát zopakovat !


Nakonec použij Mbam z mého podpisu.

[rewkon]

Protokl z MWB

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 4004

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18.4.2010 17:17:04
mbam-log-2010-04-18 (17-17-04).txt

Typ skenu: Rychlý sken
Skenované objekty: 102193
Uplynulý čas: 6 minuta(y), 20 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> No action taken.

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[Roli]

Co Mbam našel nech smazat.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci pod účtem s administrátorským oprávněním a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

[rewkon]

ComboFix 10-04-17.07 - rewkon 18.04.2010 19:30:04.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1543 [GMT 2:00]
Spuštěný z: c:\documents and settings\rewkon\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Cache

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-18 do 2010-04-18 )))))))))))))))))))))))))))))))
.

2010-04-18 15:09 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 15:09 . 2010-04-18 15:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 15:09 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 16:01 . 2010-04-18 15:05 -------- d-----w- c:\program files\trend micro
2010-04-14 16:01 . 2010-04-14 16:02 -------- d-----w- C:\rsit
2010-04-02 11:01 . 2008-09-05 00:22 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2010-04-02 11:01 . 2010-04-02 11:01 -------- d-----w- c:\program files\Microsoft WSE
2010-03-30 15:01 . 2010-03-30 15:02 -------- d-----w- c:\windows\system32\NtmsData
2010-03-30 14:57 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-30 14:57 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-30 14:57 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-30 14:57 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-30 14:57 . 2010-03-30 14:57 -------- d-----w- c:\program files\Avira
2010-03-21 10:17 . 2010-03-21 10:17 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-21 10:17 . 2007-06-20 19:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2010-03-21 10:17 . 2007-06-20 19:45 18280 ----a-w- c:\windows\system32\x3daudio1_2.dll
2010-03-21 10:17 . 2007-05-16 15:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2010-03-21 10:17 . 2007-05-16 15:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2010-03-21 10:17 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-03-21 10:17 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-03-21 10:17 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-03-21 10:17 . 2007-03-12 15:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-03-21 10:17 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-03-21 10:17 . 2007-01-24 14:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-03-21 10:17 . 2006-12-08 11:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2010-03-21 10:14 . 2010-03-21 10:14 -------- d-----w- c:\program files\Sierra Online

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-02 10:57 . 2010-03-07 11:58 -------- d-----w- c:\program files\Electronic Arts
2010-04-02 10:57 . 2010-02-03 14:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-29 11:24 . 2001-10-25 15:00 93338 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 11:24 . 2001-10-25 15:00 476324 ----a-w- c:\windows\system32\perfh005.dat
2010-03-24 09:22 . 2010-02-14 17:18 -------- d-----w- c:\program files\Opera
2010-03-18 12:12 . 2010-03-18 12:12 -------- d-----w- c:\program files\Free Download Manager
2010-03-17 13:38 . 2010-03-17 13:38 -------- d-----w- c:\program files\Disney Interactive
2010-03-17 13:38 . 2010-02-04 11:59 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-12 19:07 . 2010-03-12 19:07 -------- d-----w- c:\program files\Webteh
2010-03-12 06:08 . 2010-02-03 13:35 -------- d-----w- c:\program files\uTorrent
2010-03-10 06:17 . 2008-09-23 06:18 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 10:55 . 2010-03-03 18:38 -------- d-----w- c:\program files\Garena
2010-03-07 21:33 . 2010-03-07 21:28 -------- d-----w- c:\program files\TrackMania Sunrise
2010-03-07 11:52 . 2010-03-07 11:52 -------- d-----w- c:\program files\EA SPORTS
2010-03-06 21:05 . 2010-03-06 21:05 -------- d-----w- c:\program files\Empire Interactive
2010-03-06 19:01 . 2010-03-03 16:55 -------- d-----w- c:\program files\Warcraft III
2010-03-06 08:04 . 2010-02-14 18:28 -------- d-----w- c:\program files\Gabest
2010-03-06 08:03 . 2010-02-14 17:12 -------- d-----w- c:\program files\OJOsoft
2010-03-06 08:03 . 2010-02-07 19:53 -------- d-----w- c:\program files\Avi2Dvd
2010-03-06 07:56 . 2010-03-06 07:56 -------- d-----w- c:\program files\CCleaner
2010-03-04 18:49 . 2010-03-03 16:58 105284 ----a-w- c:\windows\War3Unin.dat
2010-03-04 12:36 . 2010-02-07 20:42 -------- d-----w- c:\program files\Wizards of the Coast
2010-03-03 19:41 . 2010-03-03 19:36 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-03-03 19:41 . 2010-02-03 13:34 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-03 19:41 . 2010-02-03 13:34 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-03 19:40 . 2010-03-03 19:38 -------- d-----w- c:\program files\CyberLink
2010-03-03 19:39 . 2010-03-03 19:39 -------- d-----w- c:\program files\Common Files\CyberLink
2010-03-03 17:15 . 2010-03-03 16:58 2829 ----a-w- c:\windows\War3Unin.pif
2010-03-03 17:15 . 2010-03-03 16:58 139264 ----a-w- c:\windows\War3Unin.exe
2010-02-25 06:18 . 2008-10-16 19:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 11:57 . 2008-11-20 17:07 457216 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 09:16 . 2010-02-03 16:15 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 16:48 . 2010-02-20 16:43 -------- d-----w- c:\program files\ATI Technologies
2010-02-20 16:43 . 2010-02-20 16:43 -------- d-----w- c:\program files\ATI
2010-02-17 12:09 . 2008-10-19 06:37 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2008-08-14 16:26 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 16:31 . 2010-02-16 16:25 68509 ----a-w- c:\windows\hpoins05.dat
2010-02-14 17:38 . 2010-02-14 17:38 98304 ----a-w- c:\windows\system32\qttask.exe
2010-02-12 10:03 . 2010-03-08 08:19 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:29 . 2008-04-14 07:51 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 11:36 . 2008-09-23 06:19 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 13:07 . 2010-02-03 12:54 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-04 13:07 . 2010-02-03 12:54 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-02-04 13:06 . 2010-02-03 12:55 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-02-03 18:12 . 2010-02-03 18:12 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-03 03:19 . 2010-02-20 16:44 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-02-03 03:18 . 2010-02-20 16:44 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-02-03 03:18 . 2010-02-03 15:04 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-03 03:17 . 2010-02-03 15:04 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-03 03:15 . 2010-02-03 15:04 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-02-03 03:12 . 2010-02-03 15:04 180224 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-03 03:12 . 2010-02-03 15:04 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-02-03 03:06 . 2010-02-03 15:04 638976 ----a-w- c:\windows\system32\ati2cqag.dll
.

------- Sigcheck -------

[-] 2008-10-19 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-10-19 . 3AC5A6BB0491CADA4F424978ECCD9A29 . 678400 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2008-10-19 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2008-10-19 . DD7E25E20AEBD672DAE7E1D911C2D824 . 1589760 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-11-05 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2008-10-19 . 0AB43CE7EFFAD6B4914AE3C1B489AAA1 . 66560 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2008-11-05 77312]
"DrvIcon"="c:\program files\Vista Components\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-11-06 4793088]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2009-11-06 58112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-07-06 13:22 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/03 20:40];c:\program files\CyberLink\PowerDVD9\000.fcl [28.2.2009 20:40 87536]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30.3.2010 16:57 135336]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 16:49 13592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.2.2010 20:12 691696]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\rewkon\LOCALS~1\Temp\INA898.tmp --> c:\docume~1\rewkon\LOCALS~1\Temp\INA898.tmp [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC88681F-4735-4f2f-9514-C21BAC737CF8}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'

2010-04-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]
.
.
------- Doplňkový sken -------
.
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {E8F519EC-029A-4460-BEB4-F8E70B65BE3A} = 62.129.50.20,85.135.32.100
FF - ProfilePath - c:\documents and settings\rewkon\Data aplikací\Mozilla\Firefox\Profiles\72luhhfw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL -
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-18 19:34
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\rewkon\LOCALS~1\Temp\INA898.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1644491937-1177238915-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6f,16,a2,a1,aa,25,3b,98,bc,79,9d,a9,5c,ec,58,4e,40,59,4e,3d,bf,0f,17,
1b,78,39,65,69,c7,d4,52,cc,b7,ef,f5,e7,2a,dc,e1,e9,f6,dc,c1,1f,49,77,d8,7a,\
"??"=hex:56,61,58,e0,ef,fb,9d,1a,67,67,24,63,31,55,ac,0d
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(732)
c:\windows\system32\setupapi.dll
.
Celkový čas: 2010-04-18 19:35:58
ComboFix-quarantined-files.txt 2010-04-18 17:35

Před spuštěním: 9 126 068 224
Po spuštění: 9 120 571 392

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - BAFBC238D70886A47569C07D8DAE2B76

[Roli]

Než budeme pokračovat tohle :

c:\windows\system32\winlogon.exe

c:\windows\system32\comctl32.dll

c:\windows\system32\user32.dll

c:\windows\explorer.exe

c:\windows\system32\sfcfiles.dll

c:\windows\system32\ctfmon.exe

postupně otestuj na VIRUSTOTAL

(po načtení stránky klikni na tlačítko Procházet, najdi cestu k výše zmíněnému souboru a klikni na tlačítko Odeslat soubor

trvá to okolo deseti minut pak mi sem zkopíruj link, to je ten řádek nahoře v prohlížeči)


A ještě jedna věc, pokud nutně nepotřebuješ Garenu přes Start >> Ovládací panely >> Přidat nebo odebrat jí odinstaluj.

[rewkon]

chvilku to trvalo

https://www.virustotal.com/cs/analisis/ ... 1271614369

https://www.virustotal.com/cs/analisis/ ... 1271614510

https://www.virustotal.com/cs/analisis/ ... 1271614629

https://www.virustotal.com/cs/analisis/ ... 1271614755

https://www.virustotal.com/cs/analisis/ ... 1271614870


https://www.virustotal.com/cs/analisis/ ... 1271614965

[Roli]

chvilku to trvalo

Je mi to jasné.


Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Pak dej vědět jaký je stav PC.

[rewkon]

Zatím dobrý dík za pomoc

[Roli]

Není zač.