Pomalý PC po spuštění - ten samý problém jako karm

[Babu]

Dobrý den,
po spuštění Windows je počítač strašně pomalý, pokud přejedu myší přes hlavní panel, tak se ukazatel myši změní, jako kdyby počítač pracoval, zamrzne čas.
Když spustím tento počítač, tak nejde otevřít žádný pevný disk a hned na to tento počítač zamrzne taky.
Asi po deseti minutách se vše rozjede.

Tento problém je následkem virového útoku z dnešního večera. Při práci na počítači mi Avast zahlásil několik desítek souborů infikováných virem Win32:Qandr[Rtk], většinou umístěné ve složce C:\WINDOWS\system32\drivers. Po restartu jsem zjistil výše uvedený problém.

Mam ten samy problem, akorat memu pc to trva presne 20 minut, nez se opet rozjede, ale i presto se mi zda pote velice pomaly

pridavam svuj log z RSIT

Logfile of random's system information tool 1.07 (written by random/random)
Run by Barbora at 2010-05-18 09:57:30
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 84 GB (84%) free of 100 GB
Total RAM: 1023 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:58:16, on 18.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Alwil Software\Avast5\setup\avast.setup
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Barbora\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Barbora.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search13.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: wwwzuc32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C6A28ED-5C12-45CF-A74F-BA1B86E6B078}: NameServer = 63.99.7.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1c9893c93726c84) (gupdate1c9893c93726c84) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 13142 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-22 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]
NTIECatcher Class - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2004-07-19 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F}]
Burn4Free Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - []
{70DE7956-479D-4eb7-8641-2B45774C350E} - []
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-12 49152]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-27 185896]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"VX1000"=C:\WINDOWS\vVX1000.exe [2007-04-10 709992]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-12-12 16859136]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883840]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-04-06 26102056]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Rychlé spuštění aplikace HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

C:\Documents and Settings\Barbora\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
wwwzuc32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\WIP Miranda IM 1.7\miranda32.exe"="C:\Program Files\WIP Miranda IM 1.7\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\CyberLink\PowerDirector\PDR.exe"="C:\Program Files\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Disabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2010-05-18 09:57:39 ----D---- C:\Program Files\trend micro
2010-05-18 09:57:30 ----D---- C:\rsit
2010-05-12 17:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-04-28 11:57:28 ----A---- C:\WINDOWS\system32\d3dx9.dll
2010-04-28 11:57:28 ----A---- C:\WINDOWS\system32\D3DX81ab.dll
2010-04-28 11:57:27 ----D---- C:\Program Files\Cheat Engine

======List of files/folders modified in the last 1 months======

2010-05-18 09:57:39 ----RD---- C:\Program Files
2010-05-18 09:48:44 ----D---- C:\Documents and Settings\Barbora\Data aplikací\Skype
2010-05-18 09:45:46 ----D---- C:\Documents and Settings\Barbora\Data aplikací\skypePM
2010-05-18 09:39:18 ----D---- C:\WINDOWS\Temp
2010-05-18 09:25:55 ----D---- C:\Documents and Settings\Barbora\Data aplikací\OpenOffice.org2
2010-05-18 09:25:29 ----D---- C:\WINDOWS
2010-05-18 09:25:13 ----D---- C:\Documents and Settings\Barbora\Data aplikací\ICQ
2010-05-18 09:24:42 ----SD---- C:\WINDOWS\Tasks
2010-05-17 22:32:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-17 22:31:54 ----SHD---- C:\WINDOWS\Installer
2010-05-17 21:26:08 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-17 18:27:40 ----D---- C:\WINDOWS\system32\drivers
2010-05-17 18:27:40 ----D---- C:\WINDOWS\system32
2010-05-17 18:27:29 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-17 17:43:56 ----D---- C:\WINDOWS\Prefetch
2010-05-17 17:12:27 ----HD---- C:\WINDOWS\inf
2010-05-17 17:10:38 ----A---- C:\WINDOWS\WINCMD.INI
2010-05-17 16:25:18 ----A---- C:\WINDOWS\WDICT32.INI
2010-05-17 15:05:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2010-05-17 15:00:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-16 11:25:46 ----D---- C:\Program Files\Capture-A-ScreenShot
2010-05-12 17:01:15 ----D---- C:\Program Files\Outlook Express
2010-05-12 10:12:24 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-06 22:59:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-04-30 20:51:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-24 18:21:55 ----D---- C:\Program Files\natalka
2010-04-24 18:21:25 ----D---- C:\Program Files\QIP
2010-04-20 10:27:49 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-08-29 853258]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-02 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-12-12 4635648]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-03-06 58752]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-03-06 19968]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-02 17024]
R3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
S3 alj4psyg;alj4psyg; C:\WINDOWS\system32\drivers\alj4psyg.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2005-08-29 266295]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-15 153376]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 NVSvc;WinFast(R) Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-04-07 241734]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S2 gupdate1c9893c93726c84;Google Update Service (gupdate1c9893c93726c84); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 183280]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-24 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-22 208896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\wmpnetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[cernohous13]

Zdravím,

Stáhni si ComboFix
a ulož ho na plochu.
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

[Babu]

log z combofix

ComboFix 10-05-16.02 - Barbora 18.05.2010 10:21:18.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.699 [GMT 2:00]
Spuštěný z: c:\documents and settings\Barbora\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Barbora\Local Settings\Temporary Internet Files\SLOVA.WAV
c:\documents and settings\Barbora\Local Settings\Temporary Internet Files\WDICT32.INI
c:\documents and settings\Barbora\Local Settings\Temporary Internet Files\WTRAN32.INI
c:\documents and settings\Barbora\Recent\Thumbs.db
c:\program files\Cheat Engine\dbk32.sys
C:\Thumbs.db
c:\windows\system32\drivers\2512106422.sys
c:\windows\system32\Thumbs.db
c:\windows\system32\vbpng1.dll
c:\windows\system32\wsodsini.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-18 do 2010-05-18 )))))))))))))))))))))))))))))))
.

2010-05-18 07:57 . 2010-05-18 07:58 -------- d-----w- c:\program files\trend micro
2010-05-18 07:57 . 2010-05-18 07:58 -------- d-----w- C:\rsit
2010-05-17 12:59 . 2004-08-03 20:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-17 12:59 . 2004-08-03 20:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-17 12:59 . 2004-08-03 21:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-17 12:59 . 2004-08-03 21:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-17 12:59 . 2004-08-03 21:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-04-28 09:57 . 2009-11-03 12:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2010-04-28 09:57 . 2009-11-03 12:07 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2010-04-28 09:57 . 2010-05-18 08:25 -------- d-----w- c:\program files\Cheat Engine

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 08:25 . 2010-04-28 09:57 -------- d-----w- c:\program files\Cheat Engine
2010-05-16 09:25 . 2008-07-23 17:21 -------- d-----w- c:\program files\Capture-A-ScreenShot
2010-05-06 20:59 . 2007-01-13 10:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2007-01-13 10:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-04-06 07:58 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2007-01-13 10:57 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2007-01-13 10:57 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2007-01-13 10:57 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-04-06 07:58 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2007-01-13 10:57 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-24 16:21 . 2009-05-09 13:42 -------- d-----w- c:\program files\natalka
2010-04-24 16:21 . 2008-03-05 21:21 -------- d-----w- c:\program files\QIP
2010-04-20 17:13 . 2010-04-11 09:29 3532 ----a-w- C:\drmHeader.bin
2010-04-20 08:27 . 2009-02-07 15:33 -------- d-----w- c:\program files\Google
2010-04-15 12:11 . 2007-02-04 17:59 -------- d-----w- c:\program files\Common Files\Java
2010-04-15 12:11 . 2010-04-15 12:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-15 12:11 . 2007-02-04 18:01 -------- d-----w- c:\program files\Java
2010-04-14 16:47 . 2007-01-13 10:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-08 06:56 . 2007-01-13 10:57 -------- d-----w- c:\program files\Alwil Software
2010-03-30 13:22 . 2006-03-02 12:00 82900 ----a-w- c:\windows\system32\perfc005.dat
2010-03-30 13:22 . 2006-03-02 12:00 438164 ----a-w- c:\windows\system32\perfh005.dat
2010-03-27 07:48 . 2010-03-27 07:48 -------- d-----w- c:\program files\Common Files\Skype
2010-03-10 08:07 . 2006-03-02 12:00 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 06:12 . 2006-03-02 12:00 663040 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 12:31 . 2006-03-02 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 13:31 . 2007-05-14 08:56 91568 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-27 185896]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-12 16859136]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\Barbora\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-5-30 393216]
wwwzuc32.exe [2006-3-2 29184]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-9 610365]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\WIP Miranda IM 1.7\\miranda32.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20173:TCP"= 20173:TCP:BitComet 20173 TCP
"20173:UDP"= 20173:UDP:BitComet 20173 UDP

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6.4.2008 9:58 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.4.2008 9:58 19024]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [17.9.2008 16:23 222456]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.4.2007 9:59 721904]
S2 gupdate1c9893c93726c84;Google Update Service (gupdate1c9893c93726c84);c:\program files\Google\Update\GoogleUpdate.exe [7.2.2009 17:56 133104]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]

2010-05-18 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-28 11:09]

2010-05-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-07 16:13]

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 15:55]

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 15:55]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search13.net/
uDefault_Search_URL = hxxp://search13.net/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
TCP: {3C6A28ED-5C12-45CF-A74F-BA1B86E6B078} = 63.99.7.252
FF - ProfilePath - c:\documents and settings\Barbora\Data aplikací\Mozilla\Firefox\Profiles\ywc06cfe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://forum.mundolatino.cz/index.php
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 10:25
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1960408961-73586283-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9820787-5DDB-F4B7-BBAB-4D17BBA920DD}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abjooblghpgghedcbkabejmpfmnaidpibi"=hex:70,61,68,6f,70,66,64,67,6a,63,69,66,
69,70,66,61,6f,66,6e,66,63,62,70,6e,6c,66,67,68,6d,61,6c,6c,00,00
"magofbbeeiodnaccnefjpgbkjm"=hex:6f,61,6a,61,61,6a,61,67,6a,6d,61,64,68,64,66,
64,66,62,63,6d,6c,6b,6b,69,6a,63,62,68,66,6d,00,6c
.
Celkový čas: 2010-05-18 10:26:57
ComboFix-quarantined-files.txt 2010-05-18 08:26
ComboFix2.txt 2008-12-04 19:05
ComboFix3.txt 2008-12-04 17:49

Před spuštěním: Volných bajtů: 88 377 196 544
Po spuštění: Volných bajtů: 88 533 573 632

- - End Of File - - E4A62693B70BDF365C1CC5CBD0E60075

[cernohous13]

Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFscript

Kód: Vybrat vše

KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"NeroFilterCheck"=-
"QuickTime Task"=-
"TkBellExe"=-
"SunJavaUpdateSched"=-

File::
C:\Documents and Settings\Barbora\Nabídka Start\Programy\Po spuštění\wwwzuc32.exe
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\AskBarDis

Driver::
gupdate1c9893c93726c84

Firefox::
FF - ProfilePath - c:\documents and settings\Barbora\Data aplikací\Mozilla\Firefox\Profiles\ywc06cfe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=

RegNull::
[HKEY_USERS\S-1-5-21-1960408961-73586283-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9820787-5DDB-F4B7-BBAB-4D17BBA920DD}*]

DDS::
uStart Page = hxxp://search13.net/
uDefault_Search_URL = hxxp://search13.net/
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE

[Babu]

log:

¨ComboFix 10-05-16.02 - Barbora 18.05.2010 11:49:04.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.612 [GMT 2:00]
Spuštěný z: c:\documents and settings\Barbora\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Barbora\Plocha\CFscript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk"
"c:\documents and settings\Barbora\Nabídka Start\Programy\Po spuštění\wwwzuc32.exe"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\Google Software Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
c:\documents and settings\Barbora\Nabídka Start\Programy\Po spuštění\wwwzuc32.exe
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\02746504
c:\program files\AskBarDis\bar\Cache\02746766
c:\program files\AskBarDis\bar\Cache\0274689E.bin
c:\program files\AskBarDis\bar\Cache\02746B2E.bin
c:\program files\AskBarDis\bar\Cache\02746CA5.bin
c:\program files\AskBarDis\bar\Cache\02746E0D.bin
c:\program files\AskBarDis\bar\Cache\02746F45.bin
c:\program files\AskBarDis\bar\Cache\027470DC.bin
c:\program files\AskBarDis\bar\Cache\027472DF.bin
c:\program files\AskBarDis\bar\Cache\02747418.bin
c:\program files\AskBarDis\bar\Cache\02747541.bin
c:\program files\AskBarDis\bar\Cache\02747689.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\AskLogo.ico
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\bar\Settings\prevCfg2.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GUPDATE1C9893C93726C84
-------\Service_gupdate1c9893c93726c84


((((((((((((((((((((((((( Soubory vytvořené od 2010-04-18 do 2010-05-18 )))))))))))))))))))))))))))))))
.

2010-05-18 07:57 . 2010-05-18 07:58 -------- d-----w- c:\program files\trend micro
2010-05-18 07:57 . 2010-05-18 07:58 -------- d-----w- C:\rsit
2010-05-17 12:59 . 2004-08-03 20:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-17 12:59 . 2004-08-03 20:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-17 12:59 . 2004-08-03 21:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-17 12:59 . 2004-08-03 21:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-17 12:59 . 2004-08-03 21:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-04-28 09:57 . 2009-11-03 12:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2010-04-28 09:57 . 2009-11-03 12:07 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2010-04-28 09:57 . 2010-05-18 08:25 -------- d-----w- c:\program files\Cheat Engine

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 08:25 . 2010-04-28 09:57 -------- d-----w- c:\program files\Cheat Engine
2010-05-16 09:25 . 2008-07-23 17:21 -------- d-----w- c:\program files\Capture-A-ScreenShot
2010-05-06 20:59 . 2007-01-13 10:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2007-01-13 10:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-04-06 07:58 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2007-01-13 10:57 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2007-01-13 10:57 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2007-01-13 10:57 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-04-06 07:58 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2007-01-13 10:57 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-24 16:21 . 2009-05-09 13:42 -------- d-----w- c:\program files\natalka
2010-04-24 16:21 . 2008-03-05 21:21 -------- d-----w- c:\program files\QIP
2010-04-20 17:13 . 2010-04-11 09:29 3532 ----a-w- C:\drmHeader.bin
2010-04-20 08:27 . 2009-02-07 15:33 -------- d-----w- c:\program files\Google
2010-04-15 12:11 . 2007-02-04 17:59 -------- d-----w- c:\program files\Common Files\Java
2010-04-15 12:11 . 2010-04-15 12:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-15 12:11 . 2007-02-04 18:01 -------- d-----w- c:\program files\Java
2010-04-14 16:47 . 2007-01-13 10:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-08 06:56 . 2007-01-13 10:57 -------- d-----w- c:\program files\Alwil Software
2010-03-30 13:22 . 2006-03-02 12:00 82900 ----a-w- c:\windows\system32\perfc005.dat
2010-03-30 13:22 . 2006-03-02 12:00 438164 ----a-w- c:\windows\system32\perfh005.dat
2010-03-27 07:48 . 2010-03-27 07:48 -------- d-----w- c:\program files\Common Files\Skype
2010-03-10 08:07 . 2006-03-02 12:00 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 06:12 . 2006-03-02 12:00 663040 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 12:31 . 2006-03-02 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 13:31 . 2007-05-14 08:56 91568 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-12 16859136]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\Barbora\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-5-30 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-9 610365]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\WIP Miranda IM 1.7\\miranda32.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20173:TCP"= 20173:TCP:BitComet 20173 TCP
"20173:UDP"= 20173:UDP:BitComet 20173 UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.4.2007 9:59 721904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6.4.2008 9:58 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.4.2008 9:58 19024]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [17.9.2008 16:23 222456]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-18 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-28 11:09]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search13.net/
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
TCP: {3C6A28ED-5C12-45CF-A74F-BA1B86E6B078} = 63.99.7.252
FF - ProfilePath - c:\documents and settings\Barbora\Data aplikací\Mozilla\Firefox\Profiles\ywc06cfe.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://forum.mundolatino.cz/index.php
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 11:56
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86BDE1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebfc3
\Driver\ACPI -> ACPI.sys @ 0xf7245cb8
\Driver\atapi -> 0x86bde1f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578086
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578086
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce8
NDIS: NVIDIA nForce Networking Controller #2 -> SendCompleteHandler -> NDIS.sys @ 0xf7109ba0
PacketIndicateHandler -> NDIS.sys @ 0xf7116b21
SendHandler -> NDIS.sys @ 0xf70f487b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.EXE'(204)
c:\program files\Windows Media Player\wmpband.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-05-18 12:00:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-18 10:00
ComboFix2.txt 2010-05-18 08:26
ComboFix3.txt 2008-12-04 19:05
ComboFix4.txt 2008-12-04 17:49

Před spuštěním: Volných bajtů: 87 534 977 024
Po spuštění: Volných bajtů: 87 739 817 984

- - End Of File - - 95F67B2D5BA0D87189786F4144F3369C

[cernohous13]

Najdi a spusť program C:\Program Files\trend micro\Barbora.exe

Klik na "Do a system scan only"
Klikni fajfku do čtverečku před řádky: (pokud tam už nějaký řádek není, přeskoč)

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - (no file)

"Fix Checked" -> OK

udělej nový RSIT

kdo je tvůj poskytovatel připojení? (Verizon Business - Ashburn VA)

jaké jsou současné problémy?

[Babu]

- problem stale pretrvava, akorat uz to neni 20 minut, ale jen 10 ... ( zkousela jsem pocitac vypnout a zapnout, po zapnuti opet to same (zustal jako kdyby zmrznuty, nic se s nim nedalo delat (vsechno se da spustit, ale jen z plochy, spodni lista naprosto nefuncni, zmrznuty i cas, a kdyz uz jsem neco z plochy spustila tak to stejne neodpovidalo), a po tech deseti minutach se prehral uvitaci zvuk windows a vsechno zase naskocilo a pc jede )

- net mam od upc



log:

Logfile of random's system information tool 1.07 (written by random/random)
Run by Barbora at 2010-05-18 14:57:02
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 80 GB (80%) free of 100 GB
Total RAM: 1023 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:57:05, on 18.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Barbora\Plocha\RSIT.exe
C:\Program Files\trend micro\Barbora.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C6A28ED-5C12-45CF-A74F-BA1B86E6B078}: NameServer = 63.99.7.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 10294 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-22 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]
NTIECatcher Class - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2004-07-19 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"VX1000"=C:\WINDOWS\vVX1000.exe [2007-04-10 709992]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-12-12 16859136]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883840]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Rychlé spuštění aplikace HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

C:\Documents and Settings\Barbora\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\WIP Miranda IM 1.7\miranda32.exe"="C:\Program Files\WIP Miranda IM 1.7\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\CyberLink\PowerDirector\PDR.exe"="C:\Program Files\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Disabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2010-05-18 12:07:10 ----SHD---- C:\RECYCLER
2010-05-18 12:02:06 ----D---- C:\Program Files\AskBardis
2010-05-18 12:00:09 ----A---- C:\ComboFix.txt
2010-05-18 11:53:46 ----D---- C:\WINDOWS\temp
2010-05-18 11:48:09 ----D---- C:\ComboFix
2010-05-18 10:18:55 ----A---- C:\WINDOWS\PEV.exe
2010-05-18 10:18:55 ----A---- C:\WINDOWS\MBR.exe
2010-05-18 09:57:39 ----D---- C:\Program Files\trend micro
2010-05-18 09:57:30 ----D---- C:\rsit
2010-05-12 17:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-04-28 11:57:28 ----A---- C:\WINDOWS\system32\d3dx9.dll
2010-04-28 11:57:28 ----A---- C:\WINDOWS\system32\D3DX81ab.dll
2010-04-28 11:57:27 ----D---- C:\Program Files\Cheat Engine

======List of files/folders modified in the last 1 months======

2010-05-18 14:48:32 ----D---- C:\Documents and Settings\Barbora\Data aplikací\OpenOffice.org2
2010-05-18 14:48:13 ----D---- C:\WINDOWS
2010-05-18 14:48:07 ----SD---- C:\WINDOWS\Tasks
2010-05-18 14:46:18 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-18 14:46:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-18 14:45:35 ----D---- C:\Documents and Settings\Barbora\Data aplikací\ICQ
2010-05-18 13:33:00 ----D---- C:\Program Files\Capture-A-ScreenShot
2010-05-18 12:42:58 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-18 12:02:06 ----RD---- C:\Program Files
2010-05-18 12:00:11 ----D---- C:\WINDOWS\system32\drivers
2010-05-18 12:00:11 ----D---- C:\Qoobox
2010-05-18 11:55:59 ----A---- C:\WINDOWS\system.ini
2010-05-18 11:54:02 ----D---- C:\WINDOWS\system32\config
2010-05-18 11:53:52 ----D---- C:\WINDOWS\ERDNT
2010-05-18 11:52:38 ----D---- C:\WINDOWS\system32
2010-05-18 11:52:38 ----D---- C:\WINDOWS\AppPatch
2010-05-18 11:52:37 ----D---- C:\Program Files\Common Files
2010-05-18 10:16:17 ----D---- C:\Documents and Settings\Barbora\Data aplikací\Skype
2010-05-18 09:45:46 ----D---- C:\Documents and Settings\Barbora\Data aplikací\skypePM
2010-05-17 22:31:54 ----SHD---- C:\WINDOWS\Installer
2010-05-17 17:43:56 ----D---- C:\WINDOWS\Prefetch
2010-05-17 17:12:27 ----HD---- C:\WINDOWS\inf
2010-05-17 17:10:38 ----A---- C:\WINDOWS\WINCMD.INI
2010-05-17 16:25:18 ----A---- C:\WINDOWS\WDICT32.INI
2010-05-17 15:05:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2010-05-17 15:00:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-12 17:01:15 ----D---- C:\Program Files\Outlook Express
2010-05-12 10:12:24 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-06 22:59:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-04-30 20:51:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-24 18:21:55 ----D---- C:\Program Files\natalka
2010-04-24 18:21:25 ----D---- C:\Program Files\QIP
2010-04-20 10:27:49 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-08-29 853258]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-02 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-12-12 4635648]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-03-06 58752]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-03-06 19968]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-02 17024]
R3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
S3 agx6g3n2;agx6g3n2; C:\WINDOWS\system32\drivers\agx6g3n2.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2005-08-29 266295]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-15 153376]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 NVSvc;WinFast(R) Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-04-07 241734]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 183280]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-24 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-22 208896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\wmpnetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[cernohous13]

teď ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Skener" > Provést rychlý sken > Skenovat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení

[cernohous13]

další scan

Stáhni >>tento<< soubor na plochu.-> rozbal na plochu.
klik -> "Start" -> "Spustit..." zkopíruj příkaz
"%userprofile%\plocha\tdsskiller.exe" -l "%userprofile%\plocha\tdsskiller.txt"
log vlož sem

[Babu]

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4113

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

18.5.2010 20:26:35
mbam-log-2010-05-18 (20-26-35).txt

Typ skenu: Rychlý sken
Skenované objekty: 127246
Uplynulý čas: 5 minuta(y), 27 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 12
Infikované soubory: 128

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\Software\Cheat Engine (Backdoor.Bot) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Program Files\Cheat Engine (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\example scripts (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\DebugEventLog (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\DebugEventLog\src (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor\src (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example-c (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example-delphi (Backdoor.Bot) -> No action taken.

Infikované soubory:
C:\Program Files\Cheat Engine\Addresses.TMP (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\ADDRESSESFIRST.TMP (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\allochook.dll (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Black.bmp (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\CEHook.dll (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\ceregreset.exe (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Cheat Engine.exe (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\CheatEngine.chm (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\commonmodulelist.txt (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\dbk32.dll (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\dbk64.sys (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\dxhook.dll (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\EmptyDLL.dll (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\EmptyProcess.exe (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Kernelmoduleunloader.exe (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\LockedString.bmp (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Locktexture.bmp (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\MEMORYFIRST.TMP (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\movementtexture.bmp (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\speedhack.dll (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Systemcallretriever.exe (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\systemcallsignal.exe (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\targettexture.bmp (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\TextureString.bmp (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Tutorial.exe (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\ucc12.dll (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\undercdll.dll (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\unins000.dat (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\unins000.exe (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\UnLockedString.bmp (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\vmdisk.img (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\example scripts\changeregtest.CEC (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\example scripts\gettime.CEC (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\example scripts\sleepcall.CEC (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\example scripts\step10.CEC (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\example scripts\testscript.CEC (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\example scripts\timermess.CEC (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\algorithm (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\assert.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\cctype (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\classlib.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\cmath (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\cstdarg.txt (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\cstdio (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\cstdlib (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\cstring (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\foreach2.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\for_each.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\fstream (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\fstream.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\glib.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\header.cpp (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\io.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\iostream (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\iostream.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\list (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\list.new (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\listx (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\malloc.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\map (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\math.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\new-stdlib.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\old-string (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\regexp.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\rx++.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\self.imp (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\sstream (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\stdarg.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\stddef.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\stdio.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\stdlib.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\string (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\string.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\strstrea.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\strstream.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\test-stdarg.uc (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\time.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\turtle.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\ucri.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\uc_except.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\uc_save.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\uc_timer.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\vector (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\vector.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\winbase.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\windows.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\wininet.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\winuser.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\yawl.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\_end_shared.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\include\_shared_lib.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\cepluginsdk.h (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\cepluginsdk.pas (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\DebugEventLog\DebugEventLog.dll (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\DebugEventLog\src\DebugEventLog.cfg (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\DebugEventLog\src\DebugEventLog.dpr (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\DebugEventLog\src\DebugEventLog.res (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\DebugEventLog\src\exportimplementation.pas (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\DebugEventLog\src\frmEventLogUnit.dfm (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\DebugEventLog\src\frmEventLogUnit.pas (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\cepe.cfg (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\cepe.dof (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\cepe.dpr (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\cepe.res (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\filterform.dfm (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\filterform.pas (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\hexedit.pas (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\mainunit.dfm (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\mainunit.pas (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\packetfilter.pas (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor\src\injector.pas (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor\src\packeteditor.cfg (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor\src\packeteditor.dof (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor\src\packeteditor.dpr (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor\src\packeteditor.res (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example packet editor\src\Unit1.pas (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example-c\example-c.c (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example-c\example-c.def (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example-c\example-c.dll (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example-c\example-c.sln (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example-c\example-c.vcproj (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example-delphi\exampleplugin.cfg (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example-delphi\exampleplugin.dll (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example-delphi\exampleplugin.dof (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example-delphi\exampleplugin.dpr (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example-delphi\exampleplugin.res (Backdoor.Bot) -> No action taken.
C:\Program Files\Cheat Engine\Plugins\example-delphi\Unit1.pas (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Barbora\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.




20:29:21:187 2992 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17
20:29:21:187 2992 ================================================================================
20:29:21:187 2992 SystemInfo:

20:29:21:187 2992 OS Version: 5.1.2600 ServicePack: 2.0
20:29:21:187 2992 Product type: Workstation
20:29:21:187 2992 ComputerName: BARCA
20:29:21:187 2992 UserName: Barbora
20:29:21:187 2992 Windows directory: C:\WINDOWS
20:29:21:187 2992 Processor architecture: Intel x86
20:29:21:187 2992 Number of processors: 1
20:29:21:187 2992 Page size: 0x1000
20:29:21:203 2992 Boot type: Normal boot
20:29:21:203 2992 ================================================================================
20:29:21:203 2992 UnloadDriverW: NtUnloadDriver error 2
20:29:21:203 2992 ForceUnloadDriverW: UnloadDriverW(klmd23) error 2
20:29:21:250 2992 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
20:29:21:250 2992 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:29:21:250 2992 wfopen_ex: Trying to KLMD file open
20:29:21:250 2992 wfopen_ex: File opened ok (Flags 2)
20:29:21:250 2992 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
20:29:21:250 2992 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:29:21:250 2992 wfopen_ex: Trying to KLMD file open
20:29:21:250 2992 wfopen_ex: File opened ok (Flags 2)
20:29:21:250 2992 KLAVA engine initialized
20:29:21:406 2992 Initialize success
20:29:21:406 2992
20:29:21:406 2992 Scanning Services ...
20:29:21:640 2992 Raw services enum returned 304 services
20:29:21:640 2992
20:29:21:640 2992 Scanning Drivers ...
20:29:21:812 2992 Aavmker4 (a5246ed2586aa807af0bcf63165a71cc) C:\WINDOWS\system32\drivers\Aavmker4.sys
20:29:21:921 2992 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:29:21:968 2992 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:29:22:046 2992 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
20:29:22:250 2992 AmdK8 (99bd5596b5d06c2ead3cecc6f11999f5) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
20:29:22:390 2992 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:29:22:437 2992 aswMon2 (81432b1a4b31036c822eb967decf613c) C:\WINDOWS\system32\drivers\aswMon2.sys
20:29:22:437 2992 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\WINDOWS\system32\drivers\aswRdr.sys
20:29:22:468 2992 aswSP (d78b644816db540e103d0b0766fd9967) C:\WINDOWS\system32\drivers\aswSP.sys
20:29:22:500 2992 aswTdi (606d731008d98b6ef946730c597c1642) C:\WINDOWS\system32\drivers\aswTdi.sys
20:29:22:531 2992 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:29:22:562 2992 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:29:22:609 2992 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:29:22:656 2992 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:29:22:718 2992 BTKRNL (b15043e173926a3d3a9c53e4ac8be3ac) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
20:29:22:750 2992 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:29:22:812 2992 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
20:29:22:859 2992 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:29:22:937 2992 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
20:29:22:968 2992 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOWS\system32\drivers\dmboot.sys
20:29:23:046 2992 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOWS\system32\drivers\dmio.sys
20:29:23:140 2992 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:29:23:187 2992 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
20:29:23:218 2992 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
20:29:23:234 2992 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:29:23:265 2992 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOWS\system32\drivers\Fips.sys
20:29:23:281 2992 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:29:23:328 2992 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:29:23:359 2992 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
20:29:23:375 2992 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:29:23:390 2992 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:29:23:453 2992 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:29:23:500 2992 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:29:23:546 2992 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:29:23:609 2992 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
20:29:23:640 2992 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:29:23:687 2992 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:29:23:843 2992 IntcAzAudAddService (5731a30009baac8a38103866f6046d8a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:29:23:921 2992 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:29:23:937 2992 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:29:24:000 2992 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
20:29:24:062 2992 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:29:24:093 2992 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
20:29:24:140 2992 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:29:24:187 2992 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:29:24:218 2992 kbdhid (065b5a83aa78c0c7047bf22e0ab5c821) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:29:24:296 2992 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
20:29:24:343 2992 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
20:29:24:375 2992 lbrtfdc (cc50a66548c2f285bc8a7b0b8aa578e3) C:\WINDOWS\system32\drivers\lbrtfdc.sys
20:29:24:406 2992 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:29:24:437 2992 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:29:24:468 2992 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:29:24:500 2992 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
20:29:24:578 2992 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:29:24:625 2992 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:29:24:640 2992 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
20:29:24:656 2992 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:29:24:671 2992 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
20:29:24:703 2992 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
20:29:24:718 2992 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:29:24:734 2992 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:29:24:750 2992 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:29:24:781 2992 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
20:29:24:812 2992 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:29:24:828 2992 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:29:24:859 2992 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
20:29:24:890 2992 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
20:29:24:906 2992 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:29:25:156 2992 nv (4c3696c1ed1a36629ebb348bf745a328) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:29:25:250 2992 NVENETFD (d875346596bd48d74ac9b9be791b8d69) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
20:29:25:296 2992 nvnetbus (f02c1c5e84c37667ecd3eea5958449bc) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
20:29:25:343 2992 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
20:29:25:484 2992 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:29:25:515 2992 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOWS\system32\DRIVERS\parport.sys
20:29:25:531 2992 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
20:29:25:546 2992 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
20:29:25:562 2992 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOWS\system32\DRIVERS\pci.sys
20:29:25:625 2992 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:29:25:687 2992 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:29:25:781 2992 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:29:25:796 2992 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
20:29:25:796 2992 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:29:25:828 2992 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:29:25:953 2992 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:29:26:000 2992 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
20:29:26:015 2992 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:29:26:031 2992 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:29:26:031 2992 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:29:26:078 2992 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:29:26:078 2992 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:29:26:125 2992 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:29:26:187 2992 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:29:26:187 2992 Serial (c1ddbc85251551a840212999da3d95f3) C:\WINDOWS\system32\DRIVERS\serial.sys
20:29:26:265 2992 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
20:29:26:312 2992 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOWS\system32\DRIVERS\sr.sys
20:29:26:359 2992 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
20:29:26:390 2992 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:29:26:468 2992 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
20:29:26:531 2992 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:29:26:562 2992 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:29:26:609 2992 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
20:29:26:625 2992 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
20:29:26:671 2992 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
20:29:26:718 2992 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:29:26:734 2992 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:29:26:750 2992 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:29:26:750 2992 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:29:26:796 2992 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
20:29:26:859 2992 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOWS\system32\drivers\VolSnap.sys
20:29:26:953 2992 VX1000 (f4fab0b9d43a65f79fc838c94006f643) C:\WINDOWS\system32\DRIVERS\VX1000.sys
20:29:26:984 2992 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:29:27:031 2992 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
20:29:27:062 2992 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:29:27:062 2992
20:29:27:062 2992 Completed
20:29:27:062 2992
20:29:27:062 2992 Results:
20:29:27:062 2992 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:29:27:062 2992 File objects infected / cured / cured on reboot: 0 / 0 / 0
20:29:27:062 2992
20:29:27:062 2992 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
20:29:27:062 2992 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
20:29:27:062 2992 KLMD(ARK) unloaded successfully

[cernohous13]

MBAM spustit znovu - dát Kompletní kontrola
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované adresáře:
C:\Program Files\xxxxxx -> Quarantined and deleted successfully.
ten bych taky rád viděl

Vypnout driver sptd.sys takto:
stáhni http://jpshortstuff.247fixes.com/beta/Defogger.exe
spusť - klik "Disable" - potvrď hlášku "Continue" - dej sem log který se vytvoří - samozřejmě nech restartovat PC

stáhni MBR
http://www2.gmer.net/mbr/mbr.exe ulož ho na plochu (jen ulož ale nespouštěj)
klik na hlavním panelu tlačítko "Start" -> "Spustit..." - do příkazového řádku zkopíruj celý červený příkaz
"%userprofile%\plocha\mbr" -t -> OK
na ploše vznikne mbr.log - jeho obsah sem zkopíruj

[Babu]

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4113

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

19.5.2010 13:33:06
mbam-log-2010-05-19 (13-33-06).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 221796
Uplynulý čas: 59 minuta(y), 33 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 12
Infikované soubory: 128

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\Software\Cheat Engine (Backdoor.Bot) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Program Files\Cheat Engine (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\example scripts (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\DebugEventLog (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\DebugEventLog\src (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor\src (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example-c (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example-delphi (Backdoor.Bot) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Program Files\Cheat Engine\Addresses.TMP (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\ADDRESSESFIRST.TMP (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\allochook.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Black.bmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\CEHook.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\ceregreset.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Cheat Engine.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\CheatEngine.chm (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\commonmodulelist.txt (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\dbk32.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\dbk64.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\dxhook.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\EmptyDLL.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\EmptyProcess.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Kernelmoduleunloader.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\LockedString.bmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Locktexture.bmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\MEMORYFIRST.TMP (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\movementtexture.bmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\speedhack.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Systemcallretriever.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\systemcallsignal.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\targettexture.bmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\TextureString.bmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Tutorial.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\ucc12.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\undercdll.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\unins000.dat (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\unins000.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\UnLockedString.bmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\vmdisk.img (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\example scripts\changeregtest.CEC (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\example scripts\gettime.CEC (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\example scripts\sleepcall.CEC (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\example scripts\step10.CEC (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\example scripts\testscript.CEC (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\example scripts\timermess.CEC (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\algorithm (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\assert.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\cctype (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\classlib.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\cmath (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\cstdarg.txt (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\cstdio (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\cstdlib (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\cstring (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\foreach2.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\for_each.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\fstream (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\fstream.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\glib.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\header.cpp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\io.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\iostream (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\iostream.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\list (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\list.new (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\listx (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\malloc.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\map (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\math.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\new-stdlib.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\old-string (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\regexp.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\rx++.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\self.imp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\sstream (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\stdarg.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\stddef.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\stdio.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\stdlib.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\string (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\string.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\strstrea.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\strstream.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\test-stdarg.uc (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\time.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\turtle.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\ucri.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\uc_except.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\uc_save.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\uc_timer.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\vector (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\vector.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\winbase.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\windows.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\wininet.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\winuser.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\yawl.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\_end_shared.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\include\_shared_lib.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\cepluginsdk.h (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\cepluginsdk.pas (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\DebugEventLog\DebugEventLog.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\DebugEventLog\src\DebugEventLog.cfg (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\DebugEventLog\src\DebugEventLog.dpr (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\DebugEventLog\src\DebugEventLog.res (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\DebugEventLog\src\exportimplementation.pas (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\DebugEventLog\src\frmEventLogUnit.dfm (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\DebugEventLog\src\frmEventLogUnit.pas (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\cepe.cfg (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\cepe.dof (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\cepe.dpr (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\cepe.res (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\filterform.dfm (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\filterform.pas (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\hexedit.pas (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\mainunit.dfm (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\mainunit.pas (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor\inject\src\packetfilter.pas (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor\src\injector.pas (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor\src\packeteditor.cfg (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor\src\packeteditor.dof (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor\src\packeteditor.dpr (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor\src\packeteditor.res (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example packet editor\src\Unit1.pas (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example-c\example-c.c (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example-c\example-c.def (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example-c\example-c.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example-c\example-c.sln (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example-c\example-c.vcproj (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example-delphi\exampleplugin.cfg (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example-delphi\exampleplugin.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example-delphi\exampleplugin.dof (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example-delphi\exampleplugin.dpr (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example-delphi\exampleplugin.res (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Cheat Engine\Plugins\example-delphi\Unit1.pas (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Barbora\Data aplikací\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.





defogger_disable by jpshortstuff (25.01.10.1)
Log created at 13:39 on 19/05/2010 (Barbora)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-




Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

[Babu]

jinak jsem zjistila dalsi problem a to ten, ze kdyz pripojim k pc mp4 nebo fotak, tak se ozve takovy divny zvuk, trikrat rychle za sebou a zarizeni se nepripoji jako dalsi jednotka ... mp4 se sice nabiji, ale nemuzu se dostat do ni a ani do fotaku

[cernohous13]

Pokud používáš virtuální mechaniky (Daemon, Alcohol, atd...) v Defoggeru dej "Re-enable"

USB periférii zkusíme vyřešit po úklidu

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

pak použij

Stáhni a spusť T-cleaner http://sweb.cz/Marinus/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.
spustit "Nástroje" > "Obnova systému" - 1.řádek zachovej, ostatní "Odstranit"

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Po vyčištění by se hodila defragmentace
doporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština

[Babu]

uklizeno, zatim defragmentuju ... problem se zamrzanim, bohuzel, zustal ...

edit: zdefragmentovano

prosim, pomohl bys mi jeste vyresit ten problem s usb?