Trojan ThinkPoint

[cernohous13]

RSIT

ať můžeme uklízet

[plihal]

Nerozumím.Co mám udělat??

[plihal]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Čenda at 2010-12-10 17:52:08
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (73%) free of 30 GB
Total RAM: 631 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:52:18, on 10.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Documents and Settings\Čenda\Plocha\Stahování z internetu\RSIT.exe
C:\Program Files\trend micro\Čenda.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6770.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8620064781
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: PEVSystemStart - Unknown owner - C:\zmije.com\PEV.cfxxe

--
End of file - 4127 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2005-04-05 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2005-04-05 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JP595IR86O]
C:\DOCUME~1\ENDA~1\LOCALS~1\Temp\Lsr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-09-15 1094224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2005-04-05 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Čenda^Nabídka Start^Programy^Po spuštění^E-mail.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Čenda^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MsMpSvc"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-12-10 17:11:57 ----D---- C:\_OTM
2010-12-10 14:35:08 ----D---- C:\Documents and Settings\Čenda\Data aplikací\Malwarebytes
2010-12-10 14:35:02 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-12-10 14:35:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-12-10 14:34:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-10 14:34:58 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-12-10 13:16:36 ----A---- C:\WINDOWS\zip.exe
2010-12-10 13:16:36 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-12-10 13:16:36 ----A---- C:\WINDOWS\SWSC.exe
2010-12-10 13:16:36 ----A---- C:\WINDOWS\SWREG.exe
2010-12-10 13:16:36 ----A---- C:\WINDOWS\sed.exe
2010-12-10 13:16:36 ----A---- C:\WINDOWS\PEV.exe
2010-12-10 13:16:36 ----A---- C:\WINDOWS\NIRCMD.exe
2010-12-10 13:16:36 ----A---- C:\WINDOWS\MBR.exe
2010-12-10 13:16:36 ----A---- C:\WINDOWS\grep.exe
2010-12-10 13:16:28 ----SD---- C:\zmije.com
2010-12-10 13:16:23 ----D---- C:\Qoobox
2010-12-10 13:11:06 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-10 13:08:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-09 19:02:32 ----A---- C:\WINDOWS\wininit.ini
2010-12-09 18:05:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-12-09 16:25:14 ----A---- C:\Boot.bak
2010-12-09 16:25:07 ----RASHD---- C:\cmdcons
2010-12-09 16:23:57 ----D---- C:\WINDOWS\ERDNT
2010-12-09 15:27:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-12-09 15:27:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-12-09 13:47:14 ----D---- C:\rsit
2010-12-09 13:47:14 ----D---- C:\Program Files\trend micro
2010-12-09 11:00:08 ----D---- C:\Program Files\Windows Live Safety Center
2010-12-09 10:37:19 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-12-09 10:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-12-08 21:57:14 ----SHD---- C:\WINDOWS\CSC
2010-12-07 13:58:56 ----D---- C:\Documents and Settings\Čenda\Data aplikací\skypePM
2010-12-07 13:57:27 ----D---- C:\Program Files\Skype
2010-12-07 13:57:26 ----D---- C:\Documents and Settings\Čenda\Data aplikací\Skype
2010-12-07 13:57:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-12-06 15:17:12 ----D---- C:\Documents and Settings\Čenda\Data aplikací\dvdcss
2010-12-06 14:40:23 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-12-06 14:40:20 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-12-06 14:40:12 ----D---- C:\WINDOWS\Logs
2010-12-06 14:39:21 ----D---- C:\WINDOWS\RegisteredPackages
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\pxafs.dll
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\px.dll
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\drivers\PxHelp20.sys
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\drivers\cdralw2k.sys
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2010-12-06 14:38:33 ----D---- C:\Program Files\Winamp
2010-12-06 14:38:33 ----D---- C:\Documents and Settings\Čenda\Data aplikací\Winamp
2010-12-06 10:44:20 ----D---- C:\WINDOWS\system32\XPSViewer
2010-12-06 10:44:09 ----D---- C:\WINDOWS\system32\en-US
2010-12-06 10:43:58 ----D---- C:\Program Files\Reference Assemblies
2010-12-06 10:43:16 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-12-06 10:43:15 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-12-06 10:43:15 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-12-05 21:16:34 ----D---- C:\Program Files\Google
2010-12-05 21:02:08 ----D---- C:\Documents and Settings\Čenda\Data aplikací\Google
2010-12-05 20:19:50 ----RSD---- C:\WINDOWS\assembly
2010-12-05 20:19:04 ----D---- C:\WINDOWS\Microsoft.NET
2010-12-02 08:57:06 ----D---- C:\Documents and Settings\Čenda\Data aplikací\avidemux
2010-11-18 14:04:42 ----D---- C:\NVIDIA

======List of files/folders modified in the last 1 months======

2010-12-10 17:52:15 ----D---- C:\WINDOWS\Prefetch
2010-12-10 17:18:58 ----D---- C:\WINDOWS\Temp
2010-12-10 17:16:13 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-10 17:12:02 ----SHD---- C:\System Volume Information
2010-12-10 17:12:02 ----D---- C:\WINDOWS\system32\Restore
2010-12-10 17:12:01 ----D---- C:\Program Files
2010-12-10 17:11:59 ----SHD---- C:\WINDOWS\Installer
2010-12-10 14:46:41 ----D---- C:\Program Files\Mozilla Firefox
2010-12-10 14:35:02 ----D---- C:\WINDOWS\system32\drivers
2010-12-10 13:17:12 ----D---- C:\WINDOWS\system32
2010-12-10 13:17:12 ----D---- C:\WINDOWS
2010-12-09 18:06:22 ----D---- C:\WINDOWS\system32\CatRoot
2010-12-09 18:05:33 ----HD---- C:\WINDOWS\inf
2010-12-09 18:05:10 ----DC---- C:\WINDOWS\system32\dllcache
2010-12-09 18:02:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-09 18:02:08 ----D---- C:\WINDOWS\WinSxS
2010-12-09 17:06:16 ----RASH---- C:\boot.ini
2010-12-09 17:06:16 ----A---- C:\WINDOWS\win.ini
2010-12-09 17:06:16 ----A---- C:\WINDOWS\system.ini
2010-12-09 13:26:58 ----SD---- C:\WINDOWS\Tasks
2010-12-09 12:00:51 ----SHD---- C:\RECYCLER
2010-12-09 11:00:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-12-09 09:58:50 ----D---- C:\WINDOWS\pss
2010-12-08 21:57:24 ----D---- C:\Documents and Settings
2010-12-08 21:15:43 ----D---- C:\WINDOWS\system32\config
2010-12-08 21:15:27 ----D---- C:\WINDOWS\system32\wbem
2010-12-08 21:15:27 ----D---- C:\WINDOWS\Registration
2010-12-07 13:57:31 ----D---- C:\Program Files\Common Files
2010-12-06 15:34:41 ----A---- C:\WINDOWS\NeroDigital.ini
2010-12-06 14:46:02 ----D---- C:\WINDOWS\security
2010-12-06 14:40:28 ----D---- C:\WINDOWS\system32\DirectX
2010-12-06 14:40:02 ----D---- C:\Program Files\Windows Media Player
2010-12-06 14:39:59 ----D---- C:\WINDOWS\Debug
2010-12-06 13:08:15 ----D---- C:\Documents and Settings\Čenda\Data aplikací\Uniblue
2010-12-06 10:44:12 ----D---- C:\Program Files\MSBuild
2010-12-06 10:44:07 ----RSD---- C:\WINDOWS\Fonts
2010-12-06 10:43:34 ----D---- C:\WINDOWS\system32\spool
2010-12-06 10:41:04 ----D---- C:\WINDOWS\system32\mui
2010-12-06 10:41:04 ----D---- C:\Program Files\Internet Explorer
2010-12-02 09:09:02 ----D---- C:\Documents and Settings\Čenda\Data aplikací\Ahead
2010-12-01 12:59:40 ----SD---- C:\Documents and Settings\Čenda\Data aplikací\Microsoft
2010-11-30 15:25:35 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-11-13 11:20:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-11-13 11:17:14 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-10-27 393088]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ENDA~1\LOCALS~1\Temp\catchme.sys []
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 PEVSystemStart;PEVSystemStart; C:\zmije.com\PEV.cfxxe [2010-04-26 256512]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[cernohous13]

zdá se, že máš čisto
a jestli už nenacházíš nic podivného, tak po sobě uklidím

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho -> "CleanUp" (smaže dříve použité čističe)

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.
spustit "Nástroje" > "Obnova systému" - 1.řádek zachovej, ostatní "Odstranit"

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Po vyčištění by se hodila defragmentace
doporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština

A jestli už nejsou problémy, je to ode mne vše.

[plihal]

Díky moc.Uvidíme.Přeji pohodový večer.

[cernohous13]

V případě problémů se klidně ozvi.

Nemáš zač - rádo se stalo a jsme tady i příště

[plihal]

Podívej se prosim na přiložený obrázek.Jsou ty kostičky místo názvu v pořádku??Možná že je to jen úplná blbost.

[cernohous13]

Možná kdyby se ti podařilo nastavit tak, aby byl vidět celý řádek s klíči HKCU - takhle nevím o co jde

[plihal]

Jak ten předešlý obrázek nastavit aby šly vidět registry,tak to opravdu netuším.
Ale podívej se mi ještě na test Spybotu,který jsem jen ze zvědavosti udělal teď.

[cernohous13]

ve SpyBotu nech Opravit vybrané problémy

udělej nový RSIT a dej mi log

[plihal]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Čenda at 2010-12-10 20:28:50
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (74%) free of 30 GB
Total RAM: 631 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:29:09, on 10.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Čenda\Plocha\RSIT(2).exe
C:\Program Files\trend micro\Čenda.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ1
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6770.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8620064781
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: PEVSystemStart - Unknown owner - C:\zmije.com\PEV.cfxxe (file missing)

--
End of file - 4212 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-09-15 1094224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2005-04-05 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2005-04-05 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JP595IR86O]
C:\DOCUME~1\ENDA~1\LOCALS~1\Temp\Lsr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2005-04-05 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Čenda^Nabídka Start^Programy^Po spuštění^E-mail.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Čenda^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MsMpSvc"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-12-10 20:28:50 ----D---- C:\rsit
2010-12-10 19:13:33 ----D---- C:\Program Files\CCleaner
2010-12-10 14:35:08 ----D---- C:\Documents and Settings\Čenda\Data aplikací\Malwarebytes
2010-12-10 14:35:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-12-10 14:34:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-10 13:08:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-09 19:02:32 ----A---- C:\WINDOWS\wininit.ini
2010-12-09 18:05:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-12-09 16:25:14 ----A---- C:\Boot.bak
2010-12-09 16:25:07 ----RASHD---- C:\cmdcons
2010-12-09 16:23:57 ----D---- C:\WINDOWS\ERDNT
2010-12-09 15:27:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-12-09 15:27:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-12-09 13:47:14 ----D---- C:\Program Files\trend micro
2010-12-09 11:00:08 ----D---- C:\Program Files\Windows Live Safety Center
2010-12-09 10:37:19 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-12-09 10:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-12-08 21:57:14 ----SHD---- C:\WINDOWS\CSC
2010-12-07 13:58:56 ----D---- C:\Documents and Settings\Čenda\Data aplikací\skypePM
2010-12-07 13:57:27 ----D---- C:\Program Files\Skype
2010-12-07 13:57:26 ----D---- C:\Documents and Settings\Čenda\Data aplikací\Skype
2010-12-07 13:57:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-12-06 15:17:12 ----D---- C:\Documents and Settings\Čenda\Data aplikací\dvdcss
2010-12-06 14:40:23 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-12-06 14:40:20 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-12-06 14:40:12 ----D---- C:\WINDOWS\Logs
2010-12-06 14:39:21 ----D---- C:\WINDOWS\RegisteredPackages
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\pxafs.dll
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\px.dll
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\drivers\PxHelp20.sys
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\drivers\cdralw2k.sys
2010-12-06 14:38:40 ----N---- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2010-12-06 14:38:33 ----D---- C:\Program Files\Winamp
2010-12-06 14:38:33 ----D---- C:\Documents and Settings\Čenda\Data aplikací\Winamp
2010-12-06 10:44:20 ----D---- C:\WINDOWS\system32\XPSViewer
2010-12-06 10:44:09 ----D---- C:\WINDOWS\system32\en-US
2010-12-06 10:43:58 ----D---- C:\Program Files\Reference Assemblies
2010-12-06 10:43:16 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-12-06 10:43:15 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-12-06 10:43:15 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-12-05 21:16:34 ----D---- C:\Program Files\Google
2010-12-05 21:02:08 ----D---- C:\Documents and Settings\Čenda\Data aplikací\Google
2010-12-05 20:19:50 ----RSD---- C:\WINDOWS\assembly
2010-12-05 20:19:04 ----D---- C:\WINDOWS\Microsoft.NET
2010-12-02 08:57:06 ----D---- C:\Documents and Settings\Čenda\Data aplikací\avidemux
2010-11-18 14:04:42 ----D---- C:\NVIDIA

======List of files/folders modified in the last 1 months======

2010-12-10 20:28:58 ----D---- C:\WINDOWS\Prefetch
2010-12-10 20:25:33 ----D---- C:\WINDOWS\Temp
2010-12-10 20:23:17 ----SD---- C:\WINDOWS\Tasks
2010-12-10 20:16:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-10 20:11:49 ----D---- C:\WINDOWS
2010-12-10 20:09:50 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-10 19:46:34 ----RASH---- C:\boot.ini
2010-12-10 19:46:34 ----A---- C:\WINDOWS\win.ini
2010-12-10 19:46:34 ----A---- C:\WINDOWS\system.ini
2010-12-10 19:13:33 ----D---- C:\Program Files
2010-12-10 18:26:39 ----D---- C:\WINDOWS\system32\drivers
2010-12-10 17:12:02 ----SHD---- C:\System Volume Information
2010-12-10 17:12:02 ----D---- C:\WINDOWS\system32\Restore
2010-12-10 17:11:59 ----SHD---- C:\WINDOWS\Installer
2010-12-10 14:46:41 ----D---- C:\Program Files\Mozilla Firefox
2010-12-10 13:17:12 ----D---- C:\WINDOWS\system32
2010-12-09 18:06:22 ----D---- C:\WINDOWS\system32\CatRoot
2010-12-09 18:05:33 ----HD---- C:\WINDOWS\inf
2010-12-09 18:05:10 ----DC---- C:\WINDOWS\system32\dllcache
2010-12-09 18:02:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-09 18:02:08 ----D---- C:\WINDOWS\WinSxS
2010-12-09 12:00:51 ----SHD---- C:\RECYCLER
2010-12-09 11:00:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-12-09 09:58:50 ----D---- C:\WINDOWS\pss
2010-12-08 21:57:24 ----D---- C:\Documents and Settings
2010-12-08 21:15:43 ----D---- C:\WINDOWS\system32\config
2010-12-08 21:15:27 ----D---- C:\WINDOWS\system32\wbem
2010-12-08 21:15:27 ----D---- C:\WINDOWS\Registration
2010-12-07 13:57:31 ----D---- C:\Program Files\Common Files
2010-12-06 15:34:41 ----A---- C:\WINDOWS\NeroDigital.ini
2010-12-06 14:46:02 ----D---- C:\WINDOWS\security
2010-12-06 14:40:28 ----D---- C:\WINDOWS\system32\DirectX
2010-12-06 14:40:02 ----D---- C:\Program Files\Windows Media Player
2010-12-06 14:39:59 ----D---- C:\WINDOWS\Debug
2010-12-06 13:08:15 ----D---- C:\Documents and Settings\Čenda\Data aplikací\Uniblue
2010-12-06 10:44:12 ----D---- C:\Program Files\MSBuild
2010-12-06 10:44:07 ----RSD---- C:\WINDOWS\Fonts
2010-12-06 10:43:34 ----D---- C:\WINDOWS\system32\spool
2010-12-06 10:41:04 ----D---- C:\WINDOWS\system32\mui
2010-12-06 10:41:04 ----D---- C:\Program Files\Internet Explorer
2010-12-02 09:09:02 ----D---- C:\Documents and Settings\Čenda\Data aplikací\Ahead
2010-12-01 12:59:40 ----SD---- C:\Documents and Settings\Čenda\Data aplikací\Microsoft
2010-11-30 15:25:35 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-11-13 11:20:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-11-13 11:17:14 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-10-27 393088]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 PEVSystemStart;PEVSystemStart; C:\zmije.com\PEV.cfxxe EXEC /i C:\zmije.com\HIDEC.exe C:\zmije.com\SWREG.EXE ACL HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep /RESET /Q []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[cernohous13]

nevím přesně co ty čtverečky znamenají, ale zkus je zastavit po spuštění systému
Start -> Spustit... - msconfig - OK
na záložce Po spuštění vyhoď u nich fajfku -> OK
po restartu poznáš co ti nechodí a můžeš to vrátit.

Po nekorektím ukončení ComboFixu nám tam zůstala jedna služba
Start -> Spustit - services.msc -> OK
najdi PEVSystemStart -> pravým myšítkem -> Vlastnosti -> Typ spuštění -> Zakázáno -> OK

v logu není nic nebezpečného, proto se domnívám, že čisto