celkové zpomalení pc + další problémy

[Davcas]

zdar, pc se mi čímdál víc zpomaluje, nabíhá hrozně pomalu, občas začne tiskárna sama od sebe tisknout a na internetu mě nejedou některá videa (dřív bez problému naskočili), tady vkládam log z RSIT


Logfile of random's system information tool 1.08 (written by random/random)
Run by uzivatel at 2011-01-12 22:48:30
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 124 GB (26%) free of 477 GB
Total RAM: 3327 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:48:45, on 12.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Documents and Settings\uzivatel\My Documents\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\uzivatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: Bitlord Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Bitlord Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Bitlord Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V Collector Edition\registration\RegistrationReminder.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1ca4ab910e62e6a) (gupdate1ca4ab910e62e6a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 12118 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for uzivatel.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll [2010-10-22 726016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
ToggleEN Toolbar - C:\Program Files\ToggleEN\tbTog0.dll [2010-09-04 2734688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
Bitlord Toolbar - C:\Program Files\TorrentMan\tbTor1.dll [2010-09-04 2734688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-20 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7c5c0f58-e061-457d-9033-77307f5ed00c} - Bitlord Toolbar - C:\Program Files\TorrentMan\tbTor1.dll [2010-09-04 2734688]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-02 1018616]
{038cb5c7-48ea-4af9-94e0-a1646542e62b} - ToggleEN Toolbar - C:\Program Files\ToggleEN\tbTog0.dll [2010-09-04 2734688]
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll [2010-10-22 726016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-16 16806400]
"Six Engine"=C:\Program Files\ASUS\Six Engine\SixEngine.exe [2008-07-05 5968384]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-11-19 1970176]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-02-27 570664]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2008-02-18 1629480]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2008-02-18 1057064]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2005-09-05 339968]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1603152]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2008-09-21 615696]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-09-19 236016]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2010-10-22 524288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Comrade.exe"=C:\Program Files\GameSpy\Comrade\Comrade.exe [2007-06-29 36864]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"FileHippo.com"=C:\Program Files\FileHippo.com\UpdateChecker.exe [2009-09-28 155648]
"PlayNC Launcher"= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\uzivatel\Start Menu\Programs\Startup
Registration Heroes of Might & Magic 5.LNK - C:\Program Files\Ubisoft\Heroes of Might and Magic V Collector Edition\registration\RegistrationReminder.exe
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Metin2_CZ\metin2.bin"="C:\Program Files\Metin2_CZ\metin2.bin:*:Enabled:metin2"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Sega\Universe At War Earth Assault\UAWEA.exe"="C:\Program Files\Sega\Universe At War Earth Assault\UAWEA.exe:*:Enabled:Universe at War: Earth Assault Application"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\zdenda\Desktop\BitComet\BitComet.exe"="C:\Documents and Settings\zdenda\Desktop\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\zdenda\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\zdenda\temp\TeamViewer\Version5\TeamViewer.exe:*:Disabled:TeamViewer"
"C:\Program Files\Ground Control II\gcii.exe"="C:\Program Files\Ground Control II\gcii.exe:*:Enabled:Ground Control II"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\uzivatel\Desktop\Age of empires 1 a 2\Age of Empires 2\Age of Empires 2\empires2.exe"="C:\Documents and Settings\uzivatel\Desktop\Age of empires 1 a 2\Age of Empires 2\Age of Empires 2\empires2.exe:*:Enabled:Age of Empires II"
"C:\Documents and Settings\zdenda\Application Data\ICQ\Application\ICQ7.2\ICQ.exe"="C:\Documents and Settings\zdenda\Application Data\ICQ\Application\ICQ7.2\ICQ.exe:*:Disabled:ICQ"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2011-01-12 22:48:30 ----D---- C:\rsit
2011-01-12 22:48:30 ----D---- C:\Program Files\trend micro
2011-01-12 09:13:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-01-04 19:49:24 ----D---- C:\Program Files\Homeworld2
2011-01-01 19:21:04 ----D---- C:\Program Files\Common Files\Skype
2010-12-15 00:06:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2010-12-15 00:06:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2010-12-15 00:05:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2010-12-15 00:05:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2010-12-15 00:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2010-12-15 00:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2010-12-15 00:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2416400$
2010-12-15 00:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$

======List of files/folders modified in the last 1 months======

2011-01-12 22:48:38 ----D---- C:\WINDOWS\Prefetch
2011-01-12 22:48:30 ----RD---- C:\Program Files
2011-01-12 22:06:14 ----D---- C:\WINDOWS\temp
2011-01-12 20:42:17 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-01-12 20:29:09 ----SD---- C:\Documents and Settings\uzivatel\Application Data\Microsoft
2011-01-12 17:29:52 ----D---- C:\Documents and Settings\uzivatel\Application Data\ICQ
2011-01-12 17:23:39 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2011-01-12 17:23:32 ----D---- C:\WINDOWS
2011-01-12 17:22:48 ----D---- C:\WINDOWS\Registration
2011-01-12 17:20:03 ----D---- C:\WINDOWS\system32
2011-01-12 09:15:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-12 09:15:44 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-12 09:13:47 ----D---- C:\WINDOWS\Debug
2011-01-12 09:13:45 ----A---- C:\WINDOWS\system32\MRT.exe
2011-01-12 09:13:41 ----HD---- C:\WINDOWS\inf
2011-01-12 09:13:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-12 06:41:50 ----HD---- C:\WINDOWS\$hf_mig$
2011-01-11 22:49:05 ----D---- C:\Program Files\CCleaner
2011-01-11 22:41:50 ----D---- C:\Qoobox
2011-01-09 15:27:32 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-01-08 21:27:14 ----SHD---- C:\RECYCLER
2011-01-06 13:40:01 ----D---- C:\Program Files\ICQ7.2
2011-01-06 13:30:42 ----D---- C:\Program Files\Microsoft Silverlight
2011-01-05 23:43:20 ----SHD---- C:\WINDOWS\Installer
2011-01-05 23:43:20 ----D---- C:\Config.Msi
2011-01-05 12:50:51 ----D---- C:\WINDOWS\system32\CatRoot
2011-01-04 19:48:54 ----A---- C:\WINDOWS\system.ini
2011-01-04 19:48:09 ----A---- C:\WINDOWS\NeroDigital.ini
2011-01-01 19:21:04 ----RD---- C:\Program Files\Skype
2011-01-01 19:21:04 ----D---- C:\Program Files\Common Files
2011-01-01 19:20:58 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-12-21 07:06:23 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2010-12-18 10:48:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-15 00:05:59 ----D---- C:\WINDOWS\system32\drivers
2010-12-15 00:03:18 ----D---- C:\Program Files\Outlook Express

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2008-06-30 79448]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-05-13 111808]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2003-09-06 6944]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-06-05 721904]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24 27408]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-24 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24 48560]
R1 InCDPass;Nero InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2008-02-18 36648]
R1 incdrm;Nero InCD MRW Remapper; C:\WINDOWS\system32\drivers\InCDRm.sys [2008-02-18 38312]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-24 94160]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24 23120]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-16 4747776]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-06-25 36864]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-15 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-10-17 47360]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-15 5888]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 InCDfs;Nero InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2008-02-18 118952]
S3 a6sf1dxn;a6sf1dxn; C:\WINDOWS\system32\drivers\a6sf1dxn.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\uzivatel\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 jgameenp;jgameenp; \??\C:\DOCUME~1\uzivatel\LOCALS~1\Temp\jgameenp.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2005-12-08 8718848]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-10-22 386560]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2008-02-18 1553704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-24 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]
S1 InCDrec;Nero InCD File System Recognizer; C:\WINDOWS\system32\drivers\InCDRec.sys [2008-02-18 16040]
S2 gupdate1ca4ab910e62e6a;Služba Google Update (gupdate1ca4ab910e62e6a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-11 133104]
S2 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe []
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-09-19 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-09-19 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-09-19 1108464]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vyosek]

Zdravim a pekny vecer preji

Vsak tam taky mate furu haveti

Spustte HJT a provedeme fixnuti polozek

• HJT najdete zde C:\Program Files\trend micro\uzivatel.exe
• Otevre se Vam okno, kliknete na Do a system scan only
• V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
• R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
  R3 - URLSearchHook: (no name) - - (no file)
  R3 - URLSearchHook: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll
  R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
  R3 - URLSearchHook: Bitlord Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll
  R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
  R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
• Kliknete na Fix checked (vlevo dole)
• HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Davcas]

udělal sem všechno jaks napsal tak snad už s tím tedka žádný problémy nebudou, dík moc
tady je log z combofixu:

ComboFix 11-01-11.03 - uzivatel 12.01.2011 23:34:01.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3327.2758 [GMT 1:00]
Spuštěný z: c:\documents and settings\uzivatel\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 110112-2] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\uzivatel\Application Data\Dealio
c:\documents and settings\uzivatel\Application Data\Dealio\res\widgets.xml
c:\documents and settings\uzivatel\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\zdenda\Application Data\Dealio
c:\documents and settings\zdenda\Application Data\Dealio\res\widgets.xml
c:\documents and settings\zdenda\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\zlobivec\Application Data\Dealio
c:\documents and settings\zlobivec\Application Data\Dealio\res\widgets.xml
c:\documents and settings\zlobivec\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\utils.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\splitter.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.1\config.ini
c:\program files\Dealio Toolbar\IE\4.1\deALiotoolbarie.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Wmi


((((((((((((((((((((((((( Soubory vytvořené od 2010-12-12 do 2011-01-12 )))))))))))))))))))))))))))))))
.

2011-01-12 22:32 . 2011-01-12 22:32 -------- d-----r- C:\32788R22FWJFW
2011-01-12 21:48 . 2011-01-12 21:48 -------- d-----w- C:\rsit
2011-01-12 21:48 . 2011-01-12 21:48 -------- d-----w- c:\program files\trend micro
2011-01-04 18:49 . 2011-01-04 18:51 -------- d-----w- c:\program files\Homeworld2
2011-01-01 21:21 . 2011-01-01 21:44 -------- d-----w- c:\documents and settings\zlobivec\Application Data\Mount&Blade
2011-01-01 20:34 . 2011-01-01 20:34 -------- d-----w- c:\documents and settings\zlobivec\Application Data\Research In Motion
2011-01-01 18:21 . 2011-01-01 18:21 -------- d-----w- c:\program files\Common Files\Skype
2010-12-31 17:54 . 2010-12-31 17:54 -------- d-----w- c:\documents and settings\zlobivec\Application Data\Search Settings
2010-12-14 22:14 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 22:14 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2008-12-20 11:51 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2006-03-15 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-05 05:05 . 2006-03-15 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:05 . 2006-03-15 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-11-05 05:05 . 2006-03-15 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-11-03 12:59 . 2006-03-15 12:00 369664 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-03-15 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2006-03-15 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2006-03-15 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2010-09-04 21:36 2734688 ----a-w- c:\program files\ToggleEN\tbTog0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2010-09-04 21:36 2734688 ----a-w- c:\program files\TorrentMan\tbTor1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2010-09-04 2734688]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog0.dll" [2010-09-04 2734688]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor1.dll" [2010-09-04 2734688]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTog0.dll" [2010-09-04 2734688]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Comrade.exe"="c:\program files\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2009-09-28 155648]
"PlayNC Launcher"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-07-05 5968384]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2008-02-18 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-02-18 1057064]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-21 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2010-10-22 524288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\zlobivec\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\uzivatel\Start Menu\Programs\Startup\
Registration Heroes of Might & Magic 5.LNK - c:\program files\Ubisoft\Heroes of Might and Magic V Collector Edition\registration\RegistrationReminder.exe [2010-9-20 868352]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2006-1-5 3469448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.2.2009 11:19 721904]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20.12.2008 13:52 114768]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [22.10.2010 16:38 386560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.12.2008 13:52 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [23.7.2009 14:36 246520]
S2 gupdate1ca4ab910e62e6a;Služba Google Update (gupdate1ca4ab910e62e6a);c:\program files\Google\Update\GoogleUpdate.exe [11.10.2009 22:23 133104]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S3 jgameenp;jgameenp;\??\c:\docume~1\uzivatel\LOCALS~1\Temp\jgameenp.sys --> c:\docume~1\uzivatel\LOCALS~1\Temp\jgameenp.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [26.5.2010 17:08 38224]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
FastUserSwitchingCompatibility
HidServ
LanmanServer
LanmanWorkstation
Messenger
Nla
NWCWorkstation
Schedule
Seclogon
SRService
Themes
TrkWks
W32Time
WmdmPmSp
winmgmt
wscsvc
xmlprov
MHN
BITS
wuauserv
ShellHWDetection
helpsvc
napagent
hkmsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2011-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 21:23]

2011-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 21:23]

2011-01-09 c:\windows\Tasks\Norton Security Scan for uzivatel.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-11 07:48]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\f6buwu2t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=150911&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-12 23:40
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2216)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Celkový čas: 2011-01-12 23:45:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-12 22:45
ComboFix2.txt 2010-11-11 10:44
ComboFix3.txt 2010-02-21 17:10
ComboFix4.txt 2009-09-25 17:01

Před spuštěním: 129 887 596 544 bytes free
Po spuštění: 129 816 002 560 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 001A3618F5BA500D7ABDC8D7E7544F0C

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  File::
  C:\Program Files\TorrentMan\tbTor1.dll
  C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
  C:\Documents and Settings\uzivatel\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
  C:\WINDOWS\tasks\AppleSoftwareUpdate.job
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
  C:\WINDOWS\tasks\Norton Security Scan for uzivatel.job
  
  Folder::
  C:\Program Files\ICQ6Toolbar
  
  Driver::
  ICQ Service
  jgameenp
  gupdate1ca4ab910e62e6a
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
  "{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
  "{038cb5c7-48ea-4af9-94e0-a1646542e62b}"=-
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
  "{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
  "{038cb5c7-48ea-4af9-94e0-a1646542e62b}"=-
  [-HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
  [-HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
  [-HKEY_CLASSES_ROOT\clsid\{855F3B16-6D32-4fe6-8A56-BBB695989046}]
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Comrade.exe"=-
  "DAEMON Tools Lite"=-
  "PlayNC Launcher"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "RemoteControl"=-
  "LanguageShortcut"=-
  "NeroFilterCheck"=-
  "SecurDisc"=-
  "InCD"=-
  "SunJavaUpdateSched"=-
  "QuickTime Task"=-
  "BlackBerryAutoUpdate"=-
  "RoxWatchTray"=-
  "DivXUpdate"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
  "netsvcs"=hex(7):36,74,6F,34,00,41,70,70,4D,67,6D,74,00,41,\
    75,64,69,6F,53,72,76,00,42,49,54,53,00,42,72,6F,77,73,65,72,00,43,72,\
    79,70,74,53,76,63,00,44,48,43,50,00,44,4D,53,65,72,76,65,72,00,45,52,\
    53,76,63,00,45,76,65,6E,74,53,79,73,74,65,6D,00,46,61,73,74,55,73,65,\
    72,53,77,69,74,63,68,69,6E,67,43,6F,6D,70,61,74,69,62,69,6C,69,74,79,\
    00,68,65,6C,70,73,76,63,00,48,69,64,53,65,72,76,00,68,6B,6D,73,76,63,\
    00,49,61,73,00,49,70,72,69,70,00,49,72,6D,6F,6E,00,4C,61,6E,6D,61,6E,\
    53,65,72,76,65,72,00,4C,61,6E,6D,61,6E,57,6F,72,6B,73,74,61,74,69,6F,\
    6E,00,4D,65,73,73,65,6E,67,65,72,00,4D,48,4E,00,6E,61,70,61,67,65,6E,\
    74,00,4E,65,74,6D,61,6E,00,4E,6C,61,00,4E,74,6D,73,73,76,63,00,4E,57,\
    43,57,6F,72,6B,73,74,61,74,69,6F,6E,00,4E,77,73,61,70,61,67,65,6E,74,\
    00,52,61,73,61,75,74,6F,00,52,61,73,6D,61,6E,00,52,65,6D,6F,74,65,61,\
    63,63,65,73,73,00,53,65,63,6C,6F,67,6F,6E,00,53,45,4E,53,00,53,68,61,\
    72,65,64,61,63,63,65,73,73,00,53,68,65,6C,6C,48,57,44,65,74,65,63,74,\
    69,6F,6E,00,53,63,68,65,64,75,6C,65,00,53,52,53,65,72,76,69,63,65,00,54,\
    61,70,69,73,72,76,00,54,68,65,6D,65,73,00,54,72,6B,57,6B,73,00,57,33,\
    32,54,69,6D,65,00,77,69,6E,6D,67,6D,74,00,57,6D,64,6D,50,6D,53,4E,00,57,\
    6D,64,6D,50,6D,53,70,00,57,6D,69,00,77,73,63,73,76,63,00,77,75,61,75,\
    73,65,72,76,00,57,5A,43,53,56,43,00,78,6D,6C,70,72,6F,76,00,00
  
  Collect::
  c:\docume~1\uzivatel\LOCALS~1\Temp\jgameenp.sys
  
  Firefox::
  FF - ProfilePath - c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\f6buwu2t.default\
  FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
  FF - prefs.js: browser.search.selectedEngine - Yahoo
  FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
  FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =150911&p=

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Davcas]

udělal sem, tady je log z combofixu

ComboFix 11-01-11.03 - uzivatel 13.01.2011 12:48:24.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3327.2788 [GMT 1:00]
Spuštěný z: c:\documents and settings\uzivatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\uzivatel\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 110112-2] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk"
"c:\documents and settings\uzivatel\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK"
"c:\program files\TorrentMan\tbTor1.dll"
"c:\windows\tasks\AppleSoftwareUpdate.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\Norton Security Scan for uzivatel.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
c:\documents and settings\uzivatel\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\TorrentMan\tbTor1.dll
c:\windows\tasks\AppleSoftwareUpdate.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\Norton Security Scan for uzivatel.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GUPDATE1CA4AB910E62E6A
-------\Legacy_ICQ_SERVICE
-------\Legacy_JGAMEENP
-------\Service_gupdate1ca4ab910e62e6a
-------\Service_ICQ Service
-------\Service_jgameenp


((((((((((((((((((((((((( Soubory vytvořené od 2010-12-13 do 2011-01-13 )))))))))))))))))))))))))))))))
.

2011-01-12 21:48 . 2011-01-12 21:48 -------- d-----w- C:\rsit
2011-01-12 21:48 . 2011-01-12 21:48 -------- d-----w- c:\program files\trend micro
2011-01-04 18:49 . 2011-01-04 18:51 -------- d-----w- c:\program files\Homeworld2
2011-01-01 21:21 . 2011-01-01 21:44 -------- d-----w- c:\documents and settings\zlobivec\Application Data\Mount&Blade
2011-01-01 20:34 . 2011-01-01 20:34 -------- d-----w- c:\documents and settings\zlobivec\Application Data\Research In Motion
2011-01-01 18:21 . 2011-01-01 18:21 -------- d-----w- c:\program files\Common Files\Skype
2010-12-31 17:54 . 2010-12-31 17:54 -------- d-----w- c:\documents and settings\zlobivec\Application Data\Search Settings
2010-12-14 22:14 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 22:14 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2008-12-20 11:51 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2006-03-15 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-05 05:05 . 2006-03-15 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:05 . 2006-03-15 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-11-05 05:05 . 2006-03-15 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-11-03 12:59 . 2006-03-15 12:00 369664 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-03-15 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2006-03-15 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2006-03-15 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-11-11_10.43.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-13 11:55 . 2011-01-13 11:55 16384 c:\windows\temp\Perflib_Perfdata_5b4.dat
+ 2011-01-13 11:55 . 2011-01-13 11:55 16384 c:\windows\temp\Perflib_Perfdata_250.dat
- 2008-10-22 09:47 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2006-03-15 12:00 . 2010-12-18 09:48 71196 c:\windows\system32\perfc009.dat
+ 2010-11-18 18:12 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll
+ 2009-02-20 08:10 . 2010-11-05 05:05 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-20 08:10 . 2010-09-09 14:16 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2010-11-18 05:01 . 2010-11-18 05:01 53248 c:\windows\Installer\{C1F83B10-0BEB-475f-BBA2-E235B02B9826}\ARPPRODUCTICON.exe
+ 2008-12-20 14:08 . 2010-12-14 23:05 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-20 14:08 . 2010-11-11 00:00 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-20 14:08 . 2010-11-11 00:00 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-20 14:08 . 2010-12-14 23:05 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-20 14:08 . 2010-11-11 00:00 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-20 14:08 . 2010-12-14 23:05 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-06-04 12:06 . 2011-01-05 22:43 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-04 12:06 . 2010-09-29 20:59 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2006-03-15 12:00 . 2010-11-05 05:05 629760 c:\windows\system32\urlmon.dll
+ 2006-03-15 12:00 . 2010-12-18 09:48 441260 c:\windows\system32\perfh009.dat
+ 2006-03-15 12:00 . 2010-11-05 05:05 532480 c:\windows\system32\mstime.dll
- 2006-03-15 12:00 . 2008-04-14 00:12 532480 c:\windows\system32\mstime.dll
- 2006-03-15 12:00 . 2010-09-09 14:16 449024 c:\windows\system32\mshtmled.dll
+ 2006-03-15 12:00 . 2010-11-05 05:05 449024 c:\windows\system32\mshtmled.dll
+ 2010-12-11 09:13 . 2010-12-11 09:13 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
+ 2010-11-23 20:20 . 2010-09-15 03:50 153376 c:\windows\system32\javaws.exe
- 2009-10-24 11:20 . 2009-10-24 11:20 145184 c:\windows\system32\javaw.exe
+ 2010-11-23 20:20 . 2010-09-15 03:50 145184 c:\windows\system32\javaw.exe
- 2009-10-24 11:20 . 2009-10-24 11:20 145184 c:\windows\system32\java.exe
+ 2010-11-23 20:20 . 2010-09-15 03:50 145184 c:\windows\system32\java.exe
+ 2006-03-15 12:00 . 2010-11-05 05:05 251904 c:\windows\system32\iepeers.dll
- 2006-03-15 12:00 . 2010-09-09 14:16 251904 c:\windows\system32\iepeers.dll
- 2008-12-20 03:00 . 2010-10-14 03:44 205712 c:\windows\system32\FNTCACHE.DAT
+ 2008-12-20 03:00 . 2010-12-15 05:44 205712 c:\windows\system32\FNTCACHE.DAT
- 2008-12-20 14:44 . 2010-09-09 14:16 667136 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 14:44 . 2010-11-05 05:05 667136 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 14:44 . 2010-11-05 05:05 629760 c:\windows\system32\dllcache\urlmon.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2010-11-05 05:05 . 2010-11-05 05:05 532480 c:\windows\system32\dllcache\mstime.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
- 2010-09-09 14:16 . 2010-09-09 14:16 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-09-09 14:16 . 2010-11-05 05:05 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
- 2010-02-26 05:43 . 2010-09-09 14:16 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2010-02-26 05:43 . 2010-11-05 05:05 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2010-04-20 05:30 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2010-11-23 20:20 . 2010-09-15 03:50 472808 c:\windows\system32\deployJava1.dll
+ 2010-02-27 09:37 . 2011-01-11 21:49 290816 c:\windows\system32\config\systemprofile\ntuser.dat
- 2010-02-27 09:37 . 2010-02-27 09:37 290816 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2011-01-01 18:21 . 2011-01-01 18:21 689152 c:\windows\Installer\1f60f3.msi
+ 2010-07-23 00:03 . 2010-07-23 00:03 338432 c:\windows\Installer\1cc58a1.msp
+ 2010-11-23 20:20 . 2010-11-23 20:20 180224 c:\windows\Installer\12edb3d.msi
+ 2011-01-01 18:21 . 2011-01-01 18:21 371272 c:\windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe
- 2008-12-20 14:08 . 2010-11-11 00:00 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-20 14:08 . 2010-12-14 23:05 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-20 14:08 . 2010-11-11 00:00 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-20 14:08 . 2010-12-14 23:05 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-20 14:08 . 2010-11-11 00:00 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-20 14:08 . 2010-12-14 23:05 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-12-20 14:08 . 2010-11-11 00:00 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-12-20 14:08 . 2010-12-14 23:05 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-11-04 03:13 . 2008-11-04 03:13 118128 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSCONV97.DLL
+ 2006-03-15 12:00 . 2010-11-05 05:05 1510400 c:\windows\system32\shdocvw.dll
- 2006-03-15 12:00 . 2010-09-09 14:16 1510400 c:\windows\system32\shdocvw.dll
+ 2006-03-15 12:00 . 2010-11-05 05:05 3076096 c:\windows\system32\mshtml.dll
+ 2010-01-27 01:07 . 2010-12-11 09:13 5971408 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-12-20 14:43 . 2010-10-26 13:25 1853312 c:\windows\system32\dllcache\win32k.sys
- 2008-12-20 14:44 . 2010-09-09 14:16 1510400 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-12-20 14:44 . 2010-11-05 05:05 1510400 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-12-20 14:44 . 2010-11-05 05:05 3076096 c:\windows\system32\dllcache\mshtml.dll
- 2010-03-10 04:33 . 2010-09-09 14:16 1025024 c:\windows\system32\dllcache\browseui.dll
+ 2010-03-10 04:33 . 2010-11-05 05:05 1025024 c:\windows\system32\dllcache\browseui.dll
+ 2006-03-15 12:00 . 2010-11-05 05:05 1025024 c:\windows\system32\browseui.dll
- 2006-03-15 12:00 . 2010-09-09 14:16 1025024 c:\windows\system32\browseui.dll
+ 2010-11-18 05:01 . 2010-11-18 05:01 1016832 c:\windows\Installer\55e9b.msi
+ 2011-01-01 18:21 . 2011-01-01 18:21 1580544 c:\windows\Installer\1f60ec.msi
- 2008-12-20 14:08 . 2010-11-11 00:00 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-20 14:08 . 2010-12-14 23:05 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-10 10:29 . 2011-01-12 08:13 37403080 c:\windows\system32\MRT.exe
+ 2011-01-05 22:42 . 2011-01-05 22:42 20304384 c:\windows\Installer\1bc990d.msp
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2009-09-28 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-07-05 5968384]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2010-10-22 524288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\zlobivec\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\uzivatel\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2006-1-5 3469448]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2.bin"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Sega\\Universe At War Earth Assault\\UAWEA.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Documents and Settings\\zdenda\\Desktop\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\zdenda\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Ground Control II\\gcii.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Documents and Settings\\uzivatel\\Desktop\\Age of empires 1 a 2\\Age of Empires 2\\Age of Empires 2\\empires2.exe"=
"c:\\Documents and Settings\\zdenda\\Application Data\\ICQ\\Application\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26859:TCP"= 26859:TCP:BitComet 26859 TCP
"26859:UDP"= 26859:UDP:BitComet 26859 UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.2.2009 11:19 721904]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20.12.2008 13:52 114768]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [22.10.2010 16:38 386560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.12.2008 13:52 20560]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [26.5.2010 17:08 38224]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\f6buwu2t.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=150911&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 12:57
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2648)
c:\progra~1\WINDOW~3\wmpband.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Celkový čas: 2011-01-13 12:59:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-13 11:59
ComboFix2.txt 2011-01-12 22:45
ComboFix3.txt 2010-11-11 10:44
ComboFix4.txt 2010-02-21 17:10
ComboFix5.txt 2011-01-13 11:46

Před spuštěním: 129 808 556 032 bytes free
Po spuštění: Volných bajtů: 129 773 252 608

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 662B279D89B94FE892FEFD889A3D3247

[vyosek]

Jak se chova PC

[Davcas]

tiskárna už neblbne, zdá se mě že je PC rychlejší, všechno se mě zdá vpohodě akorát některý ty videa pořád nejedou ale tam bude možná chyba té stránky nebo něco jinýho

[vyosek]

Tak jeste uklidime

Odinstalujte Combofix

• Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
• Napiste ComboFix /Uninstall
• Stisknete Enter
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Zkuste preinstalovat Flash player