100% CPU - kernel32.dll

Zpráva

#16 Příspěvek od **stell** » 29 pro 2009 19:04

ano,mozes odstranit pouzite programy,ak pc slape dobre ,tot vse,

michal95 · #17 Příspěvek od **michal95** » 03 bře 2010 14:55

Dobrý den i já mám tento problém že mi hned po startu PC v procesech naběhne svchsot.exe 98-100 cpu. Prosím o pomoct.

michal95 · #18 Příspěvek od **michal95** » 03 bře 2010 15:02

tady jsou logy

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dawis at 2010-03-03 14:57:50
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (57%) free of 35 GB
Total RAM: 2303 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:50, on 3.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\VM305_STI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
E:\programy\D-Tools\daemon.exe
E:\Programy\Winamp\winampa.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Dawis\Local Settings\Data aplikací\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ASWLSVC.exe
E:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Dawis\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Dawis\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dawis\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Dawis.exe
C:\Documents and Settings\Dawis\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\SCROLL~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Programy\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\programy\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] E:\Programy\Winamp\winampa.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [RGSC] D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dawis\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Policies\Explorer\Run: [sysinit] C:\WINDOWS\sysinit.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: winesm32.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... zim029YYCZ
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Programy\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Programy\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///F:/components/hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///F:/components/A9.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3451219500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3485769109
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///F:/components/wmvhdrating.ocx
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8AE4382-4894-4792-9429-102D55527F08}: NameServer = 10.181.181.254
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\System32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 13809 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AcPro Daily Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-220523388-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-220523388-725345543-1003UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [2009-02-09 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2009-02-09 434271]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Program Files\AutocompletePro\AutocompletePro.dll [2010-01-19 97760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-02-21 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-11 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-02-21 2403392]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2009-02-09 434271]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-14 77824]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"Control Center"=C:\Program Files\ASUS\WLAN Card Utilities\Center.exe [2005-09-13 1668096]
"BigDog305"=C:\WINDOWS\VM305_STI.EXE [2006-03-17 61440]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"mouseElf"=C:\PROGRA~1\SCROLL~1\GNETMOUS.EXE [2004-02-24 176128]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Adobe Photo Downloader"=E:\Programy\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe []
"MyWebSearch Plugin"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF []
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe [2009-02-09 24688]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2009-02-09 32838]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"DAEMON Tools-1033"=E:\programy\D-Tools\daemon.exe [2004-08-22 81920]
"WinampAgent"=E:\Programy\Winamp\winampa.exe [2010-01-13 37888]
"Samsung Common SM"=C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe [2005-07-03 372736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"=C:\Program Files\Logitech\Profiler\lwemon.exe [2004-04-23 77824]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2009-02-09 32838]
"RGSC"=D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Dawis\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-01-26 135664]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -scheduler []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"sysinit"=C:\WINDOWS\sysinit.exe []

C:\Documents and Settings\Dawis\Nabídka Start\Programy\Po spuštění
winesm32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Dawis\Local Settings\Temp\Rar$EX00.781\RCT.EXE"="C:\Documents and Settings\Dawis\Local Settings\Temp\Rar$EX00.781\RCT.EXE:*:Enabled:RCT"
"C:\Documents and Settings\Dawis\Local Settings\Temp\Rar$EX02.609\RCT.EXE"="C:\Documents and Settings\Dawis\Local Settings\Temp\Rar$EX02.609\RCT.EXE:*:Enabled:RCT"
"D:\hry\Hasbro Interactive\RollerCoaster Tycoon\rct.exe"="D:\hry\Hasbro Interactive\RollerCoaster Tycoon\rct.exe:*:Enabled:rct"
"E:\Programy\ICQ6\ICQ.exe"="E:\Programy\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\hry\Call of Duty\CoDMP.exe"="D:\hry\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"D:\hry\Activision\Call of Duty 2\CoD2MP_s.exe"="D:\hry\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\hry\EA GAMES\Need for Speed Most Wanted\speed.exe"="D:\hry\EA GAMES\Need for Speed Most Wanted\speed.exe:*:Enabled:speed"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\hry\Microsoft Games\Age of Empires III\Age3.exe"="D:\hry\Microsoft Games\Age of Empires III\Age3.exe:*:Enabled:Age of Empires 3"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\hry\Warcraft III\Warcraft III.exe"="D:\hry\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\hry\Warcraft III\War3.exe"="D:\hry\Warcraft III\War3.exe:*:Enabled:Warcraft III"
"E:\Programy\IVT Corporation\BlueSoleil\BlueSoleil.exe"="E:\Programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Documents and Settings\Dawis\Plocha\FIFA08.exe"="C:\Documents and Settings\Dawis\Plocha\FIFA08.exe:*:Enabled:FIFA08"
"D:\Programy\BitLord\BitLord.exe"="D:\Programy\BitLord\BitLord.exe:*:Enabled:BitLord"
"D:\hry\TrackMania Sunrise\TmSunrise.exe"="D:\hry\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"C:\Documents and Settings\Dawis\Local Settings\Temp\Rar$EX02.062\Age of Empires II\empires2.exe"="C:\Documents and Settings\Dawis\Local Settings\Temp\Rar$EX02.062\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II"
"C:\Documents and Settings\Dawis\Local Settings\Temp\Rar$EX11.156\Age of Empires II\empires2.exe"="C:\Documents and Settings\Dawis\Local Settings\Temp\Rar$EX11.156\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\hry\Microsoft Games\Age of Empires II\EMPIRES2.EXE"="D:\hry\Microsoft Games\Age of Empires II\EMPIRES2.EXE:*:Enabled:Age of Empires II"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"D:\hry\Acclaim Entertainment\Re-Volt\revolt.exe"="D:\hry\Acclaim Entertainment\Re-Volt\revolt.exe:*:Enabled:revolt"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"D:\hry\EA Games\Need for Speed Undercover\nfs.exe"="D:\hry\EA Games\Need for Speed Undercover\nfs.exe:*:Enabled:Need for Speed Undercover"
"E:\Programy\ICQ6.5\ICQ.exe"="E:\Programy\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\hry\Virgin Interactive\Original War\OwarFull.DLL"="D:\hry\Virgin Interactive\Original War\OwarFull.DLL:*:Enabled:OwarFull"
"D:\hry\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe"="D:\hry\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"D:\Microsoft Games\Age of Empires II\empires2.exe"="D:\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II"
"D:\Virgin Interactive\Original War\OwarFull.DLL"="D:\Virgin Interactive\Original War\OwarFull.DLL:*:Enabled:OwarFull"
"C:\Documents and Settings\Dawis\Local Settings\Temp\Rar$EX00.938\Liero Xtreme\LieroX.exe"="C:\Documents and Settings\Dawis\Local Settings\Temp\Rar$EX00.938\Liero Xtreme\LieroX.exe:*:Enabled:LieroX"
"C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe"="C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe:*:Enabled:ZyXEL G-202 Wireless Adapter Utility"
"D:\Warcraft III\Warcraft III.exe"="D:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"F:\Warcraft III DOTA\Warcraft III.exe"="F:\Warcraft III DOTA\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\hry\Warcraft III DOTA\War3.exe"="D:\hry\Warcraft III DOTA\War3.exe:*:Enabled:Warcraft III"
"E:\Michal soubory\Hry\Garena\Garena.exe"="E:\Michal soubory\Hry\Garena\Garena.exe:*:Enabled:Garena"
"D:\hry\Garena\Garena.exe"="D:\hry\Garena\Garena.exe:*:Enabled:Garena"
"D:\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="D:\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"D:\Microsoft Games\Age of Empires III\Age3.exe"="D:\Microsoft Games\Age of Empires III\Age3.exe:*:Enabled:Age of Empires 3"
"D:\Virgin Interactive\Original War\Owar.exe"="D:\Virgin Interactive\Original War\Owar.exe:*:Enabled:Setup"
"D:\EA Sports\FIFA 08\FIFA08.exe"="D:\EA Sports\FIFA 08\FIFA08.exe:*:Enabled:FIFA08"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\sysinit.exe"="C:\WINDOWS\sysinit.exe:*:Disabled:sysinit"
"E:\Programy\FlashGet universal\FlashGet.exe"="E:\Programy\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"E:\Programy\FlashGet universal\LiveUpdate.exe"="E:\Programy\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"E:\Programy\FlashGet universal\LiveUpdateEx.exe"="E:\Programy\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
"D:\Freak out Extreme freeride\FreakOut.exe"="D:\Freak out Extreme freeride\FreakOut.exe:*:Enabled:FreakOut"
"D:\hry\Team17 Software Ltd\Worms Forts Under Siege\WF.exe"="D:\hry\Team17 Software Ltd\Worms Forts Under Siege\WF.exe:*:Enabled:WF"
"D:\hry\Capcom\MotoGP 08 Demo\MotoGP 08\Launcher.exe"="D:\hry\Capcom\MotoGP 08 Demo\MotoGP 08\Launcher.exe:*:Enabled:MotoGP 08"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Documents and Settings\Dawis\Plocha\MX vs ATV Unleashed\MXvsATV.exe"="C:\Documents and Settings\Dawis\Plocha\MX vs ATV Unleashed\MXvsATV.exe:*:Enabled:MXvsATV"
"D:\KONAMI\Pro Evolution Soccer 2010\pes2010.exe"="D:\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\GPRSpeed Plus\GPRSpeed Plus Client\GPRSpeed_c.exe"="C:\Program Files\GPRSpeed Plus\GPRSpeed Plus Client\GPRSpeed_c.exe:*:Enabled:NettGain1100_C"
"E:\Programy\HLSW\hlsw.exe"="E:\Programy\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"D:\Activision\Call of Duty 2\CoD2MP_s.exe"="D:\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"E:\Programy\ICQ7.0\ICQ.exe"="E:\Programy\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"E:\Programy\ICQ7.0\aolload.exe"="E:\Programy\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"D:\Aspyr Media, Inc\THAW\Game\THAW.exe"="D:\Aspyr Media, Inc\THAW\Game\THAW.exe:*:Enabled:Tony Hawk's American Wasteland"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"D:\JoWooD\Freak Out - Extreme Freeride\FreakOut.exe"="D:\JoWooD\Freak Out - Extreme Freeride\FreakOut.exe:*:Enabled:FreakOut"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"D:\EA Games\Need for Speed Most Wanted\speed.exe"="D:\EA Games\Need for Speed Most Wanted\speed.exe:*:Enabled:speed"
"D:\Capcom\MotoGP 08\Launcher.exe"="D:\Capcom\MotoGP 08\Launcher.exe:*:Enabled:MotoGP 08"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Programy\ICQ7.0\ICQ.exe"="E:\Programy\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"E:\Programy\ICQ7.0\aolload.exe"="E:\Programy\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-03-03 14:57:59 ----D---- C:\Program Files\trend micro
2010-03-03 14:57:50 ----D---- C:\rsit
2010-03-02 14:49:31 ----A---- C:\Boot.bak
2010-03-02 14:48:57 ----RASHD---- C:\cmdcons
2010-03-02 14:44:35 ----A---- C:\WINDOWS\SWREG.exe
2010-03-02 14:44:35 ----A---- C:\WINDOWS\PEV.exe
2010-03-02 14:44:35 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-02 14:44:35 ----A---- C:\WINDOWS\MBR.exe
2010-03-02 14:44:34 ----A---- C:\WINDOWS\zip.exe
2010-03-02 14:44:34 ----A---- C:\WINDOWS\sed.exe
2010-03-02 14:44:34 ----A---- C:\WINDOWS\grep.exe
2010-03-02 14:44:33 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-02 14:44:33 ----A---- C:\WINDOWS\SWSC.exe
2010-03-02 14:43:48 ----D---- C:\WINDOWS\ERDNT
2010-03-02 14:43:23 ----SD---- C:\ComboFix
2010-03-02 14:14:25 ----D---- C:\Qoobox
2010-02-25 13:17:43 ----D---- C:\Program Files\Games
2010-02-25 11:49:38 ----D---- C:\Program Files\Samsung ML-1610 Series
2010-02-25 11:48:47 ----N---- C:\WINDOWS\system32\SSRemove.exe
2010-02-25 11:48:47 ----D---- C:\WINDOWS\Samsung
2010-02-25 11:47:40 ----A---- C:\WINDOWS\system32\SUGS1LMK.DLL
2010-02-25 11:47:40 ----A---- C:\WINDOWS\system32\SSCoInst.exe
2010-02-25 11:47:40 ----A---- C:\WINDOWS\system32\SSCoInst.dll
2010-02-24 09:35:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-10 09:05:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 09:05:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 09:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 09:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 09:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 09:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 09:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 09:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 09:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-07 20:14:23 ----D---- C:\Documents and Settings\Dawis\Data aplikací\InstallShield
2010-02-07 20:14:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2010-02-06 16:47:16 ----D---- C:\Program Files\AutocompletePro
2010-02-06 13:45:14 ----D---- C:\Program Files\ElcomSoft

======List of files/folders modified in the last 1 months======

2010-03-03 14:58:21 ----D---- C:\WINDOWS\Prefetch
2010-03-03 14:57:59 ----RD---- C:\Program Files
2010-03-03 14:44:07 ----D---- C:\WINDOWS\Temp
2010-03-03 13:58:18 ----A---- C:\ASWL2K.ini
2010-03-03 13:57:15 ----D---- C:\WINDOWS
2010-03-03 13:07:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-03 13:07:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-03 12:00:03 ----A---- C:\AILog.txt
2010-03-03 11:22:06 ----D---- C:\Program Files\Mozilla Firefox
2010-03-03 11:21:52 ----D---- C:\WINDOWS\system32
2010-03-02 22:23:57 ----D---- C:\Documents and Settings\Dawis\Data aplikací\ICQ
2010-03-02 17:02:49 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-03-02 15:09:42 ----D---- C:\WINDOWS\system32\drivers
2010-03-02 15:09:42 ----D---- C:\WINDOWS\AppPatch
2010-03-02 15:09:21 ----D---- C:\Program Files\Common Files
2010-03-02 14:49:32 ----RASH---- C:\boot.ini
2010-03-02 14:32:12 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-02 14:25:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-02 14:25:05 ----HD---- C:\WINDOWS\inf
2010-03-01 19:32:04 ----AC---- C:\WINDOWS\wincmd.ini
2010-03-01 16:05:10 ----D---- C:\WINDOWS\system32\config
2010-03-01 16:04:45 ----D---- C:\WINDOWS\system32\wbem
2010-03-01 16:04:44 ----D---- C:\WINDOWS\Registration
2010-02-26 20:21:43 ----A---- C:\WINDOWS\WTRAN32.INI
2010-02-26 11:35:40 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-26 11:25:37 ----D---- C:\WINDOWS\system32\DirectX
2010-02-26 11:25:15 ----RSD---- C:\WINDOWS\assembly
2010-02-25 21:15:05 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2010-02-25 15:23:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
2010-02-25 13:18:08 ----D---- C:\ProgramData
2010-02-25 11:50:04 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-24 09:37:54 ----D---- C:\WINDOWS\ie8updates
2010-02-24 09:35:55 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-24 09:35:46 ----A---- C:\WINDOWS\imsins.BAK
2010-02-23 20:05:16 ----AC---- C:\WINDOWS\WDICT32.INI
2010-02-20 12:15:54 ----SHD---- C:\WINDOWS\Installer
2010-02-20 12:15:54 ----HD---- C:\Config.Msi
2010-02-14 21:46:25 ----D---- C:\Documents and Settings\Dawis\Data aplikací\Skype
2010-02-13 13:59:20 ----RD---- C:\Program Files\Skype
2010-02-13 13:59:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-02-12 17:01:22 ----SD---- C:\WINDOWS\Tasks
2010-02-11 18:09:19 ----D---- C:\WINDOWS\Help
2010-02-10 09:02:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-02-08 21:19:52 ----D---- C:\Documents and Settings\Dawis\Data aplikací\Winamp
2010-02-08 14:08:56 ----D---- C:\WINDOWS\WinSxS
2010-02-07 20:06:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-05 18:40:27 ----D---- C:\Program Files\QuickTime

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2004-05-17 41984]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2008-02-19 15781]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-16 2324160]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\System32\ASNDIS5.SYS []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 BCM43XX;ASUS 802.11 ovladač síťového adaptéru; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-08-31 20480]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2005-08-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2006-01-19 10068]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-07-29 11988]
R3 genmcmn;Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gmfiltr.sys [2003-01-29 7894]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-12-27 25280]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2006-02-28 84836]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
R3 ZSMC0305;CANYON CN-WCAM23 PC-Camera; C:\WINDOWS\System32\Drivers\usbVM305.sys [2006-03-17 392316]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\Dawis\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Dawis\LOCALS~1\Temp\ENQB4.tmp []
S3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2003-08-07 6528]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-07-07 55216]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2007-04-03 17664]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ASWLSVC;ASWLSVC; C:\WINDOWS\System32\ASWLSVC.exe [2004-05-06 496640]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; E:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-02-25 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-03-02 214520]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-21 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]

-----------------EOF-----------------

#19 Příspěvek od **stell** » 03 bře 2010 15:50

Zdravim
1:Je potřeba vypnout nástroj obnova systému - Ovládací panely>systém>obnovení systému>vypnout nástroj obnovení systému>OK nebo použít a nyní jen restartovat PC
2. Po restartu je tento adresář kompletně smazán, obnovu opět zapnout>restartnes pc do nudzoveho rezimu s pracou v sieti a zostanes tam.
3:tiahnes>>OTMoveIt3 by OldTimer >.podla navodu vloz text a klik-Moveit>>log po restarte vloz sem/

Kód: Vybrat vše

:processes
explorer.exe

:files
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\Program Files\MyWebSearch
C:\Program Files\AutocompletePro
C:\Program Files\Ask.com
C:\Documents and Settings\Dawis\Nabídka Start\Programy\Po spuštění\winesm32.exe
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{07B18EA9-A523-4961-B6BB-170DE4475CCA}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MyWebSearch Plugin"=-
"HP Software Update"=-
"SunJavaUpdateSched"=-
"NeroFilterCheck"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MyWebSearch Email Plugin"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"sysinit"=-
 
:commands
[purity]
[emptytemp]
[ClearAllRestorePoints]
[resethosts]
[start explorer]
[Reboot]

4:Stáhni, nainstaluj program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- PravyKlik na kos-spustit ccleaner ->>>Cakas>>na cistenie,,
PravyKlik na kos-otvorit ccleaner-záložka Windows a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na záložku Aplikace a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na Registry, stiskni Hledej problémy, po dokončení skenování klikni na Opravit vybrané problémy,
-zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Opravit všechny problémy,
5:http://download.bleepingcomputer.com/ma ... -setup.exe
Stiahnes>>Malwarebytes' Anti-Malware stiahnut-nainstalovat -aktualizovat-
sprav komplet skan,co najde daj zmazat,,,log vloz sem,restart do windows,zapnut obnovu systemu.
6:

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte>>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Suhlasit instalacio Konzoly pre zotavenie (Recovery console)

- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

michal95 · #20 Příspěvek od **michal95** » 03 bře 2010 16:43

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin folder moved successfully.
C:\Program Files\MyWebSearch\SrchAstt folder moved successfully.
C:\Program Files\MyWebSearch\bar\Settings folder moved successfully.
C:\Program Files\MyWebSearch\bar\Notifier folder moved successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON folder moved successfully.
C:\Program Files\MyWebSearch\bar\Message folder moved successfully.
C:\Program Files\MyWebSearch\bar\icons folder moved successfully.
C:\Program Files\MyWebSearch\bar\History folder moved successfully.
C:\Program Files\MyWebSearch\bar\Game folder moved successfully.
C:\Program Files\MyWebSearch\bar\Cache folder moved successfully.
C:\Program Files\MyWebSearch\bar\Avatar folder moved successfully.
C:\Program Files\MyWebSearch\bar\1.bin folder moved successfully.
C:\Program Files\MyWebSearch\bar folder moved successfully.
C:\Program Files\MyWebSearch folder moved successfully.
C:\Program Files\AutocompletePro\support@predictad.com\defaults\preferences folder moved successfully.
C:\Program Files\AutocompletePro\support@predictad.com\defaults folder moved successfully.
C:\Program Files\AutocompletePro\support@predictad.com\chrome\content folder moved successfully.
C:\Program Files\AutocompletePro\support@predictad.com\chrome folder moved successfully.
C:\Program Files\AutocompletePro\support@predictad.com folder moved successfully.
C:\Program Files\AutocompletePro folder moved successfully.
File/Folder C:\Program Files\Ask.com not found.
C:\Documents and Settings\Dawis\Nabídka Start\Programy\Po spuštění\winesm32.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Plugin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\sysinit deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 750916 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Dawis
->Temp folder emptied: 162068568 bytes
->Temporary Internet Files folder emptied: 127633778 bytes
->Java cache emptied: 121816135 bytes
->FireFox cache emptied: 144309712 bytes
->Google Chrome cache emptied: 274860927 bytes
->Flash cache emptied: 2586562 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1139202 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1018805 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 798,00 mb

Restore points cleared and new OTM Restore Point set!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.10.0 log created on 03032010_163313

michal95 · #21 Příspěvek od **michal95** » 03 bře 2010 17:09

ComboFix 10-03-02.08 - Dawis 03.03.2010 16:56:58.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2303.1803 [GMT 1:00]
Spuštěný z: c:\documents and settings\Dawis\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100302-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\0056AC0C.urr
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-03 do 2010-03-03 )))))))))))))))))))))))))))))))
.

2010-03-03 15:33 . 2010-03-03 15:33 -------- d-----w- C:\_OTM
2010-03-03 14:38 . 2010-03-03 14:38 -------- d-----w- c:\documents and settings\Administrator
2010-03-03 13:57 . 2010-03-03 13:58 -------- d-----w- c:\program files\trend micro
2010-03-03 13:57 . 2010-03-03 13:59 -------- d-----w- C:\rsit
2010-03-01 15:04 . 2010-03-01 15:04 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-28 14:43 . 2010-02-28 14:43 792064 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-02-25 12:17 . 2010-02-25 12:17 -------- d-----w- c:\program files\Games
2010-02-25 10:49 . 2010-02-25 10:49 -------- d-----w- c:\program files\Samsung ML-1610 Series
2010-02-25 10:48 . 2010-02-25 10:49 -------- d-----w- c:\windows\Samsung
2010-02-25 10:48 . 2003-11-17 11:24 208896 ------w- c:\windows\system32\SSRemove.exe
2010-02-25 10:48 . 2004-05-17 13:04 41984 ------w- c:\windows\system32\drivers\DGIVECP.SYS
2010-02-25 10:47 . 2005-04-08 02:29 20622 ----a-w- c:\windows\system32\SUGS1LMK.DLL
2010-02-25 10:47 . 2005-03-03 04:32 151552 ----a-w- c:\windows\system32\SSCoInst.exe
2010-02-25 10:47 . 2004-10-11 12:25 57344 ----a-w- c:\windows\system32\SSCoInst.dll
2010-02-20 11:16 . 2010-02-20 11:16 2228 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-02-06 12:45 . 2010-02-06 12:45 -------- d-----w- c:\program files\ElcomSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 07:15 . 2009-10-03 10:48 69 -c--a-w- c:\documents and settings\Dawis\jagex_runescape_preferences2.dat
2010-03-03 07:12 . 2008-07-02 06:52 41 -c--a-w- c:\documents and settings\Dawis\jagex_runescape_preferences.dat
2010-03-02 16:03 . 2008-02-22 19:32 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-02 16:02 . 2008-02-22 19:32 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-28 14:43 . 2010-02-28 14:43 792064 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-02-26 10:35 . 2008-02-19 16:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-25 20:15 . 2008-02-22 19:32 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-13 12:59 . 2008-02-20 13:45 -------- d-----r- c:\program files\Skype
2010-02-05 17:40 . 2010-01-14 17:45 -------- d-----w- c:\program files\QuickTime
2010-02-02 15:40 . 2009-10-17 16:05 108144 -c--a-w- c:\windows\system32\CmdLineExt.dll
2010-01-29 16:24 . 2001-10-25 12:00 533574 ----a-w- c:\windows\system32\perfh005.dat
2010-01-29 16:24 . 2001-10-25 12:00 123792 ----a-w- c:\windows\system32\perfc005.dat
2010-01-29 16:22 . 2009-11-08 17:26 -------- d-----w- c:\program files\Microsoft SQL Server
2010-01-29 16:20 . 2010-01-29 16:20 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-01-29 16:20 . 2010-01-29 16:20 -------- d-----w- c:\program files\MSXML 6.0
2010-01-29 16:19 . 2008-02-19 16:51 -------- d-----w- c:\program files\Microsoft.NET
2010-01-29 16:16 . 2010-01-29 16:16 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-01-23 10:40 . 2010-01-23 10:40 -------- d-----w- c:\program files\Winamp Toolbar
2010-01-21 06:14 . 2008-05-11 14:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 15:39 . 2009-02-11 19:59 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-14 17:44 . 2010-01-14 17:44 -------- d-----w- c:\program files\Common Files\Apple
2010-01-14 17:44 . 2010-01-14 17:44 -------- d-----w- c:\program files\Apple Software Update
2010-01-11 13:48 . 2008-05-12 18:41 -------- d-----w- c:\program files\DivX
2010-01-11 13:47 . 2009-10-31 16:01 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-08 09:58 . 2009-12-10 18:19 78180 -c--a-w- c:\windows\hpqins05.dat
2009-12-31 16:50 . 2001-10-25 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-25 13:19 . 2009-12-25 11:16 1234 -c--a-w- c:\program files\GPRSpeed Plus Client setup.log
2009-12-21 19:08 . 2006-06-23 12:27 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-02-19 15:59 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2002-09-20 16:03 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 19:48 . 2009-12-10 19:38 175579 -c--a-w- c:\windows\hphins26.dat
2009-12-09 10:11 . 2002-09-20 17:12 2068224 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 10:11 . 2002-09-20 15:12 2191360 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-04 18:22 . 2002-08-28 23:59 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2004-04-23 77824]
"Google Update"="c:\documents and settings\Dawis\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-01-26 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-14 77824]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2005-09-13 1668096]
"BigDog305"="c:\windows\VM305_STI.EXE" [2006-03-17 61440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"mouseElf"="c:\progra~1\SCROLL~1\GNETMOUS.EXE" [2004-02-24 176128]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"DAEMON Tools-1033"="e:\programy\D-Tools\daemon.exe" [2004-08-22 81920]
"WinampAgent"="e:\programy\Winamp\winampa.exe" [2010-01-13 37888]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Programy\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"d:\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"d:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Microsoft Games\\Age of Empires III\\Age3.exe"=
"d:\\EA Sports\\FIFA 08\\FIFA08.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Programy\\HLSW\\hlsw.exe"=
"d:\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"e:\\Programy\\ICQ7.0\\ICQ.exe"=
"e:\\Programy\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\EA Games\\Need for Speed Most Wanted\\speed.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [9.3.2008 11:58 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [9.3.2008 11:58 5248]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3.5.2008 7:02 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.5.2008 7:02 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11.2.2009 20:59 246520]
R3 ZSMC0305;CANYON CN-WCAM23 PC-Camera;c:\windows\system32\drivers\usbVM305.sys [25.3.2008 10:05 392316]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Dawis\LOCALS~1\Temp\ENQB4.tmp --> c:\docume~1\Dawis\LOCALS~1\Temp\ENQB4.tmp [?]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [21.7.2008 5:14 6528]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - e:\programy\ICQ7.0\ICQ.exe
TCP: {D8AE4382-4894-4792-9429-102D55527F08} = 10.181.181.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dawis\Data aplikací\Mozilla\Firefox\Profiles\ncms0udm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Dawis\Data aplikací\Mozilla\Firefox\Profiles\ncms0udm.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-RGSC - d:\rockstar games\Rockstar Games Social Club\RGSCLauncher.exe
HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
HKLM-Run-Adobe Photo Downloader - e:\programy\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
AddRemove-Age of Empires II: The Conquerors Expansion 1.0 - d:\hry\Microsoft Games\Age of Empires II\UNINSTALX.EXE
AddRemove-AutocompletePro2_is1 - c:\program files\AutocompletePro\unins000.exe
AddRemove-GameSpy Arcade - d:\hry\DOPLKY~1\GAMESP~1\UNWISE.EXE
AddRemove-Hidden and Dangerous - d:\take2\Hidden and Dangerous\Uninst.isu
AddRemove-KYE - c:\program files\Scroll Mouse\Setup.exe
AddRemove-Microsoft Visual Basic 2008 Express Edition with SP1 - ENU - e:\programy\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition with SP1 - ENU\setup.exe
AddRemove-Re-Volt - d:\hry\Acclaim Entertainment\Re-Volt\Uninst.isu

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 17:05
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

skenování skrytých souborů ...

c:\docume~1\Dawis\LOCALS~1\Temp\catchme.dll 53248 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89C27D08]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8fcf28
\Driver\ACPI -> ACPI.sys @ 0xba759cb8
\Driver\atapi -> 0x89c27d08
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Dawis\LOCALS~1\Temp\ENQB4.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1343024091-220523388-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:02,35,4d,0f,da,ec,65,6e,2a,1d,45,ca,c9,2b,0e,fd,db,ca,9d,f0,3e,9d,23,
d4,62,f9,df,92,4c,b0,0d,e0,85,0c,56,13,fd,5f,93,dd,70,34,40,bd,28,24,64,95,\
"??"=hex:cc,c1,e3,69,44,e1,2e,ca,9a,af,93,6e,76,05,15,9b

[HKEY_USERS\S-1-5-21-1343024091-220523388-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:ef,64,c8,7a,50,54,ea,20,fb,76,14,f8,88,ba,22,d0,37,c0,a0,63,ac,
bc,40,6a,74,09,8d,72,a5,d6,65,76,8f,56,eb,43,b8,e0,01,43,ea,47,6f,e7,be,07,\
"rkeysecu"=hex:12,8c,4c,f4,ee,1d,6e,52,cd,d5,87,81,0f,e5,15,dc
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1284)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3584)
c:\program files\Logitech\Profiler\LWEHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\windows\System32\ASWLSVC.exe
e:\programy\IVT Corporation\BlueSoleil\BTNtService.exe
c:\documents and settings\Dawis\Local Settings\Data aplikací\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\setup\avast.setup
.
**************************************************************************
.
Celkový čas: 2010-03-03 17:07:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-03 16:07

Před spuštěním: Volných bajtů: 24 808 370 176
Po spuštění: Volných bajtů: 24 650 579 968

- - End Of File - - DBEEE6DC0860BB046F5C864CA8307AC2

Prozatím vše funguje děkuji...

#22 Příspěvek od **stell** » 03 bře 2010 17:30

treba spustit este Malwarebytes tak ako som napisal,
potom este vloz sem log z G_MER ak chces

stiahnes specialnu verziu G-Mer
Special
uloz na plochu >>
Odpojiť sa od internetu a zatvor všetky otvorené programy,
Dočasne zakázať akékoľvek real-time aktívnej ochrany,
a spust>.prebehne kratky skan,,,
ak dostanes hlasku rootkit activity and asks if you want to run scan>>kliknes NO<<
a nastavis to takto

>> kliknes scan,<<
na konci skanu >>SAVE<< nazov das mojlog.txt>>uloz na plochu a log vloz sem,,

Ak nedostanes ziadnu hlasku,,,nechas vsetko zafajknute a kliknes SCAN->>>>po skane >>SAVE<<log vloz sem,

morfeus24 · #23 Příspěvek od **morfeus24** » 20 črc 2010 18:20

Ahoj, prosim Vas mam asi ten isty problem ako predomnou chlapci ... Prosim o pomoc

morfeus24 · #24 Příspěvek od **morfeus24** » 20 črc 2010 18:21

tu je moj log....

Logfile of random's system information tool 1.08 (written by random/random)
Run by JA at 2010-07-20 18:41:24
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (32%) free of 35 GB
Total RAM: 510 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:42:37, on 20. 7. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\DOCUME~1\JA\LOCALS~1\Temp\ISSCAN\PskSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\HotKey\hotkey.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\qtplugin.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\PROGRA~1\HotKey\OSD.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Rsit\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\JA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://radiobar.toolbarhome.com?hp=df
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
R3 - URLSearchHook: Power Challenge Toolbar - {208722fa-38e0-4142-83e5-a341b43a35dd} - C:\Program Files\Power_Challenge\tbPow0.dll
R3 - URLSearchHook: LocalStrike_English Toolbar - {41fe951c-2aaf-4f08-ab67-aebd1ed636f2} - C:\Program Files\LocalStrike_English\tbLoc0.dll
R3 - URLSearchHook: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP0.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (file missing)
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll
R3 - URLSearchHook: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMari.dll
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Power Challenge Toolbar - {208722fa-38e0-4142-83e5-a341b43a35dd} - C:\Program Files\Power_Challenge\tbPow0.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: LocalStrike_English Toolbar - {41fe951c-2aaf-4f08-ab67-aebd1ed636f2} - C:\Program Files\LocalStrike_English\tbLoc0.dll
O2 - BHO: RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll
O2 - BHO: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMari.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP0.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: Power Challenge Toolbar - {208722fa-38e0-4142-83e5-a341b43a35dd} - C:\Program Files\Power_Challenge\tbPow0.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: LocalStrike_English Toolbar - {41fe951c-2aaf-4f08-ab67-aebd1ed636f2} - C:\Program Files\LocalStrike_English\tbLoc0.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP0.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (file missing)
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll
O3 - Toolbar: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMari.dll
O3 - Toolbar: VDownloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O3 - Toolbar: RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKey] C:\Program Files\HotKey\hotkey.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: srvklw32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZNman000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: toolbarchrome - {718733BC-AD64-4E5F-AC18-A85FBD75D54D} - C:\Program Files\RadioBar\toolbar.ni.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Systémové aplikace modelu COM+ COMSysAppFastUserSwitchingCompatibility (COMSysAppFastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\system32\asctrlsi.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - Unknown owner - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PskSvcRetailInst - Panda Security, S.L. - C:\DOCUME~1\JA\LOCALS~1\Temp\ISSCAN\PskSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Zwangi Service - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\Zwangi\zwangi115.exe (file missing)

--
End of file - 16180 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL [2009-09-19 70992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [2009-12-16 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
ToggleEN Toolbar - C:\Program Files\ToggleEN\tbTog1.dll [2010-05-14 2515552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2009-09-19 452016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{208722fa-38e0-4142-83e5-a341b43a35dd}]
Power Challenge Toolbar - C:\Program Files\Power_Challenge\tbPow0.dll [2010-05-14 2515552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSoft.dll [2010-06-03 2736736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41fe951c-2aaf-4f08-ab67-aebd1ed636f2}]
LocalStrike_English Toolbar - C:\Program Files\LocalStrike_English\tbLoc0.dll [2010-05-14 2515552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B291E6C-9A74-4034-971B-A4B007A0B315}]
RadioBar Toolbar - C:\Program Files\RadioBar\toolbar.ni.dll [2010-01-11 451808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{707db484-2428-402d-afb5-d85b387544c7}]
Mario Forever Toolbar - C:\Program Files\Mario_Forever\tbMari.dll [2010-06-13 2734688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-10 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-07-10 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
VDownloader Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
PHPNukeEN Toolbar - C:\Program Files\PHPNukeEN\tbPHP0.dll [2010-05-14 2515552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\SearchSettings.dll [2009-12-16 1109504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-29 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre0.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-02 1018616]
{EEE6C35B-6118-11DC-9C72-001320C79847}
{208722fa-38e0-4142-83e5-a341b43a35dd} - Power Challenge Toolbar - C:\Program Files\Power_Challenge\tbPow0.dll [2010-05-14 2515552]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2009-09-19 452016]
{41fe951c-2aaf-4f08-ab67-aebd1ed636f2} - LocalStrike_English Toolbar - C:\Program Files\LocalStrike_English\tbLoc0.dll [2010-05-14 2515552]
{dd02a4eb-4afd-4d60-99d8-e67f964ca813} - PHPNukeEN Toolbar - C:\Program Files\PHPNukeEN\tbPHP0.dll [2010-05-14 2515552]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre0.dll []
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [2009-12-16 700416]
{038cb5c7-48ea-4af9-94e0-a1646542e62b} - ToggleEN Toolbar - C:\Program Files\ToggleEN\tbTog1.dll [2010-05-14 2515552]
{707db484-2428-402d-afb5-d85b387544c7} - Mario Forever Toolbar - C:\Program Files\Mario_Forever\tbMari.dll [2010-06-13 2734688]
{D4027C7F-154A-4066-A1AD-4243D8127440} - VDownloader Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-10 278192]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSoft.dll [2010-06-03 2736736]
{5B291E6C-9A74-4034-971B-A4B007A0B315} - RadioBar Toolbar - C:\Program Files\RadioBar\toolbar.ni.dll [2010-01-11 451808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640]
"nwiz"=nwiz.exe /install []
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"HotKey"=C:\Program Files\HotKey\hotkey.exe [2006-03-07 81920]
""= []
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2005-12-12 69632]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Internet Connection Wizard Setup Tool"=C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe []
"MyWebSearch Plugin"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF []
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S []
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2009-09-19 32838]
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2009-12-16 975360]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]
"RegistryMonitor1"=C:\WINDOWS\system32\qtplugin.exe [2010-07-10 504320]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-26 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-11-10 15473664]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-13 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-13 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-07-20 524632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-14 39408]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2009-09-19 32838]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2010-06-23 133368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2005-07-29 270336]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\JA\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
srvklw32.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\CS\cstrike.exe"="D:\CS\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"D:\jav\jre-6u13-windows-i586-p-s.exe"="D:\jav\jre-6u13-windows-i586-p-s.exe:*:Enabled:jre-6u13-windows-i586-p-s"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\EA SPORTS\FIFA 08\FIFA08.exe"="C:\Program Files\EA SPORTS\FIFA 08\FIFA08.exe:*:Enabled:FIFA08"
"C:\Documents and Settings\JA\Plocha\FIFA08.exe"="C:\Documents and Settings\JA\Plocha\FIFA08.exe:*:Enabled:FIFA08"
"C:\Program Files\Electronic Arts\EA Downloader\Core.exe"="C:\Program Files\Electronic Arts\EA Downloader\Core.exe:*:Disabled:EA Download Manager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\counter strike\hl.exe"="D:\counter strike\hl.exe:*:Disabled:Half-Life Launcher"
"D:\utorrent\utorrent.exe"="D:\utorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\DOCUME~1\JA\LOCALS~1\Temp\svchost.exe"="C:\DOCUME~1\JA\LOCALS~1\Temp\svchost.exe:*:Enabled:ldrsoft"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-07-20 18:41:31 ----D---- C:\Program Files\trend micro
2010-07-20 18:41:24 ----D---- C:\rsit
2010-07-20 15:41:32 ----A---- C:\WINDOWS\system32\drivers\Lbd.sys
2010-07-20 15:41:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-20 15:37:57 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-07-19 23:05:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-07-19 22:46:24 ----D---- C:\Documents and Settings\JA\Data aplikací\RadioBar
2010-07-19 22:46:17 ----D---- C:\Program Files\RadioBar
2010-07-16 16:40:05 ----D---- C:\Documents and Settings\JA\Data aplikací\Nvu
2010-07-14 18:41:40 ----D---- C:\Documents and Settings\JA\Data aplikací\inkscape
2010-07-14 18:33:18 ----D---- C:\Program Files\Softonic-Eng7
2010-07-12 17:34:22 ----ASH---- C:\pagefile.sys
2010-07-12 17:18:59 ----D---- C:\WINDOWS\system32\wins
2010-07-12 17:18:59 ----D---- C:\WINDOWS\system32\ShellExt
2010-07-12 17:18:59 ----D---- C:\WINDOWS\system32\export
2010-07-12 17:18:59 ----D---- C:\WINDOWS\system32\dhcp
2010-07-12 17:18:59 ----D---- C:\WINDOWS\system32\cs-cz
2010-07-12 17:18:59 ----D---- C:\WINDOWS\system32\cs
2010-07-12 17:18:59 ----D---- C:\WINDOWS\system32\3com_dmi
2010-07-12 17:18:59 ----D---- C:\WINDOWS\system32\3076
2010-07-12 17:18:59 ----D---- C:\WINDOWS\system32\2052
2010-07-12 17:18:59 ----D---- C:\WINDOWS\system32\1054
2010-07-12 17:18:59 ----D---- C:\WINDOWS\system32\1042
2010-07-12 17:18:59 ----D---- C:\WINDOWS\system32\1041
2010-07-12 17:18:59 ----D---- C:\WINDOWS\system32\1037
2010-07-12 17:18:59 ----D---- C:\WINDOWS\system32\1031
2010-07-12 17:18:59 ----D---- C:\WINDOWS\system32\1028
2010-07-12 17:18:59 ----D---- C:\WINDOWS\system32\1025
2010-07-12 17:18:59 ----D---- C:\WINDOWS\L2Schemas
2010-07-12 16:15:47 ----D---- C:\WINDOWS\Prefetch
2010-07-12 16:08:56 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-07-12 16:08:22 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2010-07-12 16:06:11 ----A---- C:\WINDOWS\system32\tsgqec.dll
2010-07-12 16:06:10 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2010-07-12 16:06:10 ----A---- C:\WINDOWS\system32\aaclient.dll
2010-07-12 16:05:28 ----A---- C:\WINDOWS\system32\irmon.dll
2010-07-12 16:05:27 ----A---- C:\WINDOWS\system32\wshirda.dll
2010-07-12 16:05:27 ----A---- C:\WINDOWS\system32\irftp.exe
2010-07-12 16:05:27 ----A---- C:\WINDOWS\system32\drivers\irda.sys
2010-07-12 16:03:53 ----A---- C:\WINDOWS\system32\uniime.dll
2010-07-12 16:03:44 ----A---- C:\WINDOWS\system32\c_g18030.dll
2010-07-12 16:03:43 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2010-07-12 16:03:43 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2010-07-12 16:03:43 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2010-07-12 16:03:43 ----A---- C:\WINDOWS\system32\kbd106n.dll
2010-07-12 16:03:43 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2010-07-12 16:03:42 ----A---- C:\WINDOWS\system32\kbdax2.dll
2010-07-12 16:03:42 ----A---- C:\WINDOWS\system32\kbd101.dll
2010-07-12 16:03:42 ----A---- C:\WINDOWS\system32\imjp81k.dll
2010-07-12 16:03:36 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2010-07-12 16:03:36 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2010-07-12 16:03:35 ----A---- C:\WINDOWS\system32\msir3jp.dll
2010-07-12 16:03:35 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2010-07-12 16:03:20 ----A---- C:\WINDOWS\system32\kbd101a.dll
2010-07-12 16:03:10 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2010-07-12 16:03:10 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2010-07-12 16:03:10 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2010-07-12 16:02:51 ----A---- C:\WINDOWS\system32\c_is2022.dll
2010-07-12 16:02:50 ----RA---- C:\WINDOWS\system32\kbdarmw.dll
2010-07-12 16:02:50 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
2010-07-12 16:02:49 ----RA---- C:\WINDOWS\system32\kbdvntc.dll
2010-07-12 16:02:49 ----RA---- C:\WINDOWS\system32\kbdintel.dll
2010-07-12 16:02:49 ----RA---- C:\WINDOWS\system32\kbdintam.dll
2010-07-12 16:02:49 ----RA---- C:\WINDOWS\system32\kbdinpun.dll
2010-07-12 16:02:49 ----RA---- C:\WINDOWS\system32\kbdinmar.dll
2010-07-12 16:02:49 ----RA---- C:\WINDOWS\system32\kbdinkan.dll
2010-07-12 16:02:49 ----RA---- C:\WINDOWS\system32\kbdinhin.dll
2010-07-12 16:02:49 ----RA---- C:\WINDOWS\system32\kbdinguj.dll
2010-07-12 16:02:49 ----RA---- C:\WINDOWS\system32\kbdindev.dll
2010-07-12 16:02:49 ----RA---- C:\WINDOWS\system32\kbdgeo.dll
2010-07-12 16:02:49 ----RA---- C:\WINDOWS\system32\kbdarme.dll
2010-07-12 16:02:49 ----A---- C:\WINDOWS\system32\c_iscii.dll
2010-07-12 16:02:48 ----RA---- C:\WINDOWS\system32\kbdsyr2.dll
2010-07-12 16:02:48 ----RA---- C:\WINDOWS\system32\kbdsyr1.dll
2010-07-12 16:02:48 ----RA---- C:\WINDOWS\system32\kbddiv2.dll
2010-07-12 16:02:48 ----RA---- C:\WINDOWS\system32\kbddiv1.dll
2010-07-12 16:02:47 ----RA---- C:\WINDOWS\system32\kbdurdu.dll
2010-07-12 16:02:47 ----RA---- C:\WINDOWS\system32\kbdfa.dll
2010-07-12 16:02:47 ----RA---- C:\WINDOWS\system32\kbda3.dll
2010-07-12 16:02:47 ----RA---- C:\WINDOWS\system32\kbda2.dll
2010-07-12 16:02:47 ----RA---- C:\WINDOWS\system32\kbda1.dll
2010-07-12 16:02:47 ----A---- C:\WINDOWS\system32\kbdusa.dll
2010-07-12 16:02:45 ----RA---- C:\WINDOWS\system32\kbdheb.dll
2010-07-12 16:02:42 ----RA---- C:\WINDOWS\system32\kbdth3.dll
2010-07-12 16:02:42 ----RA---- C:\WINDOWS\system32\kbdth2.dll
2010-07-12 16:02:42 ----RA---- C:\WINDOWS\system32\kbdth1.dll
2010-07-12 16:02:42 ----RA---- C:\WINDOWS\system32\kbdth0.dll
2010-07-12 16:02:42 ----A---- C:\WINDOWS\system32\ftlx041e.dll
2010-07-12 15:57:51 ----D---- C:\WINDOWS\NV8681176.TMP
2010-07-12 15:55:15 ----A---- C:\WINDOWS\system32\drivers\irsir.sys
2010-07-12 15:46:30 ----A---- C:\WINDOWS\system32\drivers\rasirda.sys
2010-07-12 15:43:23 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-07-12 15:43:23 ----A---- C:\WINDOWS\system32\irclass.dll
2010-07-12 15:42:57 ----RA---- C:\WINDOWS\SETAE.tmp
2010-07-12 15:42:54 ----RA---- C:\WINDOWS\SETA2.tmp
2010-07-12 15:42:52 ----RA---- C:\WINDOWS\SETA1.tmp
2010-07-10 17:02:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-07-10 17:02:04 ----D---- C:\Program Files\Common Files\Java
2010-07-10 17:01:20 ----A---- C:\WINDOWS\system32\javaws.exe
2010-07-10 17:01:20 ----A---- C:\WINDOWS\system32\javaw.exe
2010-07-10 17:01:20 ----A---- C:\WINDOWS\system32\java.exe
2010-07-10 17:01:20 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-07-10 16:55:23 ----A---- C:\WINDOWS\system32\qtplugin.exe
2010-07-09 09:11:33 ----RSH---- C:\Documents and Settings\JA\Data aplikací\sbeb.exe
2010-06-29 19:50:44 ----D---- C:\Program Files\uTorrent
2010-06-29 19:50:42 ----D---- C:\Documents and Settings\JA\Data aplikací\uTorrent
2010-06-25 11:39:46 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2010-06-25 11:39:45 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2010-06-25 11:39:45 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2010-06-25 11:39:45 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2010-06-25 11:39:44 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2010-06-25 11:39:39 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-06-25 11:39:38 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2010-06-25 11:39:38 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2010-06-25 11:39:38 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2010-06-23 17:13:09 ----D---- C:\Program Files\ICQ7.2

======List of files/folders modified in the last 1 months======

2010-07-20 18:42:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-20 18:42:15 ----D---- C:\WINDOWS\system32\drivers
2010-07-20 18:41:31 ----RD---- C:\Program Files
2010-07-20 17:43:33 ----D---- C:\WINDOWS\Temp
2010-07-20 17:32:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-20 17:31:15 ----D---- C:\WINDOWS\system32\Lang
2010-07-20 17:30:29 ----D---- C:\WINDOWS\system32
2010-07-20 15:47:51 ----D---- C:\WINDOWS
2010-07-20 15:44:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-20 15:42:00 ----HD---- C:\WINDOWS\inf
2010-07-20 15:41:52 ----SD---- C:\WINDOWS\Tasks
2010-07-20 15:37:37 ----SHD---- C:\WINDOWS\Installer
2010-07-20 15:36:12 ----D---- C:\Program Files\Lavasoft
2010-07-20 15:36:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-07-20 14:43:38 ----D---- C:\WINDOWS\Debug
2010-07-20 14:43:30 ----D---- C:\WINDOWS\Minidump
2010-07-20 11:04:16 ----D---- C:\Program Files\Google
2010-07-19 23:06:37 ----D---- C:\Program Files\Common Files\DivX Shared
2010-07-18 11:48:44 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-15 18:35:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-15 17:04:54 ----D---- C:\Documents and Settings\JA\Data aplikací\ICQ
2010-07-15 16:57:51 ----D---- C:\Documents and Settings\JA\Data aplikací\BSplayer Pro
2010-07-12 17:39:45 ----D---- C:\WINDOWS\system32\Setup
2010-07-12 17:39:34 ----D---- C:\WINDOWS\system32\usmt
2010-07-12 17:39:24 ----D---- C:\WINDOWS\AppPatch
2010-07-12 17:39:22 ----D---- C:\WINDOWS\ehome
2010-07-12 17:39:21 ----D---- C:\WINDOWS\ime
2010-07-12 17:39:18 ----D---- C:\WINDOWS\Media
2010-07-12 17:39:17 ----D---- C:\WINDOWS\network diagnostic
2010-07-12 17:39:03 ----D---- C:\WINDOWS\PeerNet
2010-07-12 17:38:49 ----D---- C:\WINDOWS\system32\npp
2010-07-12 17:38:41 ----D---- C:\WINDOWS\msagent
2010-07-12 17:36:17 ----D---- C:\WINDOWS\system32\1029
2010-07-12 17:36:09 ----D---- C:\WINDOWS\twain_32
2010-07-12 17:35:56 ----D---- C:\WINDOWS\system32\icsxml
2010-07-12 17:35:31 ----D---- C:\WINDOWS\system32\ias
2010-07-12 17:35:26 ----D---- C:\WINDOWS\system32\1033
2010-07-12 17:34:22 ----D---- C:\WINDOWS\Driver Cache
2010-07-12 17:18:59 ----D---- C:\WINDOWS\system32\mui
2010-07-12 16:21:05 ----SD---- C:\Documents and Settings\JA\Data aplikací\Microsoft
2010-07-12 16:20:39 ----D---- C:\WINDOWS\Registration
2010-07-12 16:20:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-12 16:19:12 ----D---- C:\WINDOWS\system32\Restore
2010-07-12 16:19:11 ----SHD---- C:\System Volume Information
2010-07-12 16:15:15 ----D---- C:\WINDOWS\system32\config
2010-07-12 16:15:15 ----D---- C:\WINDOWS\nview
2010-07-12 16:15:15 ----D---- C:\WINDOWS\Help
2010-07-12 16:10:26 ----D---- C:\WINDOWS\security
2010-07-12 16:09:59 ----A---- C:\WINDOWS\ODBCINST.INI
2010-07-12 16:09:32 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2010-07-12 16:08:59 ----RD---- C:\WINDOWS\Web
2010-07-12 16:08:51 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-07-12 16:08:39 ----A---- C:\WINDOWS\win.ini
2010-07-12 16:08:29 ----D---- C:\WINDOWS\srchasst
2010-07-12 16:08:26 ----D---- C:\Program Files\Windows Media Player
2010-07-12 16:08:21 ----D---- C:\Program Files\Movie Maker
2010-07-12 16:08:18 ----D---- C:\WINDOWS\system32\oobe
2010-07-12 16:08:08 ----D---- C:\Program Files\NetMeeting
2010-07-12 16:08:05 ----D---- C:\Program Files\Outlook Express
2010-07-12 16:08:04 ----D---- C:\Program Files\Common Files\System
2010-07-12 16:07:52 ----D---- C:\Program Files\Internet Explorer
2010-07-12 16:06:55 ----D---- C:\WINDOWS\system32\Com
2010-07-12 16:06:18 ----D---- C:\Program Files\Messenger
2010-07-12 16:06:17 ----D---- C:\WINDOWS\system32\wbem
2010-07-12 16:06:15 ----D---- C:\Program Files\Windows NT
2010-07-12 16:05:15 ----SH---- C:\boot.ini
2010-07-12 16:03:59 ----A---- C:\WINDOWS\system.ini
2010-07-12 16:03:46 ----RSD---- C:\WINDOWS\Fonts
2010-07-12 15:44:28 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-12 15:43:22 ----D---- C:\WINDOWS\system
2010-07-12 15:43:13 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-07-12 15:42:17 ----D---- C:\WINDOWS\WinSxS
2010-07-12 14:47:16 ----D---- C:\Documents and Settings
2010-07-11 10:04:56 ----SHD---- C:\WINDOWS\CSC
2010-07-10 17:02:04 ----D---- C:\Program Files\Common Files
2010-07-10 17:00:44 ----D---- C:\Program Files\Java
2010-07-10 16:53:21 ----A---- C:\WINDOWS\system32\ws2_32.dll.tmp
2010-07-01 18:06:08 ----D---- C:\Program Files\Opera
2010-06-25 11:39:46 ----D---- C:\WINDOWS\system32\DirectX
2010-06-25 11:39:44 ----RSD---- C:\WINDOWS\assembly
2010-06-23 18:01:41 ----D---- C:\Program Files\Ask.com
2010-06-23 17:14:44 ----D---- C:\Program Files\ICQ6Toolbar
2010-06-23 17:14:08 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-23 17:14:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-07-20 64160]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2005-08-12 98432]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2009-12-02 51072]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-17 56816]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-11-10 4064256]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-26 6301344]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2009-01-10 10368]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-14 721904]
S1 glaide32;glaide32; \??\C:\WINDOWS\system32\drivers\glaide32.sys []
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 ddsxeiservice;ddsxeiservice2; \??\C:\Program Files\sXe Injected\ddsxei.sys []
S3 FXDRV;FXDRV; \??\F:\Fxdrv.sys []
S3 FXDrv32;FXDrv32; \??\F:\FXDrv32.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2009-12-16 375296]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-07-29 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2005-07-07 20543]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-20 1029456]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-07-29 118843]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-07-29 61503]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-26 163908]
R2 PskSvcRetailInst;PskSvcRetailInst; C:\DOCUME~1\JA\LOCALS~1\Temp\ISSCAN\PskSvc.exe [2009-08-25 28928]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S2 COMSysAppFastUserSwitchingCompatibility;Systémové aplikace modelu COM+ COMSysAppFastUserSwitchingCompatibility; C:\WINDOWS\system32\asctrlsi.exe [2004-08-17 59904]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-24 135664]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2009-09-19 28762]
S2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService []
S2 Zwangi Service;Zwangi Service; C:\Documents and Settings\All Users\Data aplikací\Zwangi\zwangi115.exe C:\Program Files\Zwangi\zwangi.dll Service []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-12-06 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-14 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#25 Příspěvek od **stell** » 20 črc 2010 18:36

Zdravim
No tak to je krasna zbierka smejdov,
Najprv sprav toto:

Odinstaluj programy cez pridat/odobrat programy
C:\Program Files\Ask.com
C:\Program Files\ICQ6Toolbar
C:\Program Files\MyWebSearch
C:\Program Files\Search Settings
C:\Program Files\Dealio Toolbar
C:\Program Files\Spybot - Search & Destroy\
C:\Program Files\Zwangi\

Okrem toho vsetky Toolbary-ktore nepouzivas,,tolko toolbarov,,este som nevidel v jednom pocitaci,,
ak toto budes mat zacneme odstranovat aj smejdy,takze napis ,,ak to budes mat.,ok.

#26 Příspěvek od **stell** » 20 črc 2010 20:06

Ja dnes koncim,ak naozaj mas zaujem vycistit pc,tak pokracuj takto:a ak nie tak vykasli sa na to:

Stiahnes>>OTMoveIt3 by OldTimer >.podla navodu vloz text a klik-Moveit>>log po restarte vloz sem.

Kód: Vybrat vše

:processes
explorer.exe

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Program Files\MyWebSearch
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\Program Files\Dealio Toolbar
C:\Program Files\Ask.com
C:\Program Files\Search Settings
C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
C:\PROGRA~1\MYWEBS~1
C:\WINDOWS\system32\qtplugin.exe
C:\Documents and Settings\JA\Nabídka Start\Programy\Po spuštění\srvklw32.exe
C:\DOCUME~1\JA\LOCALS~1\Temp\svchost.exe
C:\Documents and Settings\All Users\Data aplikací\Zwangi
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
"{07B18EA9-A523-4961-B6BB-170DE4475CCA}"=-
"{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
"NeroFilterCheck"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
"Internet Connection Wizard Setup Tool"=-
"MyWebSearch Plugin"=-
"My Web Search Bar"=-
"MyWebSearch Email Plugin"=-
"RegistryMonitor1"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MyWebSearch Email Plugin"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\DOCUME~1\JA\LOCALS~1\Temp\svchost.exe"=-
:services
MyWebSearchService
Zwangi Service
ICQ Service

:commands
[emptytemp]
[emptyflash]
[ClearAllRestorePoints]
[resethosts]
[start explorer]
[Reboot]

Stiahnes>>Malwarebytes' Anti-Malware stiahnut-nainstalovat -aktualizovat-
sprav komplet skan,Co najde zmazat,,,log vloz sem,

Stáhni, nainstaluj program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- PravyKlik na kos-spustit ccleaner ->>>Cakas>>na cistenie,,
PravyKlik na kos-otvorit ccleaner-záložka Windows a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na záložku Aplikace a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na Registry, stiskni Hledej problémy, po dokončení skenování klikni na Opravit vybrané problémy,
-zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Opravit všechny problémy,

Stiahnes na plochu TFC
zatvor vsetko co mas otvorene a spust-po skane restart.

PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte>>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Suhlasit instalacio Konzoly pre zotavenie (Recovery console)

- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

morfeus24 · #27 Příspěvek od **morfeus24** » 20 črc 2010 20:17

Islo to ako z chlpatej deky

C:\Program Files\Ask.com ani sa mi to neukazalo medzi pridat alebo odobrat programy
C:\Program Files\ICQ6Toolbar odobral som
C:\Program Files\MyWebSearch odobral som
C:\Program Files\Search Settings odobral som
C:\Program Files\Dealio Toolbar odobral som
C:\Program Files\Spybot - Search & Destroy\ nedalo sa to odbrat (vid. dalej)
C:\Program Files\Zwangi\ odobral som

neviem co su presne toolbary ale tipujem ze tie stitky v IE... pritom pouzivam operu

dalsie toolbary ktore som odstranil:

Toolbar for internet explorer
Local strike English toolbar
Mario forever Toolbar
Radio bar Toolbar
Softonic-Eng7 Toolbar
ToogleEN Toolbar
VDownloader Toolbar

a este k tomu Spybot - Search & Destroy skusil som to rucne cez C:\Program Files\Spybot - Search & Destroy .... no tam som nenasiel uninstaler a ked som to chcel len tak odstranit do kosa vypisalo nieco s Teatimer.exe

a este dve veci ked som odinstalovaval asi 4-krat mi restartol PC ukazal sa mi ze treba ukoncit program teatimer.exe a tiez aj explorer.exe
no a ta druha vkuse mi vyskoval virus:

C:/WINDOWS/system3/gtplugin.exe
Is the TR/Dropper.gen Trojan

#28 Příspěvek od **stell** » 20 črc 2010 20:27

pokracuj tak ako som napisal,

morfeus24 · #29 Příspěvek od **morfeus24** » 20 črc 2010 22:28

Files moved on Reboot...
C:\Documents and Settings\JA\Nabídka Start\Programy\Po spuštění\srvklw32.exe moved successfully.

Registry entries deleted on Reboot...

neviem toto asi bude zle neviem ale to co som mal ulozit v tom zelenom stlpci alebo casti tak to som asi neulozil lebo pocas priebehu toho skenovania ci co to bolo mi zrazu scernala obrazovka a cakal som ci sa pozviecha no nic tak som to restartol

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4332

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

20. 7. 2010 22:08:32
mbam-log-2010-07-20 (22-08-32).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 155642
Uplynulý čas: 7 min, 11 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 25
Infikované registračné hodnoty: 2
Infikované položky registračných dát: 1
Infikované priečinky: 4
Infikované súbory: 6

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgMgr (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\glaide32 (Rootkit.Rustock) -> No action taken.

Infikované registračné hodnoty:
HKEY_CURRENT_USER\Software\Microsoft\idln2 (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Worm.Palevo) -> No action taken.

Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované priečinky:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.

Infikované súbory:
C:\WINDOWS\system32\Userinitxx.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\JA\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\JA\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\WINDOWS\Temp\wpv991245771011.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\JA\Data aplikací\sbeb.exe (Worm.Palevo) -> No action taken.

ComboFix 10-07-20.01 - JA . 07. 2010 22:50:07.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.510.316 [GMT 2:00]
Running from: c:\documents and settings\JA\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\640959429.dat
c:\windows\system32\asctrlsi.exe
c:\windows\system32\Thumbs.db
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_COMSYSAPPFASTUSERSWITCHINGCOMPATIBILITY
-------\Service_COMSysAppFastUserSwitchingCompatibility

((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
.

2010-07-20 20:16 . 2010-07-20 20:16 -------- d-----w- c:\program files\CCleaner
2010-07-20 19:57 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 19:57 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 19:30 . 2010-07-20 19:30 -------- d-----w- C:\_OTM
2010-07-20 16:41 . 2010-07-20 16:42 -------- d-----w- c:\program files\trend micro
2010-07-20 16:41 . 2010-07-20 16:43 -------- d-----w- C:\rsit
2010-07-20 13:41 . 2010-07-20 13:40 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-20 13:41 . 2010-07-20 13:41 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-12 14:12 . 2008-04-14 06:52 366080 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
2010-07-12 14:12 . 2001-10-25 12:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2010-07-12 14:12 . 2001-10-25 12:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
2010-07-12 14:12 . 2001-10-25 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2010-07-12 14:12 . 2001-10-25 12:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2010-07-12 14:12 . 2001-10-25 12:00 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll
2010-07-12 14:10 . 2001-10-25 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2010-07-12 14:08 . 2001-10-25 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-07-12 14:08 . 2008-04-14 06:51 7168 -c--a-w- c:\windows\system32\dllcache\bitsprx4.dll
2010-07-12 14:08 . 2008-04-14 06:51 7168 ----a-w- c:\windows\system32\bitsprx4.dll
2010-07-12 14:06 . 2008-04-14 06:52 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-07-12 14:06 . 2008-04-14 06:51 290304 ----a-w- c:\windows\system32\rhttpaa.dll
2010-07-12 14:06 . 2008-04-14 06:51 136192 -c--a-w- c:\windows\system32\dllcache\aaclient.dll
2010-07-12 14:06 . 2008-04-14 06:51 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-07-12 14:05 . 2008-04-14 06:51 27648 ----a-w- c:\windows\system32\irmon.dll
2010-07-12 14:05 . 2008-04-14 06:52 152064 ----a-w- c:\windows\system32\irftp.exe
2010-07-12 14:05 . 2008-04-14 06:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-07-12 14:05 . 2008-04-13 22:24 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2010-07-12 14:02 . 2001-10-25 12:00 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe
2010-07-12 13:55 . 2001-08-17 19:51 18688 ----a-w- c:\windows\system32\drivers\irsir.sys
2010-07-12 13:46 . 2001-08-17 19:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2010-07-12 13:43 . 2001-10-25 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-07-12 13:43 . 2001-10-25 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-07-12 13:43 . 2001-10-25 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-07-12 13:43 . 2001-10-25 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-07-10 15:02 . 2010-07-10 15:02 -------- d-----w- c:\program files\Common Files\Java
2010-07-10 15:01 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-29 17:50 . 2010-07-01 08:48 -------- d-----w- c:\program files\uTorrent
2010-06-25 09:39 . 2006-07-28 07:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2010-06-25 09:39 . 2006-07-28 07:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2010-06-23 15:13 . 2010-06-23 15:15 -------- d-----w- c:\program files\ICQ7.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 19:08 . 2009-02-13 14:57 -------- d-----w- c:\program files\Google
2010-07-20 13:36 . 2009-04-11 10:07 -------- d-----w- c:\program files\Lavasoft
2010-07-19 21:06 . 2010-02-19 11:46 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-12 14:25 . 2009-01-10 17:39 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-07-12 14:20 . 2001-10-25 14:00 79044 ----a-w- c:\windows\system32\perfc005.dat
2010-07-12 14:20 . 2001-10-25 14:00 431978 ----a-w- c:\windows\system32\perfh005.dat
2010-07-12 14:06 . 2009-01-10 17:37 22916 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-10 15:00 . 2009-05-10 09:02 -------- d-----w- c:\program files\Java
2010-07-01 16:06 . 2009-09-10 17:40 -------- d-----w- c:\program files\Opera
2010-06-23 15:14 . 2009-01-10 17:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-20 10:12 . 2009-02-04 15:16 -------- d-----w- c:\program files\Mario Forever
2010-06-20 10:10 . 2009-02-23 12:32 -------- d-----w- c:\program files\EA SPORTS
2010-05-30 19:14 . 2010-03-13 13:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-29 19:09 . 2009-11-10 15:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{208722fa-38e0-4142-83e5-a341b43a35dd}"= "c:\program files\Power_Challenge\tbPow0.dll" [2010-05-14 2515552]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHP0.dll" [2010-05-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{208722fa-38e0-4142-83e5-a341b43a35dd}]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{208722fa-38e0-4142-83e5-a341b43a35dd}]
2010-05-14 19:51 2515552 ----a-w- c:\program files\Power_Challenge\tbPow0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2010-05-14 19:51 2515552 ----a-w- c:\program files\PHPNukeEN\tbPHP0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{208722fa-38e0-4142-83e5-a341b43a35dd}"= "c:\program files\Power_Challenge\tbPow0.dll" [2010-05-14 2515552]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHP0.dll" [2010-05-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{208722fa-38e0-4142-83e5-a341b43a35dd}]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{208722FA-38E0-4142-83E5-A341B43A35DD}"= "c:\program files\Power_Challenge\tbPow0.dll" [2010-05-14 2515552]
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"= "c:\program files\PHPNukeEN\tbPHP0.dll" [2010-05-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{208722fa-38e0-4142-83e5-a341b43a35dd}]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-06-23 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"nwiz"="nwiz.exe" [2008-12-25 1657376]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2005-12-12 69632]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 15473664]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-07-20 524632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\JA\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
2005-07-29 16:25 270336 ----a-w- c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"d:\\jav\\jre-6u13-windows-i586-p-s.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA SPORTS\\FIFA 08\\FIFA08.exe"=
"c:\\Documents and Settings\\JA\\Plocha\\FIFA08.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"d:\\utorrent\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58676:TCP"= 58676:TCP:Pando Media Booster
"58676:UDP"= 58676:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20.7.2010 15:41 64160]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [2.12.2009 18:36 51072]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16.2.2010 19:39 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1029456]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.3.2009 15:56 721904]
S2 PskSvcRetailInst;PskSvcRetailInst;c:\docume~1\JA\LOCALS~1\Temp\ISSCAN\PskSvc.exe --> c:\docume~1\JA\LOCALS~1\Temp\ISSCAN\PskSvc.exe [?]
S3 ddsxeiservice;ddsxeiservice2;\??\c:\program files\sXe Injected\ddsxei.sys --> c:\program files\sXe Injected\ddsxei.sys [?]
S3 FXDRV;FXDRV;\??\f:\fxdrv.sys --> f:\Fxdrv.sys [?]
S3 FXDrv32;FXDrv32;\??\f:\fxdrv32.sys --> f:\FXDrv32.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-07-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:40]

2010-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://radiobar.toolbarhome.com?hp=df
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
BHO-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 23:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\nvappfilter.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-07-20 23:08:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-20 21:08

Pre-Run: Volných bajtů: 15 467 696 128
Post-Run: Volných bajtů: 15 354 593 280

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - C903AB5AEC7C4EB60707A7FFEB899A73

Dufam ze vsetko som tu dal co som mal dat ak nie tak napis... zajtra sa tu zastavim

velmi pekne ti dakujem kiez by bolo na svete viac takychto ochotnych ludi ako si ty

cpu uz ide v normale a aspon co som teraz skusal intrenetove stranky a otvaranie suborov bezchybicky a rychlo... neviem ci som to mal niekedy take rychle

Este mi aj napis co robit pre blaho svojho PC... ako sa starat o neho ci pouzivat tieto subory ktore si mi dal alebo nieco ine.
A este raz ti za tvoju ochotu velmi pekne dakujem.

#30 Příspěvek od **stell** » 21 črc 2010 04:49

Bolo by dobre citat co pisem,,,,
1;Malwarebytes -spravit UPLNY SKAN-co najde ZMAZAT..-prestuduj Navod.-a log vloz sem,,
2:Odinstaluj cez Pridat/odobrat programy c:\program files\Spybot - Search & Destroy\-klik-start-klik-ovladacie panely-Pridat/odobrat programy,
3:Potom precisti este raz CCleanerom,a sprav novy sken z Combofixom-log vloz sem.

VIRY.CZ

100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll