VIRY.CZ

Dobrý den, dnes se mi z ničeho nic začal notebook sám od sebe restartovat, zpravidla do jedné minuty od naběhnutí Windows. Nastavil jsem proto test po restartu (avast!) a problém se prozatím vyřešil, jenže notebook je pro změnu šíleně zpomalený.

Zde přikládám log z RSIT:

Logfile of random's system information tool 1.07 (written by random/random)
Run by ouj004 at 2010-06-18 15:28:51
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (1%) free of 131 GB
Total RAM: 1014 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:28:57, on 18.6.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Temp\wpv301276716976.exe
C:\WINDOWS\explorer.exe:userini.exe
C:\WINDOWS\PLFSetL.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Seznam Postak\Postak.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\explorer.exe:userini.exe
C:\WINDOWS\explorer.exe:userini.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\WINDOWS\explorer.exe:userini.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\ouj004\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\ouj004\Plocha\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\ouj004\Plocha\RSIT.exe
C:\Program Files\trend micro\ouj004.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://software.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\ouj004\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\ouj004\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam Postak\Postak.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [userini] C:\WINDOWS\system32\userini.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [userini] C:\WINDOWS\system32\userini.exe
O4 - HKLM\..\Policies\Explorer\Run: [userini] C:\WINDOWS\system32\userini.exe
O4 - HKCU\..\Policies\Explorer\Run: [userini] C:\WINDOWS\system32\userini.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: HDD temperature.lnk = C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0023F142-0364-4BA2-9593-DC15BB994145}: NameServer = 188.75.188.188,10.4.188.188
O17 - HKLM\System\CS1\Services\Tcpip\..\{0023F142-0364-4BA2-9593-DC15BB994145}: NameServer = 188.75.188.188,10.4.188.188
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 13032 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MIA-8EX942TYGLP-ouj004.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1637723038-725345543-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1637723038-725345543-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]
Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2005-11-28 218632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-11-09 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\ouj004\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-10-26 806912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2010-05-13 2515552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-10-26 806912]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-07-17 691656]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]
{259F616C-A300-44F5-B04A-ED001A26C85C} - Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2005-11-28 218632]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-11-09 520192]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2010-05-13 2515552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PLFSetL"=C:\WINDOWS\PLFSetL.exe [2007-07-05 94208]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-13 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-13 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-06-13 138008]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2008-06-02 102400]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-28 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-11 53248]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-06-02 858632]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-01-12 37888]
"SMail"=C:\Program Files\Seznam Postak\Postak.exe [2008-02-21 453936]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-05-29 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]
"userini"=C:\WINDOWS\system32\userini.exe [2010-06-18 55808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"userini"=C:\WINDOWS\system32\userini.exe [2010-06-18 55808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"DrvMon.exe"=C:\WINDOWS\system32\DrvMon.exe [2004-09-22 53248]
"OEXPRESS"=C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE [2009-11-09 26624]
"AdobeBridge"= []
"userini"=C:\WINDOWS\system32\userini.exe [2010-06-18 55808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"userini"=C:\WINDOWS\system32\userini.exe [2010-06-18 55808]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\ouj004\Nabídka Start\Programy\Po spuštění
HDD temperature.lnk - C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe
PowerReg Scheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-05 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
"NoViewOnDrive"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\DC\StrongDC.exe"="C:\Program Files\DC\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Hry\Half2\hl2.exe"="C:\Hry\Half2\hl2.exe:*:Enabled:hl2"
"C:\Hry\Half-Life 2\hl2.exe"="C:\Hry\Half-Life 2\hl2.exe:*:Enabled:hl2"
"C:\Hry\CS\CS1.6\hl.exe"="C:\Hry\CS\CS1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Hry\Worms\WA.exe"="C:\Hry\Worms\WA.exe:*:Enabled:Worms Armageddon"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Hry\Texas Hold'em Poker 3D - Deluxe Edition\Poker3d.exe"="C:\Hry\Texas Hold'em Poker 3D - Deluxe Edition\Poker3d.exe:*:Enabled:Poker3d"
"C:\Documents and Settings\ouj004\Plocha\str\StrongDC.exe"="C:\Documents and Settings\ouj004\Plocha\str\StrongDC.exe:*:Enabled:StrongDC.exe"
"C:\Documents and Settings\ouj004\Plocha\Smokin' Guns\smokinguns.exe"="C:\Documents and Settings\ouj004\Plocha\Smokin' Guns\smokinguns.exe:*:Enabled:smokinguns"
"C:\Hry\Diablo II\Diablo II.exe"="C:\Hry\Diablo II\Diablo II.exe:*:Enabled:Diablo II"
"C:\Hry\XIII\system\XIII.exe"="C:\Hry\XIII\system\XIII.exe:*:Enabled:XIII"
"C:\Hry\XIII\system\XIIIEd.exe"="C:\Hry\XIII\system\XIIIEd.exe:*:Enabled:XIIIEd"
"C:\Program Files\VLC\vlc.exe"="C:\Program Files\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Hry\CS\CS1.6\hltv.exe"="C:\Hry\CS\CS1.6\hltv.exe:*:Enabled:HLTV Launcher"
"C:\CS1.6\hl.exe"="C:\CS1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f8c1a0e-a29f-11de-a73a-0022689acb83}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TOMÁš vILCsEK.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a2b3d00-e08e-11dd-a4b8-001d72c84dec}]
shell\AutoRun\command - F:\9b9w3.exe
shell\open\command - F:\9b9w3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73eb11f6-c961-11d5-a42b-001d72c84dec}]
shell\AutoRun\command - F:\hjvjte.exe
shell\open\command - F:\hjvjte.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a3f8860-07ec-11df-a7f5-0022689acb83}]
shell\AutoRun\command - F:\Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cbeceb2-d2a9-11de-a791-0022689acb83}]
shell\AutoRun\command - F:\Zolander\Polanda\box.exe
shell\open\command - F:\Zolander\Polanda\box.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b503dd15-e3d9-11de-a7b8-0022689acb83}]
shell\AutoRun\command - ml.com
shell\open\command - ml.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b503dd20-e3d9-11de-a7b8-0022689acb83}]
shell\AutoRun\command - F:\Zolander\Polanda\box.exe
shell\open\command - F:\Zolander\Polanda\box.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfa7a4b3-a1dd-11de-a739-0022689acb83}]
shell\AutoRun\command - F:\loader.exe


======List of files/folders created in the last 1 months======

2010-06-18 15:28:52 ----D---- C:\Program Files\trend micro
2010-06-18 15:28:51 ----D---- C:\rsit
2010-06-18 15:13:56 ----A---- C:\WINDOWS\system32\userini.exe
2010-06-18 13:37:57 ----D---- C:\WINDOWS\CSC
2010-06-18 13:37:48 ----A---- C:\WINDOWS\ntbtlog.txt
2010-06-18 13:31:45 ----RSH---- C:\Documents and Settings\ouj004\Data aplikací\oreaw.exe
2010-06-18 05:13:49 ----A---- C:\debugoutput.txt
2010-06-17 13:06:16 ----D---- C:\Program Files\iPod
2010-06-17 13:06:01 ----D---- C:\Program Files\iTunes
2010-06-17 13:00:47 ----D---- C:\Program Files\Bonjour
2010-06-14 20:52:53 ----D---- C:\Documents and Settings\ouj004\Data aplikací\Apple Computer
2010-06-14 20:52:27 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2010-06-14 20:51:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-14 20:50:10 ----D---- C:\Program Files\QuickTime
2010-06-14 20:50:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-06-14 20:49:43 ----D---- C:\Program Files\Apple Software Update
2010-06-14 20:49:25 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2010-06-14 20:48:36 ----D---- C:\Program Files\Common Files\Apple
2010-06-14 20:48:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2010-05-31 13:39:52 ----D---- C:\Documents and Settings\ouj004\Data aplikací\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-05-29 18:52:31 ----D---- C:\Documents and Settings\ouj004\Data aplikací\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-05-29 18:52:31 ----D---- C:\Documents and Settings\ouj004\Data aplikací\Adobe Mini Bridge CS5
2010-05-29 18:45:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\regid.1986-12.com.adobe
2010-05-29 18:41:31 ----D---- C:\Program Files\Adobe Media Player
2010-05-29 18:39:28 ----D---- C:\Program Files\Common Files\Adobe AIR

======List of files/folders modified in the last 1 months======

2010-06-18 15:28:52 ----RD---- C:\Program Files
2010-06-18 15:28:48 ----D---- C:\WINDOWS\Prefetch
2010-06-18 15:20:42 ----D---- C:\Documents and Settings\ouj004\Data aplikací\SolidDocuments
2010-06-18 15:14:07 ----D---- C:\WINDOWS\Temp
2010-06-18 15:13:56 ----D---- C:\WINDOWS\system32
2010-06-18 15:13:39 ----D---- C:\WINDOWS\system32\ias
2010-06-18 15:13:38 ----A---- C:\WINDOWS\ModemLog_Sériový kabel mezi dvěma počítači.txt
2010-06-18 15:11:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-18 15:11:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-18 15:04:14 ----A---- C:\WINDOWS\explorer.exe
2010-06-18 13:37:57 ----D---- C:\WINDOWS
2010-06-18 13:31:47 ----D---- C:\WINDOWS\system32\wbem
2010-06-18 13:30:21 ----SHD---- C:\Config.Msi
2010-06-18 03:56:08 ----D---- C:\Program Files\CCleaner
2010-06-17 19:11:58 ----D---- C:\Program Files\Mozilla Firefox
2010-06-17 15:26:58 ----D---- C:\WINDOWS\system32\drivers
2010-06-17 15:26:55 ----HD---- C:\WINDOWS\inf
2010-06-17 13:08:05 ----SHD---- C:\WINDOWS\Installer
2010-06-17 13:01:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-16 22:11:45 ----D---- C:\Documents and Settings\ouj004\Data aplikací\vlc
2010-06-16 22:11:42 ----D---- C:\Documents and Settings\ouj004\Data aplikací\dvdcss
2010-06-16 16:17:24 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-16 16:17:24 ----D---- C:\Hry
2010-06-15 20:31:11 ----D---- C:\Documents and Settings\ouj004\Data aplikací\Skype
2010-06-15 19:28:02 ----D---- C:\Documents and Settings\ouj004\Data aplikací\skypePM
2010-06-14 20:49:49 ----D---- C:\WINDOWS\Tasks
2010-06-14 20:48:36 ----D---- C:\Program Files\Common Files
2010-06-10 03:09:35 ----D---- C:\Documents and Settings\ouj004\Data aplikací\Adobe
2010-06-10 03:09:14 ----D---- C:\Program Files\Adobe
2010-06-09 11:57:15 ----A---- C:\WINDOWS\TRNCOM.INI
2010-06-06 11:17:23 ----SHD---- C:\RECYCLER
2010-05-30 02:00:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-05-29 20:04:29 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-05-29 18:43:16 ----D---- C:\Program Files\Common Files\Adobe
2010-05-29 18:42:44 ----RSD---- C:\WINDOWS\Fonts
2010-05-29 18:41:00 ----D---- C:\WINDOWS\WinSxS
2010-05-27 17:04:40 ----D---- C:\WINDOWS\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-23 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2008-06-02 17408]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-12-15 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-22 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-22 209664]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-05 5761728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-30 4424192]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-09-13 12160]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2004-08-03 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-09-20 5888]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-06-02 215904]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-05-01 290816]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-22 730112]
S2 ozqazpa;\??\C:\D; \??\C:\DOCUME~1\ouj004\LOCALS~1\Temp\ajwmydhylkwqpik.sys []
S2 qkmlluvnnbvtgi;\??\C:\DOCUME~1; \??\C:\DOCUME~1\ouj004\LOCALS~1\Temp\yhqwnmtzfkf.sys []
S2 xgrpsvalg;\??\C:\DOC; \??\C:\DOCUME~1\ouj004\LOCALS~1\Temp\wbygcauurbavj.sys []
S3 a0de68md;a0de68md; C:\WINDOWS\system32\drivers\a0de68md.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-23 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Documents and Settings\ouj004\Plocha\MediaCoder iPhone Edition\SysInfo.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 61536]
S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 9360]
S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 97088]
S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624]
S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18704]
S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 86432]
S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS [2006-06-09 6909]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 ScReadSpool;SolidPDFConverterReadSpool; C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe [2005-11-28 69632]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-01-19 539136]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

-----------------EOF-----------------



Děkuji moc za rady....

no jo mate tam hmyz

zatim stahnete Malwarebytes a udelejte rychlej sken --potom tu dejte log--sam nic nemazte: http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

potom vas prenecham MOTJI nebo jinemu radci-- mate tam rootkit

Log z Malwarebyte's Anti-Malware:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

18.6.2010 16:46:42
mbam-log-2010-06-18 (16-46-42).txt

Typ skenu: Rychlý sken
Skenované objekty: 121628
Uplynulý čas: 6 minuta(y), 29 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 5
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Agent) -> No action taken.

Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-3068033569-1861238184-736683313-6437\nissan.exe,C:\Documents and Settings\ouj004\Data aplikací\oreaw.exe,C:\DOCUME~1\ouj004\LOCALS~1\Temp\657.exe,C:\DOCUME~1\ouj004\LOCALS~1\Temp\523.exe,C:\DOCUME~1\ouj004\LOCALS~1\Temp\230.exe,C:\Documents and Settings\ouj004\Data aplikací\cift.exe,explorer.exe,C:\RECYCLER\S-1-5-21-3794014524-4486718430-954738378-0582\nissan.exe) Good: (Explorer.exe) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\RECYCLER\S-1-5-21-3068033569-1861238184-736683313-6437\nissan.exe (Worm.Autorun.B) -> No action taken.
C:\RECYCLER\S-1-5-21-3794014524-4486718430-954738378-0582\nissan.exe (Worm.Autorun.B) -> No action taken.

Hezké odpoledne , já se se teda vetřu
Vy tam toho máte , jdeme to pobít .

Co našel mbam, smažte

Combofix stahněte takto:
- pravým myšítkem klikněte na odkaz combofixu --uložit jako.. ,a teď ho přejmenujte na Potvora.com a uložte.


Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

Moc díky za pomoc:), takže.... zde log z ComboFixu:

C:\Autorun.inf
c:\windows\explorer.exe.tmp
c:\windows\system32\Desktop_.ini
c:\windows\system32\win.com

c:\windows\system32\grpconv.exe chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\grpconv.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-18 do 2010-06-18 )))))))))))))))))))))))))))))))
.

2010-06-18 14:03 . 2010-06-18 14:08 -------- d-----w- c:\program files\Malware Scan
2010-06-18 13:28 . 2010-06-18 13:57 -------- d-----w- c:\program files\trend micro
2010-06-18 13:28 . 2010-06-18 13:29 -------- d-----w- C:\rsit
2010-06-17 11:06 . 2010-06-17 11:06 -------- d-----w- c:\program files\iPod
2010-06-17 11:06 . 2010-06-17 11:07 -------- d-----w- c:\program files\iTunes
2010-06-17 11:00 . 2010-06-17 11:00 -------- d-----w- c:\program files\Bonjour
2010-06-16 16:12 . 2010-06-16 16:12 34816 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-14 18:52 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-14 18:52 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-14 18:50 . 2010-06-14 18:50 -------- d-----w- c:\program files\QuickTime
2010-06-14 18:49 . 2010-06-14 18:49 -------- d-----w- c:\program files\Apple Software Update
2010-06-14 18:49 . 2010-04-19 18:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-06-14 18:49 . 2010-04-19 18:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-06-14 18:48 . 2010-06-17 11:06 -------- d-----w- c:\program files\Common Files\Apple
2010-05-29 16:41 . 2010-05-29 16:41 -------- d-----w- c:\program files\Adobe Media Player
2010-05-29 16:39 . 2010-05-29 16:39 -------- d-----w- c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 14:37 . 2008-11-07 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-18 13:55 . 2001-09-20 12:00 1032704 ----a-w- c:\windows\explorer.exe
2010-06-18 01:56 . 2009-09-25 12:14 -------- d-----w- c:\program files\CCleaner
2010-06-16 14:17 . 2001-10-24 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-29 16:43 . 2008-10-27 15:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-13 09:29 . 2010-03-15 06:03 -------- d-----w- c:\program files\BS_Player
2010-05-07 22:20 . 2001-09-20 12:00 73224 ----a-w- c:\windows\system32\perfc005.dat
2010-05-07 22:20 . 2001-09-20 12:00 398816 ----a-w- c:\windows\system32\perfh005.dat
2010-05-06 20:59 . 2008-10-26 17:46 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2008-10-26 17:46 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-10-26 17:46 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2008-10-26 17:46 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2008-10-26 17:46 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2008-10-26 17:46 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-10-26 17:46 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2008-10-26 17:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-02 21:58 . 2001-10-24 23:34 -------- d-----w- c:\program files\Opera
2010-04-29 13:39 . 2008-11-07 11:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2008-11-07 11:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 13:42 . 2008-10-26 17:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-14 16:47 . 2008-10-26 17:46 38848 ----a-w- c:\windows\system32\avastSS.scr
2004-08-17 13:49 . 2001-09-20 12:00 4096 --sha-w- c:\windows\system32\keyrc.dat
.

------- Sigcheck -------

[-] 2001-09-20 12:00 . 15AFB5576C32CC292E5DD469D96B4909 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
[-] 2001-09-20 12:00 . 15AFB5576C32CC292E5DD469D96B4909 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-05-13 2515552]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-05-13 09:29 2515552 ----a-w- c:\program files\BS_Player\tbBS_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-05-13 2515552]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-05-13 2515552]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2004-09-22 53248]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-11-09 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-06-02 102400]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-02 858632]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"SMail"="c:\program files\Seznam Postak\Postak.exe" [2008-02-21 453936]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-05-29 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\DC\\StrongDC.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Hry\\Worms\\WA.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Hry\\Texas Hold'em Poker 3D - Deluxe Edition\\Poker3d.exe"=
"c:\\Program Files\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\CS1.6\\hl.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26.10.2008 19:46 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26.10.2008 19:46 19024]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.12.2008 17:08 222968]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.11.2008 20:23 717296]
S2 ozqazpa;\??\c:\;\??\c:\docume~1\ouj004\LOCALS~1\Temp\ajwmydhylkwqpik.sys --> c:\docume~1\ouj004\LOCALS~1\Temp\ajwmydhylkwqpik.sys [?]
S2 qkmlluvnnbvtgi;\??\c:\docume~;\??\c:\docume~1\ouj004\LOCALS~1\Temp\yhqwnmtzfkf.sys --> c:\docume~1\ouj004\LOCALS~1\Temp\yhqwnmtzfkf.sys [?]
S2 xgrpsvalg;\??\c:\do;\??\c:\docume~1\ouj004\LOCALS~1\Temp\wbygcauurbavj.sys --> c:\docume~1\ouj004\LOCALS~1\Temp\wbygcauurbavj.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
.
Obsah adresáře 'Naplánované úlohy'

2010-06-18 c:\windows\Tasks\AdobeAAMUpdater-1.0-MIA-8EX942TYGLP-ouj004.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-29 16:35]

2010-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = hxxp://software.seznam.cz/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {0023F142-0364-4BA2-9593-DC15BB994145} = 188.75.188.188,10.4.188.188
FF - ProfilePath - c:\documents and settings\ouj004\Data aplikací\Mozilla\Firefox\Profiles\fr6jtl7w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-AdobeBridge - (no file)
AddRemove-PC Translator - c:\docume~1\ouj004\LOCALS~1\Temp\UN32.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 19:59
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1060284298-1637723038-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a2,dd,21,8b,b4,e6,0c,83,47,d1,cb,9e,d1,46,54,1a,f5,66,1d,5c,ee,7d,26,
d2,9a,65,00,f6,38,ec,c0,7a,d2,84,de,e2,4f,f0,3b,2f,c8,25,dd,3a,e8,09,8e,61,\
"??"=hex:80,e5,f9,e9,c1,b0,32,ad,6a,18,0a,35,e0,c5,18,0b
.
Celkový čas: 2010-06-18 20:02:06
ComboFix-quarantined-files.txt 2010-06-18 18:01

Před spuštěním: 800 960 512
Po spuštění: 777 560 064

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - F6FC8512DBB3620909DF5468B0B8BBD2

Chybí mi začátek logu

Poprosím o nový log ze Rsitu, jak to vypadá s počítačem?
pak ještě smažeme pár rootkitů

Dejte soubor otestovat na http://www.virustotal.com

c:\windows\system32\mfc40u.dll

-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače

To se omlouvám, asi jsem špatně zkopíroval.... Mám sem dát log znovu? Notebook měl delší náběh do Windows, ale práce na něm je rychejší.... Nicméně zde je odkaz z VirusTotal:

http://www.virustotal.com/cs/analisis/3 ... 1271790909

A log z RSITu:

Logfile of random's system information tool 1.07 (written by random/random)
Run by ouj004 at 2010-06-19 00:05:00
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 773 MB (1%) free of 131 GB
Total RAM: 1014 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:05:02, on 19.6.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PLFSetL.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Seznam Postak\Postak.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\ouj004\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\ouj004\Plocha\RSIT.exe
C:\Program Files\trend micro\ouj004.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://software.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam Postak\Postak.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: HDD temperature.lnk = C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0023F142-0364-4BA2-9593-DC15BB994145}: NameServer = 188.75.188.188,10.4.188.188
O17 - HKLM\System\CS1\Services\Tcpip\..\{0023F142-0364-4BA2-9593-DC15BB994145}: NameServer = 188.75.188.188,10.4.188.188
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 11787 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MIA-8EX942TYGLP-ouj004.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]
Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2005-11-28 218632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-11-09 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-10-26 806912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2010-05-13 2515552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-10-26 806912]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-07-17 691656]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]
{259F616C-A300-44F5-B04A-ED001A26C85C} - Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2005-11-28 218632]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-11-09 520192]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2010-05-13 2515552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PLFSetL"=C:\WINDOWS\PLFSetL.exe [2007-07-05 94208]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-13 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-13 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-06-13 138008]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2008-06-02 102400]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-28 16132608]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-11 53248]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-06-02 858632]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-01-12 37888]
"SMail"=C:\Program Files\Seznam Postak\Postak.exe [2008-02-21 453936]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-05-29 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"DrvMon.exe"=C:\WINDOWS\system32\DrvMon.exe [2004-09-22 53248]
"OEXPRESS"=C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE [2009-11-09 26624]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\ouj004\Nabídka Start\Programy\Po spuštění
HDD temperature.lnk - C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe
PowerReg Scheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-05 204800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoViewOnDrive"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\DC\StrongDC.exe"="C:\Program Files\DC\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Hry\Worms\WA.exe"="C:\Hry\Worms\WA.exe:*:Enabled:Worms Armageddon"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Hry\Texas Hold'em Poker 3D - Deluxe Edition\Poker3d.exe"="C:\Hry\Texas Hold'em Poker 3D - Deluxe Edition\Poker3d.exe:*:Enabled:Poker3d"
"C:\Program Files\VLC\vlc.exe"="C:\Program Files\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\CS1.6\hl.exe"="C:\CS1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7b4c2a0-f488-11de-a7d7-0022689acb83}]
shell\AutoRun\command - F:\KARINA///debeja.exe
shell\open\command - F:\KARINA///debeja.exe


======List of files/folders created in the last 1 months======

2010-06-18 20:02:08 ----D---- C:\WINDOWS\temp
2010-06-18 20:02:07 ----A---- C:\ComboFix.txt
2010-06-18 19:59:04 ----A---- C:\WINDOWS\system32\grpconv.exe
2010-06-18 19:48:15 ----A---- C:\Boot.bak
2010-06-18 19:48:07 ----RASHD---- C:\cmdcons
2010-06-18 19:44:56 ----A---- C:\WINDOWS\zip.exe
2010-06-18 19:44:56 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-06-18 19:44:56 ----A---- C:\WINDOWS\SWSC.exe
2010-06-18 19:44:56 ----A---- C:\WINDOWS\SWREG.exe
2010-06-18 19:44:56 ----A---- C:\WINDOWS\sed.exe
2010-06-18 19:44:56 ----A---- C:\WINDOWS\PEV.exe
2010-06-18 19:44:56 ----A---- C:\WINDOWS\NIRCMD.exe
2010-06-18 19:44:56 ----A---- C:\WINDOWS\MBR.exe
2010-06-18 19:44:56 ----A---- C:\WINDOWS\grep.exe
2010-06-18 19:41:38 ----D---- C:\WINDOWS\ERDNT
2010-06-18 19:38:58 ----D---- C:\Qoobox
2010-06-18 16:03:50 ----D---- C:\Program Files\Malware Scan
2010-06-18 15:28:52 ----D---- C:\Program Files\trend micro
2010-06-18 15:28:51 ----D---- C:\rsit
2010-06-18 13:37:57 ----D---- C:\WINDOWS\CSC
2010-06-18 13:37:48 ----A---- C:\WINDOWS\ntbtlog.txt
2010-06-18 05:13:49 ----A---- C:\debugoutput.txt
2010-06-17 13:06:16 ----D---- C:\Program Files\iPod
2010-06-17 13:06:01 ----D---- C:\Program Files\iTunes
2010-06-17 13:00:47 ----D---- C:\Program Files\Bonjour
2010-06-14 20:52:53 ----D---- C:\Documents and Settings\ouj004\Data aplikací\Apple Computer
2010-06-14 20:52:27 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2010-06-14 20:51:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-14 20:50:10 ----D---- C:\Program Files\QuickTime
2010-06-14 20:50:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-06-14 20:49:43 ----D---- C:\Program Files\Apple Software Update
2010-06-14 20:49:25 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2010-06-14 20:48:36 ----D---- C:\Program Files\Common Files\Apple
2010-06-14 20:48:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2010-05-31 13:39:52 ----D---- C:\Documents and Settings\ouj004\Data aplikací\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-05-29 18:52:31 ----D---- C:\Documents and Settings\ouj004\Data aplikací\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-05-29 18:52:31 ----D---- C:\Documents and Settings\ouj004\Data aplikací\Adobe Mini Bridge CS5
2010-05-29 18:45:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\regid.1986-12.com.adobe
2010-05-29 18:41:31 ----D---- C:\Program Files\Adobe Media Player
2010-05-29 18:39:28 ----D---- C:\Program Files\Common Files\Adobe AIR

======List of files/folders modified in the last 1 months======

2010-06-18 23:55:19 ----A---- C:\WINDOWS\ModemLog_Sériový kabel mezi dvěma počítači.txt
2010-06-18 20:47:10 ----D---- C:\WINDOWS\system32\ias
2010-06-18 20:44:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-18 20:44:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-18 20:02:08 ----D---- C:\WINDOWS
2010-06-18 20:01:08 ----D---- C:\WINDOWS\Tasks
2010-06-18 19:59:16 ----A---- C:\WINDOWS\system.ini
2010-06-18 19:59:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-18 19:59:04 ----D---- C:\WINDOWS\system32
2010-06-18 19:56:05 ----D---- C:\WINDOWS\system32\drivers
2010-06-18 19:56:05 ----D---- C:\WINDOWS\AppPatch
2010-06-18 19:55:54 ----D---- C:\Program Files\Common Files
2010-06-18 19:48:15 ----RASH---- C:\boot.ini
2010-06-18 19:40:51 ----D---- C:\WINDOWS\WinSxS
2010-06-18 16:37:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-18 16:29:08 ----D---- C:\WINDOWS\system32\wbem
2010-06-18 16:09:27 ----D---- C:\WINDOWS\Prefetch
2010-06-18 16:03:50 ----RD---- C:\Program Files
2010-06-18 15:55:54 ----A---- C:\WINDOWS\explorer.exe
2010-06-18 15:20:42 ----D---- C:\Documents and Settings\ouj004\Data aplikací\SolidDocuments
2010-06-18 13:30:21 ----D---- C:\Config.Msi
2010-06-18 03:56:08 ----D---- C:\Program Files\CCleaner
2010-06-17 19:11:58 ----D---- C:\Program Files\Mozilla Firefox
2010-06-17 15:26:55 ----HD---- C:\WINDOWS\inf
2010-06-17 13:08:05 ----SHD---- C:\WINDOWS\Installer
2010-06-17 13:01:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-16 22:11:45 ----D---- C:\Documents and Settings\ouj004\Data aplikací\vlc
2010-06-16 22:11:42 ----D---- C:\Documents and Settings\ouj004\Data aplikací\dvdcss
2010-06-16 16:17:24 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-16 16:17:24 ----D---- C:\Hry
2010-06-15 20:31:11 ----D---- C:\Documents and Settings\ouj004\Data aplikací\Skype
2010-06-15 19:28:02 ----D---- C:\Documents and Settings\ouj004\Data aplikací\skypePM
2010-06-10 03:09:35 ----D---- C:\Documents and Settings\ouj004\Data aplikací\Adobe
2010-06-10 03:09:14 ----D---- C:\Program Files\Adobe
2010-06-09 11:57:15 ----A---- C:\WINDOWS\TRNCOM.INI
2010-05-30 02:00:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-05-29 20:04:29 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-05-29 18:43:16 ----D---- C:\Program Files\Common Files\Adobe
2010-05-29 18:42:44 ----RSD---- C:\WINDOWS\Fonts
2010-05-27 17:04:40 ----D---- C:\WINDOWS\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-23 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2008-06-02 17408]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-12-15 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-22 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-22 209664]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-05 5761728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-30 4424192]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-09-13 12160]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2004-08-03 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-09-20 5888]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-06-02 215904]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-05-01 290816]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-22 730112]
S2 ozqazpa;\??\C:\D; \??\C:\DOCUME~1\ouj004\LOCALS~1\Temp\ajwmydhylkwqpik.sys []
S2 qkmlluvnnbvtgi;\??\C:\DOCUME~1; \??\C:\DOCUME~1\ouj004\LOCALS~1\Temp\yhqwnmtzfkf.sys []
S2 xgrpsvalg;\??\C:\DOC; \??\C:\DOCUME~1\ouj004\LOCALS~1\Temp\wbygcauurbavj.sys []
S3 an8vvu4a;an8vvu4a; C:\WINDOWS\system32\drivers\an8vvu4a.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-23 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960]
S3 catchme;catchme; \??\C:\DOCUME~1\ouj004\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Documents and Settings\ouj004\Plocha\MediaCoder iPhone Edition\SysInfo.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 61536]
S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 9360]
S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 97088]
S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624]
S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18704]
S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 86432]
S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS [2006-06-09 6909]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 ScReadSpool;SolidPDFConverterReadSpool; C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe [2005-11-28 69632]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-01-19 539136]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

-----------------EOF-----------------

Ten soubor musíte dát otestovat znovu, aby to byl ten z vašeho počítače.

Tak teď už snad správně:)....

http://www.virustotal.com/cs/analisis/3 ... 1276908642

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Log z ComboFixu:

ComboFix 10-06-18.03 - ouj004 19.06.2010 11:48:13.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1014.538 [GMT 2:00]
Spuštěný z: c:\documents and settings\ouj004\Plocha\Potvora.com.exe
Použité ovládací přepínače :: c:\documents and settings\ouj004\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OZQAZPA
-------\Legacy_QKMLLUVNNBVTGI
-------\Legacy_XGRPSVALG
-------\Service_ozqazpa
-------\Service_qkmlluvnnbvtgi
-------\Service_xgrpsvalg


((((((((((((((((((((((((( Soubory vytvořené od 2010-05-19 do 2010-06-19 )))))))))))))))))))))))))))))))
.

2010-06-18 17:59 . 2004-08-17 13:49 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-06-18 17:59 . 2004-08-17 13:49 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-06-18 14:03 . 2010-06-18 14:08 -------- d-----w- c:\program files\Malware Scan
2010-06-18 13:28 . 2010-06-18 22:05 -------- d-----w- c:\program files\trend micro
2010-06-18 13:28 . 2010-06-18 13:29 -------- d-----w- C:\rsit
2010-06-17 11:06 . 2010-06-17 11:06 -------- d-----w- c:\program files\iPod
2010-06-17 11:06 . 2010-06-17 11:07 -------- d-----w- c:\program files\iTunes
2010-06-17 11:00 . 2010-06-17 11:00 -------- d-----w- c:\program files\Bonjour
2010-06-16 16:12 . 2010-06-16 16:12 34816 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-14 18:52 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-14 18:52 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-14 18:50 . 2010-06-14 18:50 -------- d-----w- c:\program files\QuickTime
2010-06-14 18:49 . 2010-06-14 18:49 -------- d-----w- c:\program files\Apple Software Update
2010-06-14 18:49 . 2010-04-19 18:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-06-14 18:49 . 2010-04-19 18:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-06-14 18:48 . 2010-06-17 11:06 -------- d-----w- c:\program files\Common Files\Apple
2010-05-29 16:41 . 2010-05-29 16:41 -------- d-----w- c:\program files\Adobe Media Player
2010-05-29 16:39 . 2010-05-29 16:39 -------- d-----w- c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 14:37 . 2008-11-07 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-18 13:55 . 2001-09-20 12:00 1032704 ----a-w- c:\windows\explorer.exe
2010-06-18 01:56 . 2009-09-25 12:14 -------- d-----w- c:\program files\CCleaner
2010-06-16 14:17 . 2001-10-24 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-29 16:43 . 2008-10-27 15:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-13 09:29 . 2010-03-15 06:03 -------- d-----w- c:\program files\BS_Player
2010-05-07 22:20 . 2001-09-20 12:00 73224 ----a-w- c:\windows\system32\perfc005.dat
2010-05-07 22:20 . 2001-09-20 12:00 398816 ----a-w- c:\windows\system32\perfh005.dat
2010-05-06 20:59 . 2008-10-26 17:46 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2008-10-26 17:46 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-10-26 17:46 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2008-10-26 17:46 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2008-10-26 17:46 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2008-10-26 17:46 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-10-26 17:46 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2008-10-26 17:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-02 21:58 . 2001-10-24 23:34 -------- d-----w- c:\program files\Opera
2010-04-29 13:39 . 2008-11-07 11:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2008-11-07 11:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 13:42 . 2008-10-26 17:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-14 16:47 . 2008-10-26 17:46 38848 ----a-w- c:\windows\system32\avastSS.scr
2004-08-17 13:49 . 2001-09-20 12:00 4096 --sha-w- c:\windows\system32\keyrc.dat
.

------- Sigcheck -------

[-] 2001-09-20 12:00 . 15AFB5576C32CC292E5DD469D96B4909 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
[-] 2001-09-20 12:00 . 15AFB5576C32CC292E5DD469D96B4909 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2004-09-22 53248]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-11-09 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-06-02 102400]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-02 858632]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"SMail"="c:\program files\Seznam Postak\Postak.exe" [2008-02-21 453936]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-05-29 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\DC\\StrongDC.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Hry\\Worms\\WA.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Hry\\Texas Hold'em Poker 3D - Deluxe Edition\\Poker3d.exe"=
"c:\\Program Files\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\CS1.6\\hl.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.11.2008 20:23 717296]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26.10.2008 19:46 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26.10.2008 19:46 19024]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.12.2008 17:08 222968]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
.
Obsah adresáře 'Naplánované úlohy'

2010-06-19 c:\windows\Tasks\AdobeAAMUpdater-1.0-MIA-8EX942TYGLP-ouj004.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-29 16:35]

2010-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = hxxp://software.seznam.cz/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {0023F142-0364-4BA2-9593-DC15BB994145} = 188.75.188.188,10.4.188.188
FF - ProfilePath - c:\documents and settings\ouj004\Data aplikací\Mozilla\Firefox\Profiles\fr6jtl7w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
BHO-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
Toolbar-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-19 11:55
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865D51F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7621fc3
\Driver\ACPI -> ACPI.sys @ 0xf737ccb8
\Driver\atapi -> 0x865d51f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: Atheros AR5007EG Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf71febc3
PacketIndicateHandler -> NDIS.sys @ 0xf71eca0b
SendHandler -> NDIS.sys @ 0xf7200b31
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1060284298-1637723038-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a2,dd,21,8b,b4,e6,0c,83,47,d1,cb,9e,d1,46,54,1a,f5,66,1d,5c,ee,7d,26,
d2,9a,65,00,f6,38,ec,c0,7a,d2,84,de,e2,4f,f0,3b,2f,c8,25,dd,3a,e8,09,8e,61,\
"??"=hex:80,e5,f9,e9,c1,b0,32,ad,6a,18,0a,35,e0,c5,18,0b
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2080)
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\igfxext.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\docume~1\ouj004\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2010-06-19 11:59:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-19 09:59
ComboFix2.txt 2010-06-18 18:02

Před spuštěním: 765 976 576
Po spuštění: 684 027 904

- - End Of File - - FF69D7677EC412EBDFAA47A85CE22C2F

Ještě otestujte na http://www.virustotal.com
c:\windows\system32\keyrc.dat
-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače





odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer


Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


start-spustit
do okénka zkopírujte
ok

vytvoří se log s názvem mbr.log, vložte ho zde

Omlouvám se za opoždění a zároveň děkuji za trpělivost.

Odkaz na VirustTotal:

http://www.virustotal.com/cs/analisis/8 ... 1277088173


První log z GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-20 19:59:26
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ouj004\LOCALS~1\Temp\uwtdqaog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----


Druhý log z GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-20 21:46:44
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ouj004\LOCALS~1\Temp\uwtdqaog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA9CD1C7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA9CD1B36]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xA9CD20EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA9CD2014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA9CD170C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA9CD1C10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA9CD164C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA9CD16B0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA9CD1D30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xA9CD21B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA9CD1CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA9CD1E70]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C30 80503830 4 Bytes JMP 54A9CD20

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[904] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002
IAT C:\WINDOWS\system32\services.exe[904] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0xFF 0x71 0xB0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0xFF 0x71 0xB0 ...

---- Files - GMER 1.0.15 ----

ADS C:\System Volume Information\_restore{62C0A628-2E2A-4A6D-9EFE-73ECBEE5B48D}\RP478\A0104387.exe:userini.exe 55808 bytes executable
ADS C:\System Volume Information\_restore{62C0A628-2E2A-4A6D-9EFE-73ECBEE5B48D}\RP478\A0104459.exe:userini.exe 55808 bytes executable

---- EOF - GMER 1.0.15 ----


Log z MBR:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Zapojte do pc všechny usb klíče, flashky...co používáte

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


Zapojte do pc všechny usb klíče, flashky...co používáte

Stáhněte na plochu UsbFix
-spusťte,
-zvolte jazyk E a potvrďte Enter
- zvolte 2 a potvrďte Enter;
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt

Log z ComboFix:

m mComboFix 10-06-20.06 - ouj004 21.06.2010 15:15:22.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1014.470 [GMT 2:00]
Spuštěný z: c:\documents and settings\ouj004\Plocha\Potvora.com.exe
Použité ovládací přepínače :: c:\documents and settings\ouj004\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\KARINA
f:\karina\debeja.exe
f:\karina\Desktop.ini

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-21 do 2010-06-21 )))))))))))))))))))))))))))))))
.

2010-06-21 01:07 . 2010-06-21 01:07 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-06-21 01:06 . 2010-06-21 01:06 -------- d-----w- c:\program files\Common Files\Windows Live
2010-06-18 17:59 . 2004-08-17 13:49 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-06-18 17:59 . 2004-08-17 13:49 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-06-18 14:03 . 2010-06-18 14:08 -------- d-----w- c:\program files\Malware Scan
2010-06-18 13:28 . 2010-06-18 22:05 -------- d-----w- c:\program files\trend micro
2010-06-18 13:28 . 2010-06-18 13:29 -------- d-----w- C:\rsit
2010-06-17 11:06 . 2010-06-17 11:06 -------- d-----w- c:\program files\iPod
2010-06-17 11:06 . 2010-06-17 11:07 -------- d-----w- c:\program files\iTunes
2010-06-17 11:00 . 2010-06-17 11:00 -------- d-----w- c:\program files\Bonjour
2010-06-16 16:12 . 2010-06-16 16:12 34816 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-14 18:52 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-14 18:52 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-14 18:50 . 2010-06-14 18:50 -------- d-----w- c:\program files\QuickTime
2010-06-14 18:49 . 2010-06-14 18:49 -------- d-----w- c:\program files\Apple Software Update
2010-06-14 18:49 . 2010-04-19 18:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-06-14 18:49 . 2010-04-19 18:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-06-14 18:48 . 2010-06-17 11:06 -------- d-----w- c:\program files\Common Files\Apple
2010-05-29 16:41 . 2010-05-29 16:41 -------- d-----w- c:\program files\Adobe Media Player
2010-05-29 16:39 . 2010-05-29 16:39 -------- d-----w- c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 14:37 . 2008-11-07 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-18 13:55 . 2001-09-20 12:00 1032704 ----a-w- c:\windows\explorer.exe
2010-06-18 01:56 . 2009-09-25 12:14 -------- d-----w- c:\program files\CCleaner
2010-06-16 14:17 . 2001-10-24 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-29 16:43 . 2008-10-27 15:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-13 09:29 . 2010-03-15 06:03 -------- d-----w- c:\program files\BS_Player
2010-05-07 22:20 . 2001-09-20 12:00 73224 ----a-w- c:\windows\system32\perfc005.dat
2010-05-07 22:20 . 2001-09-20 12:00 398816 ----a-w- c:\windows\system32\perfh005.dat
2010-05-06 20:59 . 2008-10-26 17:46 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2008-10-26 17:46 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-10-26 17:46 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2008-10-26 17:46 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2008-10-26 17:46 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2008-10-26 17:46 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-10-26 17:46 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2008-10-26 17:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-02 21:58 . 2001-10-24 23:34 -------- d-----w- c:\program files\Opera
2010-04-29 13:39 . 2008-11-07 11:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2008-11-07 11:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 13:42 . 2008-10-26 17:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-14 16:47 . 2008-10-26 17:46 38848 ----a-w- c:\windows\system32\avastSS.scr
2004-08-17 13:49 . 2001-09-20 12:00 4096 --sha-w- c:\windows\system32\keyrc.dat
.

------- Sigcheck -------

[-] 2001-09-20 12:00 . 15AFB5576C32CC292E5DD469D96B4909 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
[-] 2001-09-20 12:00 . 15AFB5576C32CC292E5DD469D96B4909 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-18_17.59.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-21 01:07 . 2010-06-21 01:07 140288 c:\windows\Installer\16d89b.msi
+ 2010-06-21 01:07 . 2010-06-21 01:07 202752 c:\windows\Installer\16d896.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2004-09-22 53248]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-11-09 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-06-02 102400]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-02 858632]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"SMail"="c:\program files\Seznam Postak\Postak.exe" [2008-02-21 453936]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-05-29 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\DC\\StrongDC.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Hry\\Worms\\WA.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Hry\\Texas Hold'em Poker 3D - Deluxe Edition\\Poker3d.exe"=
"c:\\Program Files\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\CS1.6\\hl.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26.10.2008 19:46 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26.10.2008 19:46 19024]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.12.2008 17:08 222968]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-06-19 c:\windows\Tasks\AdobeAAMUpdater-1.0-MIA-8EX942TYGLP-ouj004.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-29 16:35]

2010-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://software.seznam.cz/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {0023F142-0364-4BA2-9593-DC15BB994145} = 188.75.188.188,10.4.188.188
FF - ProfilePath - c:\documents and settings\ouj004\Data aplikací\Mozilla\Firefox\Profiles\fr6jtl7w.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1060284298-1637723038-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a2,dd,21,8b,b4,e6,0c,83,47,d1,cb,9e,d1,46,54,1a,f5,66,1d,5c,ee,7d,26,
d2,9a,65,00,f6,38,ec,c0,7a,d2,84,de,e2,4f,f0,3b,2f,c8,25,dd,3a,e8,09,8e,61,\
"??"=hex:80,e5,f9,e9,c1,b0,32,ad,6a,18,0a,35,e0,c5,18,0b
.
Celkový čas: 2010-06-21 15:22:08
ComboFix-quarantined-files.txt 2010-06-21 13:22
ComboFix2.txt 2010-06-19 09:59
ComboFix3.txt 2010-06-18 18:02

Před spuštěním: 1 736 065 024
Po spuštění: 1 766 821 888

- - End Of File - - F02FA899193AE646E2C2D8F40130F486


Log z UsbFix:


############################## | UsbFix V6.059 |

User : ouj004 (Users) # MIA-8EX942TYGLP
Update on 01/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 15:31:39 | 21.6.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Genuine Intel(R) CPU T1400 @ 1.73GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : avast! Antivirus 5.0.83886625 [ (!) Disabled | Updated ]

C:\ -> Místní pevný disk # 127,99 Go (1,64 Go free) # NTFS
D:\ -> Disk CD-ROM
F:\ -> Vyměnitelný disk # 1,96 Go (1,18 Go free) # FAT32

############################## | Active processes |

C:\WINDOWS\System32\smss.exe 800
C:\WINDOWS\system32\csrss.exe 856
C:\WINDOWS\system32\winlogon.exe 880
C:\WINDOWS\system32\services.exe 924
C:\WINDOWS\system32\lsass.exe 936
C:\WINDOWS\system32\svchost.exe 1108
C:\WINDOWS\system32\svchost.exe 1156
C:\WINDOWS\System32\svchost.exe 1436
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 1460
C:\WINDOWS\System32\svchost.exe 1532
C:\WINDOWS\system32\svchost.exe 1732
C:\WINDOWS\system32\logonui.exe 1864
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 180
C:\WINDOWS\Explorer.EXE 384
C:\WINDOWS\system32\spoolsv.exe 1260
C:\Program Files\Alwil Software\Avast5\setup\avast.setup 1756
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 852
C:\Program Files\Bonjour\mDNSResponder.exe 840
C:\Program Files\ICQ6Toolbar\ICQ Service.exe 1196
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe 1512
C:\Program Files\Spyware Terminator\sp_rsser.exe 1680
C:\WINDOWS\System32\svchost.exe 300
C:\WINDOWS\system32\wdfmgr.exe 1996
C:\WINDOWS\system32\wscntfy.exe 600
C:\WINDOWS\System32\alg.exe 1556
C:\WINDOWS\System32\wbem\wmiprvse.exe 2608

################## | Files # Infected Folders |

F:\autorun.inf -> Called file : "F:\KARINA///debeja.exe" ( Not Found ! )
F:\autorun.inf -> Called file : "F:\KARINA///debeja.exe" ( Not Found ! )
Deleted ! F:\autorun.inf
Deleted ! F:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Deleted ! F:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665

################## | Spyware.OnlineGames |

Deleted ! C:\System Volume Information\_restore{62C0A628-2E2A-4A6D-9EFE-73ECBEE5B48D}\RP479\A0105114.dll

################## | Registry # Infected Keys |

Deleted ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
Deleted ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Deleted ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Registry # Mountpoints2 |


################## | Listing of the present files |

[24.10.2001 19:34|--a------|0] C:\AUTOEXEC.BAT
[24.10.2001 19:53|--a------|211] C:\Boot.bak
[18.06.2010 19:48|-rahs----|281] C:\boot.ini
[20.09.2001 14:00|-rahs----|4952] C:\Bootfont.bin
[03.08.2004 23:00|--a------|261312] C:\cmldr
[21.06.2010 15:22|--a------|12463] C:\ComboFix.txt
[24.10.2001 19:34|--a------|0] C:\CONFIG.SYS
[18.06.2010 05:45|--a------|8] C:\debugoutput.txt
[24.10.2001 19:34|-rahs----|0] C:\IO.SYS
[24.10.2001 19:34|-rahs----|0] C:\MSDOS.SYS
[24.10.2001 19:49|-rahs----|47564] C:\NTDETECT.COM
[24.10.2001 19:49|-rahs----|250048] C:\ntldr
[?|?|?] C:\pagefile.sys
[21.06.2010 15:34|--a------|3506] C:\UsbFix.txt
[27.01.2010 00:05|--a------|22528] F:\Curriculum Vitae- Łprava.doc
[26.01.2010 11:02|--a------|48640] F:\KAPITµLOVí TRH.doc
[27.01.2010 00:05|--a------|23552] F:\¦ivotopis.doc
[15.01.2010 22:16|--a------|25088] F:\Strukturovaně §ivotopis.doc
[26.03.2010 09:43|--a------|19456] F:\Pýˇjemky.xls
[18.06.2010 17:07|--a------|2774] F:\BOOTEX.LOG
[07.01.2010 22:19|--a------|29184] F:\Report §.doc
[26.03.2010 09:43|--a------|18944] F:\Vědejky.xls
[26.03.2010 10:25|--a------|24064] F:\Skladnˇ karta.xls
[14.05.2010 00:20|--a------|34304] F:\kupni_smlouva_oz.doc
[26.05.2010 19:48|--a------|27136] F:\fraze k maturite.doc
[26.04.2007 17:41|--a------|575995904] F:\Microsoft Office XP 2007.iso
[18.05.2008 14:49|--a------|26112] F:\Curriculum Vitae.doc
[26.01.2010 12:48|--a------|80896] F:\fin. trhy.doc

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.

################## | Cracks / Keygens / Serials |


################## | Upload |

Please send the file : C:\DOCUME~1\ouj004\Plocha\UsbFix_Upload_Me_MIA-8EX942TYGLP.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .