Občas se ztrácí kurzor nebo zamrzá

[mnka01]

Zdravím, mohli byste se mi podívat na logfile? Předem děkuji.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:48:28, on 26.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Lucka\My Documents\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Lucka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Lucka\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Lucka\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Replay Media Catcher\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9282572453
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CA47E69B-B484-44C1-8E29-19B6B2694810} (CGGPlugin Object) - http://games.bigfishgames.com/en_fashio ... ontrol.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

[vyosek]

Zdravim a pekne odpoledne preji

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Jiz delsi dobu pouzivame na diagnostiku misto HJT nastroj RSIT - kliknete proto na nej do meho podpisu a dejte log z nej

[mnka01]

Snad už je to ono.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:48:28, on 26.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Lucka\My Documents\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Lucka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Lucka\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Lucka\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Replay Media Catcher\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9282572453
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CA47E69B-B484-44C1-8E29-19B6B2694810} (CGGPlugin Object) - http://games.bigfishgames.com/en_fashio ... ontrol.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8175 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure Startup.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\Lucka\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-28 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-28 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-06 1430824]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-05-16 86016]
"Ask and Record FLV Service"=C:\Program Files\Replay Media Catcher\FLVSrvc.exe [2009-09-22 156672]
"Omnipage"=C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-02-20 49152]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-07-03 81920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
C:\Program Files\Innovative Solutions\DriverMax\devices.exe [2010-03-01 9216928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
C:\Program Files\Innovative Solutions\DriverMax\devices.exe [2010-03-01 9216928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2010-03-23 319280]

C:\Documents and Settings\Lucka\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\dc\StrongDC.exe"="D:\dc\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-07-26 13:48:12 ----D---- C:\Program Files\trend micro
2010-07-26 13:48:08 ----D---- C:\rsit
2010-07-26 10:11:10 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2010-07-25 09:28:27 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-25 08:28:20 ----D---- C:\Documents and Settings\Lucka\Application Data\Ahead
2010-07-25 08:23:09 ----D---- C:\Program Files\Nero
2010-07-25 08:23:09 ----D---- C:\Program Files\Common Files\Ahead
2010-07-25 08:23:09 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2010-07-23 12:42:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-23 12:18:55 ----ASH---- C:\hiberfil.sys
2010-07-22 18:58:16 ----D---- C:\Documents and Settings\Lucka\Application Data\dvdcss
2010-07-21 12:15:59 ----D---- C:\Program Files\bigup16 & Pheonix RG
2010-07-21 11:42:30 ----D---- C:\WINDOWS\system32\languages
2010-07-21 07:38:52 ----A---- C:\WINDOWS\iun6002.exe
2010-07-20 20:17:42 ----D---- C:\Program Files\MPC HomeCinema
2010-07-20 19:07:17 ----A---- C:\WINDOWS\avisplitter.ini
2010-07-20 19:07:05 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-07-20 19:07:05 ----A---- C:\WINDOWS\system32\huffyuv.dll
2010-07-20 19:07:04 ----A---- C:\WINDOWS\system32\x264vfw.dll
2010-07-20 19:07:04 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2010-07-20 19:07:04 ----A---- C:\WINDOWS\system32\vp6vfw.dll
2010-07-20 19:07:03 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-07-20 19:07:03 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-07-20 19:07:03 ----A---- C:\WINDOWS\system32\dpl100.dll
2010-07-20 19:07:02 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-07-20 19:07:01 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-07-19 15:09:21 ----D---- C:\Program Files\CCleaner
2010-07-14 21:38:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-11 12:59:27 ----D---- C:\Documents and Settings\Lucka\Application Data\blg
2010-07-11 12:59:27 ----D---- C:\Documents and Settings\All Users\Application Data\blg
2010-07-08 13:07:02 ----A---- C:\WINDOWS\system32\idsrvc.exe
2010-07-05 12:46:31 ----D---- C:\Documents and Settings\Lucka\Application Data\Mean Hamster
2010-07-05 12:46:31 ----D---- C:\Documents and Settings\All Users\Application Data\Mean Hamster
2010-06-30 12:08:28 ----D---- C:\Documents and Settings\Lucka\Application Data\Canon
2010-06-30 12:06:25 ----D---- C:\Documents and Settings\Lucka\Application Data\Arcsoft
2010-06-30 12:05:31 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2010-06-30 12:00:56 ----D---- C:\Program Files\Canon
2010-06-30 12:00:17 ----D---- C:\Documents and Settings\Lucka\Application Data\ScanSoft
2010-06-30 12:00:16 ----D---- C:\Documents and Settings\All Users\Application Data\SSScanWizard
2010-06-30 12:00:15 ----D---- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2010-06-30 12:00:11 ----A---- C:\WINDOWS\MAXLINK.INI
2010-06-30 12:00:00 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2010-06-30 11:59:36 ----D---- C:\Program Files\ScanSoft
2010-06-30 11:57:48 ----A---- C:\WINDOWS\pcdlib32.dll
2010-06-30 11:57:20 ----A---- C:\WINDOWS\system32\TWAIN_32.DLL
2010-06-30 11:57:10 ----D---- C:\Program Files\ArcSoft
2010-06-30 11:56:24 ----D---- C:\WINDOWS\Profiles
2010-06-30 11:56:20 ----D---- C:\WINDOWS\system32\Adobe
2010-06-30 11:56:19 ----D---- C:\Documents and Settings\Lucka\Application Data\InterTrust
2010-06-30 11:56:14 ----A---- C:\WINDOWS\IsUninst.exe
2010-06-30 11:54:28 ----A---- C:\WINDOWS\system32\UCS32P.DLL
2010-06-30 11:54:27 ----A---- C:\WINDOWS\system32\N067UFW.DLL
2010-06-30 11:54:27 ----A---- C:\WINDOWS\system32\CNQU70.DLL
2010-06-30 11:54:26 ----HD---- C:\CanoScan
2010-06-28 07:27:56 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-06-28 07:27:54 ----A---- C:\WINDOWS\system32\javaws.exe
2010-06-28 07:27:53 ----A---- C:\WINDOWS\system32\javaw.exe
2010-06-28 07:27:53 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2010-07-26 13:48:15 ----D---- C:\WINDOWS\Prefetch
2010-07-26 13:48:12 ----RD---- C:\Program Files
2010-07-26 13:39:51 ----D---- C:\Documents and Settings\Lucka\Application Data\uTorrent
2010-07-26 13:38:37 ----D---- C:\WINDOWS\Temp
2010-07-26 13:25:15 ----D---- C:\WINDOWS\system32
2010-07-26 13:06:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-26 10:11:10 ----D---- C:\WINDOWS
2010-07-25 09:11:23 ----SHD---- C:\WINDOWS\Installer
2010-07-25 09:11:22 ----D---- C:\WINDOWS\WinSxS
2010-07-25 08:26:43 ----D---- C:\WINDOWS\system32\drivers
2010-07-25 08:23:09 ----D---- C:\Program Files\Common Files
2010-07-25 07:54:25 ----D---- C:\Program Files\Mozilla Firefox
2010-07-23 12:46:22 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2010-07-23 12:45:02 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-23 12:16:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-23 12:15:29 ----HD---- C:\WINDOWS\inf
2010-07-22 17:50:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-20 20:53:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-07-20 20:27:24 ----D---- C:\Program Files\The KMPlayer
2010-07-20 17:38:35 ----D---- C:\dc
2010-07-19 15:12:05 ----D---- C:\WINDOWS\Debug
2010-07-19 14:22:44 ----D---- C:\Documents and Settings\Lucka\Application Data\Skype
2010-07-19 12:42:32 ----RD---- C:\WINDOWS\Web
2010-07-19 09:40:39 ----D---- C:\Documents and Settings\Lucka\Application Data\skypePM
2010-07-14 21:38:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-12 12:22:04 ----D---- C:\mobil
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-06-30 14:44:54 ----D---- C:\Program Files\RegCure
2010-06-30 13:21:58 ----D---- C:\Documents and Settings\Lucka\Application Data\XnView
2010-06-30 12:06:19 ----D---- C:\WINDOWS\twain_32
2010-06-30 12:01:26 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-30 11:56:20 ----D---- C:\Program Files\Common Files\Adobe
2010-06-30 11:56:20 ----D---- C:\Program Files\Adobe
2010-06-30 11:56:20 ----D---- C:\Documents and Settings\Lucka\Application Data\Adobe
2010-06-28 22:57:12 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-10-20 50704]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-02-06 205232]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 nv4;nv4; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-10-09 203648]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-06-28 153376]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-07-03 131072]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S2 WcardSpace;Card Space; C:\WINDOWS\system32\idsrvc.exe [2007-04-08 5120]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-04-03 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vyosek]

Spustte HJT a provedeme fixnuti polozek

• HJT najdete zde C:\Program Files\trend micro\Lucka.exe
• Otevre se Vam okno, kliknete na Do a system scan only
• V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
• R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
  R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Lucka\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
  R3 - URLSearchHook: (no name) - - (no file)
• Kliknete na Fix checked (vlevo dole)
• HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo

Stahnete OTM http://www.itxassociates.com/OT-Tools/OTM.exe

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :reg
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "NeroFilterCheck"=-
  
  :files
  C:\WINDOWS\system32\*.tmp.dll /s
  C:\WINDOWS\system32\SET*.tmp /s
  C:\WINDOWS\*.tmp /s
  C:\Documents and Settings\Lucka\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
  C:\Program Files\Ask.com
  C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]

• Kliknete na cervene tlacitko MoveIt!
• Sem pote dejte obsah okna Results (pod zelenou carou)
• Pokud budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles

[mnka01]

Tady je results:

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\SET19C.tmp moved successfully.
C:\WINDOWS\system32\SET1E.tmp moved successfully.
C:\WINDOWS\system32\SETDB.tmp moved successfully.
C:\WINDOWS\system32\drivers\SET5.tmp moved successfully.
C:\WINDOWS\system32\drivers\SETA3.tmp moved successfully.
C:\WINDOWS\002334_.tmp moved successfully.
C:\WINDOWS\005414_.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET7.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F6.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP280.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D8.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP311.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP338.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP360.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP38B.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3C1.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI207.tmp moved successfully.
C:\WINDOWS\Installer\MSI209.tmp moved successfully.
C:\WINDOWS\Installer\MSI20F.tmp moved successfully.
C:\WINDOWS\Installer\MSI214.tmp moved successfully.
C:\WINDOWS\Installer\MSI216.tmp moved successfully.
C:\WINDOWS\Installer\MSI5A.tmp moved successfully.
C:\WINDOWS\Installer\MSI5E.tmp moved successfully.
C:\WINDOWS\Installer\MSI99.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\0091ab299e899a5920ad91739ad99c67\BIT30.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\021bbe9f2a0e31da1414f03ea6d62389\download\BIT52.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\05dc5f0b39a115d1962503e7297cdba7\download\BIT53.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\BIT4A.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\download\BIT54.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\109fef93c24da62cf8f31668d6ba9060\download\BIT91.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\1230492412c0d92c55a03b0de671f167\download\BIT51.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\1d8773e3b9bba05290b442f31de09a2e\download\BIT5F.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\1fb659e25c21839251d560da33cbcfad\BIT3C.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\208c1a8c52f47d7b2df4baa21f58d3da\download\BIT6A.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\2d7809720343ee9223ce4d88d99bf3c2\BIT35.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\32e99364da67a7850c38a7a4e067a1ed\BIT32.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\4596f4b9d8a4b5253ee760a58a45bcfb\BIT3A.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\495213e4cb2a90b1fa5505a5fab8e00b\BIT40.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\4cbc0c1da652794a86c37dbd177bef9d\BIT44.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\4cc8107fde988bba1481bb736cc96c29\BIT3E.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\52b72a8354f3c8a72b1aee0b2a11d368\BIT33.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\694301dbfd149d8645046cbc0b1067e8\download\BIT5D.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\6f0fd10fc234123bcdf54ebca4b84cbd\BIT4B.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\837a8691e43011f909e4b3e192fe1437\BIT41.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\8b20f1a9610d239c2680847de8fa139a\BIT45.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\download\BIT50.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\991c7708c8e096fa51cffd95c6a96fc2\BIT4E.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\a1958c12079db3dbba3db562fc08c81b\BIT47.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\a4a9ccd1806461c53ce89bdd6f4591bf\BIT3D.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\a4eec31189780c76a955690dc00fbe64\download\BIT5B.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\adc42e4e6905251cac80b18a8dccd42a\BIT49.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\download\BIT5E.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\b54528191e99a817679c5ba3ee641572\download\BIT5C.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\c23140ab2b4cffaee396a230df8b1229\download\BIT92.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\c9cdbfcd49200c55d94bb81819c80f2b\download\BIT6C.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\d037d9bbbbdf880e477c3840b38c3180\BIT42.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\d20fc1765c1d2a8e6c26cf77036ce48f\download\BIT90.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\d424e8f655073b64c82b6f4f138d5f7e\BIT39.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\e3c3121982c8a4d0c1605cfbcb9bb7c8\BIT43.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\edc9e523d8678897d85b5ee0ef1bbf7a\BIT4C.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\f941c900a413f153861a4032214a1aec\download\BIT61.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\Documents and Settings\Lucka\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
C:\Program Files\Ask.com folder moved successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Lucka
->Temp folder emptied: 630961511 bytes
->Temporary Internet Files folder emptied: 16635507 bytes
->Java cache emptied: 1058285 bytes
->FireFox cache emptied: 48146191 bytes
->Flash cache emptied: 19105 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 280413 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 40753956 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 290612 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 704,00 mb


Restore points cleared and new OTM Restore Point set!

OTM by OldTimer - Version 3.1.15.0 log created on 07262010_155149

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[vyosek]

Co na kroky nas pacient, jak se chova

[mnka01]

Zatím se kurzor neztratil, ale nejsem si zcela jista, jestli je to úplně v pořádku.

[vyosek]

Ok, budeme jej tedy dale "trapit" scenery Na co mate podezreni ze s nim jeste je, muzete problem nejak popsat at nemusime strilet vylozene od boku a muzem se vice zamerit - napr. zpomaleni nacitani windows, pomale spousteni aplikaci, vyskakovani oken atd...

Stahnete Bootkit Remover http://www.esagelab.com/files/bootkit_remover.rar

• Rozbalte nejlepe na plochu a spustte
• Kliknete pravym mysidlem do okna a klik na Vybrat vše - text bude na bilem pozadi a pak stisknout Enter - text bude na cernem pozadi (pokud po enteru pozadi nezcerna, tak stisknete Ctrl+C)
• Stisknete libovolnou klavesu pro ukoceni utility
• Sem pak vlozte log pomoci tradicni zkratky Ctrl+V

Pouzivate Grub nebo nejaky jiny bootloader - vecicka, ktera Vam dava na vyber, pri startu PC, ktery system chcete spustit (napr. jestli Win ci Linux)

[mnka01]

Nemám žádný bootloader, rovnou se načítá win.
Nejsem si jistá, jestli je vše v pořádku, protože se mi stalo, že (asi) při otočením kolečka na myši se mi "zbláznilo" okno v prohlížeči, ale nejsem si jista, jestli to nemůže být myší (i když nedávno byla čištěna).
A asi by bývalo chytré, kdybych se na začátku zmínila o tom, že po přihlášení do win se zobrazí okno, že nemůže systém najít secidsvc.dll, ale po odkliknutí okno zmizí a vše funguje (takže na to vždy zapomenu...)




Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

[mnka01]

Po odeslání příspěvku se mi okno prohlížeče "zblázniloů i jen při posunutí myši.

[vyosek]

Zkuste pouzit jinou mys pokud mate at vyloucime chybu v ni...
Log z bootkit removeru je OK
Mohla byste dat pripadne screen te hlasky o chybejicim secidsvc.dll (navod na screen http://www.viry.cz/forum/viewtopic.php?f=15&t=14114)

Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu

• Do okna vlozte skript nize

• Kód: Vybrat vše

  :filefind
  secidsvc.dll

• Kliknete na Look
• Tlacitko Look se zmeni na Scanning a zsedne
• Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
• Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[mnka01]

Náhradní myš bohužel teď asi neseženu

[IMG=http://img818.imageshack.us/img818/6444/snmn1.th.jpg][/IMG]

Uploaded with ImageShack.us


log z SystemLook:
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 18:21 on 26/07/2010 by Lucka (Administrator - Elevation successful)

========== filefind ==========

Searching for "secidsvc.dll"
No files found.

-=End Of File=-




log z MBAM:
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4352

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26.7.2010 21:20:11
mbam-log-2010-07-26 (21-20-11).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 90439
Uplynulý čas: 2 hodina(y), 52 minuta(y), 53 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[vyosek]

By me zajimalo co je to za "mrchu" ten secidsvc.dll pac google o nem docela mlci

Zkuste preinstalovat ovladace mysi co mate ted pripojenou a nejlepsi by bylo vyzkouset tam jinou...

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte

[mnka01]

Ovladače řeinstaluju až zítra. Dnes už jen log z Combofixu:

ComboFix 10-07-24.06 - Lucka 26.07.2010 22:14:09.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.383.36 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lucka\My Documents\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-26 do 2010-07-26 )))))))))))))))))))))))))))))))
.

2010-07-26 19:06 . 2010-07-26 19:07 15315533 ----a-w- C:\cervenec stazeno.zip
2010-07-26 19:03 . 2010-07-26 19:04 -------- d-----w- C:\cervenec stazeno
2010-07-26 16:25 . 2010-07-26 16:25 -------- d-----w- c:\documents and settings\Lucka\Application Data\Malwarebytes
2010-07-26 16:25 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 16:25 . 2010-07-26 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-26 16:25 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 16:25 . 2010-07-26 16:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 13:51 . 2010-07-26 13:51 -------- d-----w- C:\_OTM
2010-07-26 12:05 . 2010-07-26 12:05 -------- d-----w- C:\dalsi
2010-07-26 11:48 . 2010-07-26 13:50 -------- d-----w- c:\program files\trend micro
2010-07-26 11:48 . 2010-07-26 11:48 -------- d-----w- C:\rsit
2010-07-25 07:10 . 2010-07-25 07:12 -------- d-----w- c:\documents and settings\Lucka\Local Settings\Application Data\Ahead
2010-07-25 06:28 . 2010-07-25 07:13 -------- d-----w- c:\documents and settings\Lucka\Application Data\Ahead
2010-07-25 06:23 . 2010-07-25 06:26 -------- d-----w- c:\program files\Common Files\Ahead
2010-07-25 06:23 . 2010-07-25 06:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-07-25 06:23 . 2010-07-25 06:23 -------- d-----w- c:\program files\Nero
2010-07-24 12:55 . 2010-07-24 12:55 -------- d-----w- c:\documents and settings\Lucka\Local Settings\Application Data\RapidSharing.eu
2010-07-23 10:42 . 2010-07-26 20:13 -------- d-----w- c:\windows\system32\CatRoot2
2010-07-23 10:24 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-22 16:58 . 2010-07-24 16:47 -------- d-----w- c:\documents and settings\Lucka\Application Data\dvdcss
2010-07-21 10:15 . 2010-07-21 10:15 -------- d-----w- c:\program files\bigup16 & Pheonix RG
2010-07-21 09:42 . 2010-07-21 09:42 -------- d-----w- c:\windows\system32\languages
2010-07-21 05:38 . 2010-07-21 09:41 737280 ----a-w- c:\windows\iun6002.exe
2010-07-20 18:17 . 2010-07-20 18:17 -------- d-----w- c:\program files\MPC HomeCinema
2010-07-20 17:07 . 2004-05-18 18:16 39936 ----a-w- c:\windows\system32\huffyuv.dll
2010-07-20 17:07 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-07-20 17:07 . 1997-04-07 17:19 391680 ----a-w- c:\windows\system32\I263_32.drv
2010-07-20 17:07 . 2010-07-05 22:43 3200512 ----a-w- c:\windows\system32\x264vfw.dll
2010-07-20 17:07 . 2006-04-02 12:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2010-07-20 17:07 . 2004-12-10 08:03 438272 ----a-w- c:\windows\system32\vp6vfw.dll
2010-07-20 17:07 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-20 17:07 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-20 17:07 . 2010-03-10 19:29 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-07-20 17:07 . 2010-05-24 18:33 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-07-19 13:09 . 2010-07-19 13:09 -------- d-----w- c:\program files\CCleaner
2010-07-14 03:44 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 10:59 . 2010-07-11 10:59 -------- d-----w- c:\documents and settings\Lucka\Application Data\blg
2010-07-11 10:59 . 2010-07-11 10:59 -------- d-----w- c:\documents and settings\All Users\Application Data\blg
2010-07-08 11:07 . 2007-04-08 08:00 5120 ----a-w- c:\windows\system32\idsrvc.exe
2010-07-05 10:46 . 2010-07-05 10:46 -------- d-----w- c:\documents and settings\Lucka\Application Data\Mean Hamster
2010-07-05 10:46 . 2010-07-05 10:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Mean Hamster
2010-06-30 10:08 . 2010-07-22 11:18 -------- d-----w- c:\documents and settings\Lucka\Application Data\Canon
2010-06-30 10:06 . 2010-06-30 10:06 -------- d-----w- c:\documents and settings\Lucka\Application Data\Arcsoft
2010-06-30 10:05 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-06-30 10:00 . 2010-06-30 10:01 -------- d-----w- c:\program files\Canon
2010-06-30 10:00 . 2010-06-30 10:00 -------- d-----w- c:\documents and settings\Lucka\WINDOWS
2010-06-30 10:00 . 2010-06-30 10:00 -------- d-----w- c:\documents and settings\Lucka\Application Data\ScanSoft
2010-06-30 10:00 . 2010-06-30 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SSScanWizard
2010-06-30 10:00 . 2010-06-30 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SSScanAppDataDir
2010-06-30 10:00 . 2010-06-30 10:00 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-06-30 09:59 . 2010-06-30 09:59 -------- d-----w- c:\program files\ScanSoft
2010-06-30 09:57 . 1999-05-26 07:46 212480 ----a-w- c:\windows\pcdlib32.dll
2010-06-30 09:57 . 1996-06-30 22:00 77312 ----a-w- c:\windows\system32\TWAIN_32.DLL
2010-06-30 09:57 . 2010-06-30 09:57 -------- d-----w- c:\program files\ArcSoft
2010-06-30 09:56 . 2010-06-30 09:56 -------- d-----w- c:\windows\Profiles
2010-06-30 09:56 . 2010-06-30 09:56 -------- d-----w- c:\windows\system32\Adobe
2010-06-30 09:56 . 2010-06-30 09:56 -------- d-----w- c:\documents and settings\Lucka\Application Data\InterTrust
2010-06-30 09:56 . 1998-10-29 13:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-06-30 09:54 . 2001-04-11 00:10 327740 ----a-w- c:\windows\system32\UCS32P.DLL
2010-06-30 09:54 . 2002-04-26 16:37 32768 ----a-w- c:\windows\system32\CNQU70.DLL
2010-06-30 09:54 . 2002-04-12 18:17 339968 ----a-w- c:\windows\system32\N067UFW.DLL
2010-06-30 09:54 . 2010-06-30 09:54 -------- d-----w- C:\CanoScan
2010-06-28 05:27 . 2010-06-28 05:23 411368 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-26 19:51 . 2010-03-22 19:23 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-26 16:19 . 2010-04-01 10:23 -------- d-----w- c:\documents and settings\Lucka\Application Data\XnView
2010-07-26 11:25 . 2010-03-23 17:47 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-25 19:27 . 2010-05-28 05:28 1 ----a-w- c:\documents and settings\Lucka\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-24 12:54 . 2010-03-22 19:19 57296 ----a-w- c:\documents and settings\Lucka\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-20 18:53 . 2010-03-27 12:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-20 18:27 . 2010-03-28 09:33 -------- d-----w- c:\program files\The KMPlayer
2010-07-20 18:13 . 2010-05-15 14:56 -------- d-----w- c:\program files\Avidemux 2.5
2010-07-19 12:22 . 2010-04-03 08:30 -------- d-----w- c:\documents and settings\Lucka\Application Data\Skype
2010-07-19 07:40 . 2010-04-03 08:31 -------- d-----w- c:\documents and settings\Lucka\Application Data\skypePM
2010-06-30 12:44 . 2010-03-23 11:52 -------- d-----w- c:\program files\RegCure
2010-06-30 10:01 . 2010-03-22 18:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-30 09:56 . 2010-04-03 05:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-28 20:57 . 2010-03-22 18:20 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-03-22 18:20 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-03-22 18:20 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-03-22 18:20 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-03-22 18:20 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-03-22 18:20 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-04-17 17:19 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-03-22 18:20 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-16 13:19 . 2010-06-16 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2010-06-15 12:12 . 2010-06-15 12:08 -------- d-----w- c:\documents and settings\Lucka\Application Data\RaimaRadioPro
2010-06-15 12:09 . 2010-06-15 12:08 -------- d-----w- c:\program files\RarmaRadio
2010-06-14 14:47 . 2010-06-14 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SulusGames
2010-06-14 14:41 . 2010-06-14 14:41 -------- d-----w- c:\program files\LeeGTs Games
2010-06-14 14:31 . 2010-03-22 17:47 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-11 10:50 . 2010-06-11 10:50 -------- d-----w- c:\program files\Google
2010-06-11 08:40 . 2010-07-22 13:31 1589248 ----a-w- c:\documents and settings\All Users\Application Data\GreenGamer\fashionfortune\fashionfortune.dll
2010-06-08 15:30 . 2010-06-06 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\MythPeople
2010-05-28 05:28 . 2010-05-28 05:28 -------- d-----w- c:\documents and settings\Lucka\Application Data\OpenOffice.org
2010-05-28 05:22 . 2010-05-28 05:22 -------- d-----w- c:\program files\OpenOffice.org 3
2010-05-25 09:45 . 2010-05-04 05:16 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-05-25 09:45 . 2010-05-04 05:16 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-05-23 10:46 . 2010-05-23 10:46 348160 ----a-w- c:\documents and settings\Lucka\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4c4d079c-n\msvcr71.dll
2010-05-23 10:46 . 2010-05-23 10:46 503808 ----a-w- c:\documents and settings\Lucka\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4c4d079c-n\msvcp71.dll
2010-05-23 10:46 . 2010-05-23 10:46 61440 ----a-w- c:\documents and settings\Lucka\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-47ff0425-n\decora-sse.dll
2010-05-23 10:46 . 2010-05-23 10:46 499712 ----a-w- c:\documents and settings\Lucka\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4c4d079c-n\jmc.dll
2010-05-23 10:46 . 2010-05-23 10:46 12800 ----a-w- c:\documents and settings\Lucka\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-47ff0425-n\decora-d3d.dll
2010-05-06 10:41 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2003-03-31 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-05-16 86016]
"Ask and Record FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" [2009-09-22 156672]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 49152]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Lucka\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2010-03-01 13:00 9216928 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
2010-03-01 13:00 9216928 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22.3.2010 20:20 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.4.2010 19:19 17744]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 20:19 50704]
S2 WcardSpace;Card Space;c:\windows\system32\idsrvc.exe [8.7.2010 13:07 5120]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-26 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-07-26 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-03-23 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CA47E69B-B484-44C1-8E29-19B6B2694810} - hxxp://games.bigfishgames.com/en_fashion-fortune/online/axcontrol.cab
FF - ProfilePath - c:\documents and settings\Lucka\Application Data\Mozilla\Firefox\Profiles\m6nfyo4r.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\Lucka\Application Data\Mozilla\Firefox\Profiles\m6nfyo4r.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-26 22:27
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2968)
c:\windows\system32\WININET.dll
c:\documents and settings\Lucka\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\program files\ScanSoft\OmniPageSE\ophook32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2010-07-26 22:36:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-26 20:35

Před spuštěním: 6 495 117 312 bytes free
Po spuštění: 6 290 558 976 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 11A584817E34DABB0FCE1D5C763644E8

[vyosek]

Dobra tedy...log je OK, takze uklidime - mozna ti odstranime i problem pomoci CCleaneru jak mi poradil kolega a pak uvidime co PC. Dam Vam sem navod na uklid, ovladace preinstalujte a dejte vedet co nas pacient

Odinstalujte Combofix

• Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
• Napiste ComboFix /Uninstall
• Stisknete Enter
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni