prosim o kontrolu logu

[lugia]

Mohli byste mi prosim nekdo zkontrolovat muj log?PC blbne a ja nepochybuji, ze tam je neco spatne


Logfile of random's system information tool 1.08 (written by random/random)
Run by hieu at 2010-08-18 14:04:58
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 189 GB (79%) free of 238 GB
Total RAM: 1023 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:06:27, on 18.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google Translate Client\gtc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\hieu\Desktop\RSIT.exe
C:\Program Files\trend micro\hieu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchingforwebsite.info/search.php?q=%s&a=v14-a
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {37D27A2F-C684-48F8-933E-881CEC6F8066} - C:\WINDOWS\system32\bootvi.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Hero Fighter Toolbar - {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - C:\Program Files\Hero_Fighter\tbHer1.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Hero Fighter Toolbar - {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - C:\Program Files\Hero_Fighter\tbHer1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] C:\WINDOWS\system32\nvsvc32.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\hieu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Translate Client.lnk = C:\Program Files\Google Translate Client\gtc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Primary output from IPViewer (Active).lnk = ?
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {35A9D2C9-B3FF-472D-AF68-FA63AD28A7DD} (OnGameDownLoader Control) - http://ongame.vn/activeX/OnGameDownLoader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{22171E93-8FB0-4762-B0A0-C59F0DF4EF0E}: NameServer = 85.255.115.99,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{981349E7-FEB1-4344-AAD2-A5C46EAD4650}: NameServer = 85.255.115.99,85.255.112.90
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.124,85.255.112.199
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.99,85.255.112.90
O17 - HKLM\System\CS2\Services\Tcpip\..\{22171E93-8FB0-4762-B0A0-C59F0DF4EF0E}: NameServer = 85.255.115.99,85.255.112.90
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.99,85.255.112.90
O17 - HKLM\System\CS3\Services\Tcpip\..\{22171E93-8FB0-4762-B0A0-C59F0DF4EF0E}: NameServer = 85.255.115.99,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.99,85.255.112.90
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: wineak32 - wineak32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10507 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1801674531-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1801674531-839522115-1003UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1801674531-839522115-1005Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1801674531-839522115-1005UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37D27A2F-C684-48F8-933E-881CEC6F8066}]
C:\WINDOWS\system32\bootvi.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2011-01-17 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
Ask Search Assistant BHO - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL [2008-12-11 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2011-01-17 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-06 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b12785f5-d8d0-4530-a3ea-5c4263b85bef}]
Hero Fighter Toolbar - C:\Program Files\Hero_Fighter\tbHer1.dll [2010-08-04 2515552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2008-12-11 245760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Ask Toolbar - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2008-12-11 245760]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2011-01-17 2055960]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]
{b12785f5-d8d0-4530-a3ea-5c4263b85bef} - Hero Fighter Toolbar - C:\Program Files\Hero_Fighter\tbHer1.dll [2010-08-04 2515552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-08 61952]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-12-08 7340032]
"nwiz"=nwiz.exe /install []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-13 155648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"NvSvc"=C:\WINDOWS\system32\nvsvc32.exe [2005-12-08 143426]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-12-08 86016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-01-28 68856]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Google Update"=C:\Documents and Settings\hieu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-30 133104]
"BitComet"=C:\Program Files\BitComet\BitComet.exe [2009-09-24 2768696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe [2010-01-27 256280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Google Translate Client.lnk - C:\Program Files\Google Translate Client\gtc.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Primary output from IPViewer (Active).lnk - C:\WINDOWS\Installer\{BE44FEE4-D48B-4CE1-BEE9-69B174DE2B53}\_926C758108DE0C907734D4.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wineak32]
wineak32.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"
"C:\Soldat\Soldat.exe"="C:\Soldat\Soldat.exe:*:Enabled:Soldat"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Metin2_TESTER\metin2.bin"="C:\Program Files\Metin2_TESTER\metin2.bin:*:Enabled:metin2"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\WINDOWS\system32\nvsvc32.exe"="C:\WINDOWS\system32\nvsvc32.exe:*:Enabled:Windows Update"
"C:\DOCUME~1\Admin\LOCALS~1\Temp\nvsvc32.exe"="C:\DOCUME~1\Admin\LOCALS~1\Temp\nvsvc32.exe:*:Enabled:Windows Update"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe"="C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe:*:Enabled:Proxy Switcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-09-04 16:40:46 ----D---- C:\WINDOWS\Hewlett-Packard
2011-08-27 21:51:58 ----D---- C:\WINDOWS\pss
2011-08-24 12:59:58 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-08-24 12:59:58 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-08-24 12:59:58 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-08-24 12:59:55 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-08-24 12:59:55 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-08-24 12:59:55 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-08-24 12:59:55 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-08-24 12:59:41 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-08-24 12:39:41 ----A---- C:\WINDOWS\system32\nvwrstr.dll
2011-08-24 12:39:41 ----A---- C:\WINDOWS\system32\nvwrssl.dll
2011-08-24 12:39:41 ----A---- C:\WINDOWS\system32\nvwrssk.dll
2011-08-24 12:39:41 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
2011-08-24 12:39:41 ----A---- C:\WINDOWS\system32\nvwrspt.dll
2011-08-24 12:39:41 ----A---- C:\WINDOWS\system32\nvwrspl.dll
2011-08-24 12:39:41 ----A---- C:\WINDOWS\system32\nvwrsko.dll
2011-08-24 12:39:41 ----A---- C:\WINDOWS\system32\nvwrshu.dll
2011-08-24 12:39:41 ----A---- C:\WINDOWS\system32\nvwrshe.dll
2011-08-24 12:39:41 ----A---- C:\WINDOWS\system32\nvwrsesm.dll
2011-08-24 12:39:41 ----A---- C:\WINDOWS\system32\nvwrsel.dll
2011-08-24 12:39:41 ----A---- C:\WINDOWS\system32\nvwrscs.dll
2011-08-24 12:39:40 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll
2011-08-24 12:39:40 ----A---- C:\WINDOWS\system32\nvhwvid.dll
2011-08-24 12:39:39 ----D---- C:\WINDOWS\system32\WinFast
2011-08-24 12:39:39 ----A---- C:\WINDOWS\system32\nvrstr.dll
2011-08-24 12:39:39 ----A---- C:\WINDOWS\system32\nvrssl.dll
2011-08-24 12:39:39 ----A---- C:\WINDOWS\system32\nvrssk.dll
2011-08-24 12:39:39 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2011-08-24 12:39:39 ----A---- C:\WINDOWS\system32\nvrspt.dll
2011-08-24 12:39:39 ----A---- C:\WINDOWS\system32\nvrspl.dll
2011-08-24 12:39:39 ----A---- C:\WINDOWS\system32\nvrsko.dll
2011-08-24 12:39:39 ----A---- C:\WINDOWS\system32\nvrshu.dll
2011-08-24 12:39:39 ----A---- C:\WINDOWS\system32\nvrshe.dll
2011-08-24 12:39:39 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2011-08-24 12:39:39 ----A---- C:\WINDOWS\system32\nvrsel.dll
2011-08-24 12:39:39 ----A---- C:\WINDOWS\system32\nvrscs.dll
2011-08-24 12:39:13 ----N---- C:\WINDOWS\system32\drivers\WINFOXIO.sys
2011-08-24 12:39:13 ----D---- C:\WINDOWS\system32\WinFox
2011-08-24 12:38:38 ----D---- C:\WinFastPVR
2011-08-24 12:25:40 ----D---- C:\Program Files\Lavalys
2011-08-24 12:25:21 ----D---- C:\Program Files\Glary Utilities
2011-08-10 18:06:17 ----D---- C:\Program Files\WinRAR
2011-07-31 13:52:39 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2011-07-31 13:44:07 ----A---- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
2011-07-31 13:43:55 ----A---- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2011-07-30 12:39:04 ----D---- C:\Program Files\WinXMedia
2011-07-24 12:55:24 ----A---- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
2011-07-19 21:45:01 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2011-07-02 00:31:54 ----D---- C:\WINDOWS\system32\LogFiles
2011-07-01 15:28:24 ----D---- C:\Program Files\Opera
2011-05-29 14:43:48 ----A---- C:\WINDOWS\IE4 Error Log.txt
2011-02-12 12:05:03 ----RA---- C:\WINDOWS\RtlUpd.exe
2011-02-12 12:05:02 ----RA---- C:\WINDOWS\ALCWZRD.EXE
2011-02-12 12:05:02 ----RA---- C:\WINDOWS\ALCMTR.EXE
2011-02-12 12:05:02 ----D---- C:\WINDOWS\system32\RTCOM
2011-02-12 12:04:58 ----RA---- C:\WINDOWS\RTLCPL.EXE
2011-02-12 12:04:54 ----RA---- C:\WINDOWS\SOUNDMAN.EXE
2011-02-12 12:04:53 ----RA---- C:\WINDOWS\SkyTel.exe
2011-02-12 12:04:51 ----RA---- C:\WINDOWS\MicCal.exe
2011-02-12 12:04:46 ----RA---- C:\WINDOWS\RTHDCPL.EXE
2011-02-12 12:04:42 ----RA---- C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011-02-12 11:54:12 ----HDC---- C:\WINDOWS\$NtUninstallKB884575$
2011-02-12 11:53:52 ----HDC---- C:\WINDOWS\$NtUninstallKB884018$
2011-02-12 11:53:28 ----HDC---- C:\WINDOWS\$NtUninstallKB883529$
2011-02-12 11:53:22 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-02-12 11:53:05 ----HDC---- C:\WINDOWS\$NtUninstallKB319740$
2011-02-12 11:40:55 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2011-02-12 11:40:39 ----D---- C:\NVIDIA
2011-01-24 22:48:50 ----A---- C:\WINDOWS\DISCCH.INI
2011-01-24 22:48:27 ----D---- C:\WINDOWS\MACROMED
2011-01-24 22:48:27 ----D---- C:\WINDOWS\A3W_DATA
2011-01-22 20:36:52 ----D---- C:\WINDOWS\system32\appmgmt
2011-01-22 20:30:14 ----D---- C:\Documents and Settings\hieu\Application Data\AVGTOOLBAR
2011-01-18 22:46:28 ----D---- C:\Documents and Settings\All Users\Application Data\2108791684
2011-01-17 18:23:32 ----HD---- C:\$AVG8.VAULT$
2011-01-17 18:15:19 ----A---- C:\WINDOWS\system32\drivers\avgtdix.sys
2011-01-17 18:15:19 ----A---- C:\WINDOWS\system32\drivers\avgrkx86.sys
2011-01-17 18:15:19 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2011-01-17 18:15:16 ----A---- C:\WINDOWS\system32\drivers\avgmfx86.sys
2011-01-17 18:15:16 ----A---- C:\WINDOWS\system32\drivers\avgldx86.sys
2011-01-17 18:15:13 ----D---- C:\WINDOWS\system32\drivers\Avg
2011-01-17 18:15:06 ----D---- C:\Program Files\AVG
2011-01-17 18:15:05 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2011-01-11 19:25:43 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2011-01-11 19:25:27 ----D---- C:\Program Files\Common Files\HP
2011-01-11 19:23:18 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2011-01-11 19:22:22 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2011-01-11 19:22:22 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2011-01-11 19:22:22 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2011-01-11 19:22:22 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2011-01-11 19:22:22 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2011-01-11 19:22:22 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2011-01-11 19:22:21 ----A---- C:\WINDOWS\IsUninst.exe
2011-01-11 19:20:59 ----D---- C:\Program Files\HP
2011-01-11 19:20:25 ----HD---- C:\Config.Msi
2011-01-11 17:41:42 ----D---- C:\Program Files\Graphisoft
2011-01-09 17:31:04 ----D---- C:\Program Files\Alwil Software
2011-01-03 08:43:22 ----ASH---- C:\pagefile.sys
2011-01-02 21:37:46 ----A---- C:\WINDOWS\ntbtlog.txt
2011-01-02 21:06:56 ----A---- C:\WINDOWS\system32\MRT.INI
2011-01-02 21:05:19 ----A---- C:\WINDOWS\system32\MRT.exe
2010-12-31 19:52:34 ----D---- C:\WINDOWS\Minidump
2010-12-31 18:01:41 ----D---- C:\WINDOWS\Prefetch
2010-08-18 14:04:59 ----D---- C:\Program Files\trend micro
2010-08-18 14:04:58 ----D---- C:\rsit
2010-08-05 11:09:26 ----D---- C:\Program Files\Common Files\SWF Studio
2010-08-05 11:09:10 ----D---- C:\Program Files\Hero Fighter
2010-08-04 14:06:00 ----D---- C:\Program Files\Conduit
2010-08-04 14:05:57 ----D---- C:\Program Files\Hero_Fighter
2010-08-02 14:45:59 ----D---- C:\Program Files\Little Fighters 2.5
2010-07-31 16:40:25 ----A---- C:\WINDOWS\FrieStrk3.ini
2010-07-31 16:38:19 ----D---- C:\Program Files\Friendly-Strike3
2010-07-29 19:27:06 ----D---- C:\Program Files\Mozilla ActiveX Control v1.7.12
2010-07-29 19:25:22 ----D---- C:\Program Files\VideoLAN
2010-07-29 19:24:57 ----D---- C:\Program Files\Graboid
2010-07-21 15:41:23 ----D---- C:\Program Files\tamasoftware

======List of files/folders modified in the last 1 months======

2011-08-24 18:18:56 ----D---- C:\Program Files\MSN
2011-08-24 12:41:36 ----D---- C:\WINDOWS\Help
2011-08-24 12:41:35 ----D---- C:\WINDOWS\nview
2011-08-24 12:39:39 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-24 12:39:25 ----D---- C:\Program Files\Common Files\InstallShield
2011-07-24 12:53:10 ----A---- C:\WINDOWS\system32\hpzjrd01.dll
2011-05-12 16:14:12 ----D---- C:\Program Files\NO$GBA
2011-05-12 16:13:57 ----D---- C:\Program Files\Jade Empire
2011-05-06 10:53:13 ----A---- C:\WINDOWS\system32\bidisp.dll
2011-01-24 16:58:00 ----D---- C:\Program Files\AskTBar
2011-01-22 21:02:14 ----D---- C:\Program Files\Scorpions WinCheater
2011-01-22 20:58:20 ----D---- C:\Program Files\The Creative Assembly
2011-01-22 20:41:01 ----D---- C:\Program Files\Sony Ericsson
2011-01-22 20:33:49 ----D---- C:\WINDOWS\system32\Macromed
2011-01-18 19:18:59 ----D---- C:\WINDOWS\system32\CatRoot_bak
2011-01-12 19:45:51 ----A---- C:\WINDOWS\wincmd.ini
2011-01-11 21:14:23 ----D---- C:\WINDOWS\twain_32
2011-01-10 01:02:20 ----D---- C:\WINDOWS\security
2011-01-09 18:21:14 ----D---- C:\WINDOWS\system32\config
2011-01-09 18:07:53 ----RSHD---- C:\resycled
2011-01-08 18:32:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-01-02 21:38:10 ----D---- C:\Documents and Settings
2011-01-02 21:05:20 ----D---- C:\WINDOWS\Debug
2010-12-31 19:00:29 ----RSD---- C:\WINDOWS\Fonts
2010-12-31 19:00:15 ----D---- C:\WINDOWS\Media
2010-12-31 19:00:12 ----RD---- C:\WINDOWS\Web
2010-12-31 19:00:08 ----D---- C:\WINDOWS\system
2010-12-31 19:00:06 ----D---- C:\WINDOWS\system32\wbem
2010-12-31 18:59:50 ----D---- C:\WINDOWS\system32\icsxml
2010-12-31 18:59:42 ----D---- C:\WINDOWS\system32\Setup
2010-12-31 18:59:25 ----D---- C:\WINDOWS\system32\ias
2010-12-31 18:59:21 ----D---- C:\WINDOWS\system32\1033
2010-12-31 18:58:22 ----D---- C:\WINDOWS\Driver Cache
2010-12-31 18:58:21 ----D---- C:\WINDOWS\system32\oobe
2010-08-18 14:06:27 ----D---- C:\WINDOWS\Temp
2010-08-18 14:04:59 ----RD---- C:\Program Files
2010-08-18 13:42:39 ----D---- C:\WINDOWS\system32
2010-08-18 12:49:44 ----D---- C:\Program Files\BitComet
2010-08-18 12:48:32 ----D---- C:\WINDOWS\Registration
2010-08-18 12:48:03 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-18 12:47:44 ----D---- C:\WINDOWS
2010-08-17 13:20:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-05 12:55:39 ----A---- C:\WINDOWS\NeroDigital.ini
2010-08-05 11:12:06 ----D---- C:\Program Files\Mozilla Firefox
2010-08-05 11:09:26 ----D---- C:\Program Files\Common Files
2010-08-04 14:07:24 ----D---- C:\Program Files\LittleFighter2
2010-07-21 20:45:49 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AvgRkx86;avgrkx86.sys; C:\WINDOWS\System32\Drivers\avgrkx86.sys [2011-01-17 12936]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2006-05-11 247808]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-10 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-05-13 20576]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-12-19 717296]
R0 zefoufqw;zefoufqw; C:\WINDOWS\system32\drivers\kskimojz.dat [2007-02-15 18688]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2011-01-17 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2011-01-17 26824]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2011-01-17 90632]
R1 ELhid;ELhid; C:\WINDOWS\System32\DRIVERS\ELhid.sys [2006-01-31 10112]
R1 ELkbd;ELkbd; C:\WINDOWS\System32\DRIVERS\ELkbd.sys [2006-01-31 6912]
R1 ELmon;ELmon; C:\WINDOWS\System32\DRIVERS\ELmon.sys [2006-01-31 7040]
R1 ELmou;ELmou; C:\WINDOWS\System32\DRIVERS\ELmou.sys [2006-01-31 6528]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture; C:\WINDOWS\system32\drivers\hcw88aud.sys [2006-08-17 11970]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-27 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-10 14848]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-06-05 230400]
R3 ELacpi;ELacpi; C:\WINDOWS\system32\DRIVERS\ELacpi.sys [2006-01-31 7808]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod; C:\WINDOWS\system32\drivers\hcw88bda.sys [2006-08-17 207424]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture; C:\WINDOWS\system32\drivers\hcw88tse.sys [2006-08-17 299843]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner; C:\WINDOWS\system32\drivers\hcw88tun.sys [2006-08-17 148545]
R3 hcw88vid;Hauppauge WinTV 88x Video; C:\WINDOWS\system32\drivers\hcw88vid.sys [2006-08-17 497216]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar; C:\WINDOWS\system32\drivers\HCW88BAR.sys [2006-08-17 23104]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-08 145920]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-08 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-10 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-10 20480]
S3 akyysf62;akyysf62; C:\WINDOWS\system32\drivers\akyysf62.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-04 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-10 40320]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-12-08 3611168]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-03-03 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2011-01-17 874776]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2011-01-17 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ELService;Intel® Quick Resume Technology Drivers; C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe [2006-01-31 176128]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
S2 NVSvc;WinFast(R) Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-12-08 143426]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-06-25 182768]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[lugia]

zdravim,po aplikovani ComboFixu se mi smazaly tyto soubory:C:/documents and settings/admin/application Data/.#
C:/program files/IEToolbar
C:/resycled
C:/windows/wiaserviv.log
C:/windows/system32/bidisp.dll....nemohl byt odstranen
bohuzel cely soubor poskytnout nemuzu, protoze po restartu PC prestal fungovat internet .poradite mi prosim jak ho mam zase zprovoznit?pozdeji pridam cely soubor

[Rudy]

Zkuste použít WinsockFix: http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=22 .Utilita reinstaluje protokol TCP/IP. Máte-li parametry sítě zadány ručně, budete je muset po restartu PC znovu zadat.

[lugia]

tak tady je ten combofix:
ComboFix 10-08-17.04 - Admin 18.08.2010 20:52:44.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.1023.597 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091013-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Application Data\.#
c:\program files\IEToolbar
C:\resycled
c:\windows\wiaserviv.log
c:\windows\system32\bidisp.dll . . . . nemohl být smazán

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSQPDXSERV.SYS
-------\Service_msqpdxserv.sys


((((((((((((((((((((((((( Soubory vytvořené od 2010-07-18 do 2010-08-18 )))))))))))))))))))))))))))))))
.

2011-09-04 14:40 . 2011-09-11 14:54 -------- d-----w- c:\documents and settings\Admin\Application Data\HpUpdate
2011-09-04 14:40 . 2011-09-04 14:40 -------- d-----w- c:\windows\Hewlett-Packard
2011-08-24 10:59 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-24 10:59 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-24 10:59 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-24 10:59 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-08-24 10:59 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-08-24 10:59 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-24 10:59 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-24 10:59 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2011-08-24 10:59 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-24 10:38 . 2011-08-24 10:38 -------- d-----w- C:\WinFastPVR
2011-08-24 10:34 . 2011-08-24 10:34 -------- d-----w- c:\documents and settings\Admin\Application Data\GlarySoft
2011-08-24 10:25 . 2011-08-24 10:25 -------- d-----w- c:\program files\Lavalys
2011-08-24 10:25 . 2011-08-24 10:25 -------- d-----w- c:\program files\Glary Utilities
2011-07-31 11:52 . 2011-07-31 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-07-30 10:39 . 2011-07-30 10:39 -------- d-----w- c:\program files\WinXMedia
2011-07-19 19:45 . 2005-12-08 08:53 143426 ----a-w- c:\windows\system32\nvsvc32.exe
2011-07-01 22:31 . 2011-07-01 22:31 -------- d-----w- c:\windows\system32\LogFiles
2011-07-01 13:28 . 2010-08-18 15:04 -------- d-----w- c:\program files\Opera
2011-02-12 10:05 . 2006-03-09 16:45 364544 ----a-r- c:\windows\RtlUpd.exe
2011-02-12 10:05 . 2011-02-12 10:05 -------- d-----w- c:\windows\system32\RTCOM
2011-02-12 10:05 . 2006-05-04 15:26 2808832 ----a-r- c:\windows\ALCWZRD.EXE
2011-02-12 10:05 . 2005-05-03 17:43 69632 ----a-r- c:\windows\ALCMTR.EXE
2011-02-12 10:04 . 2006-05-04 15:35 9709568 ----a-r- c:\windows\RTLCPL.EXE
2011-02-12 10:04 . 2006-05-04 15:22 86016 ----a-r- c:\windows\SOUNDMAN.EXE
2011-02-12 10:04 . 2006-05-16 17:04 2879488 ----a-r- c:\windows\SkyTel.exe
2011-02-12 10:04 . 2006-06-28 13:00 2158592 ----a-r- c:\windows\MicCal.exe
2011-02-12 10:04 . 2006-06-28 13:54 16248320 ----a-r- c:\windows\RTHDCPL.EXE
2011-02-12 10:04 . 2006-06-28 15:25 4304384 ----a-r- c:\windows\system32\drivers\RtkHDAud.sys
2011-02-12 09:40 . 2009-02-16 22:17 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2011-02-12 09:40 . 2011-02-12 09:40 -------- d-----w- C:\NVIDIA
2011-01-18 20:46 . 2011-08-24 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\2108791684
2011-01-17 16:23 . 2011-01-17 17:05 -------- d-----w- C:\$AVG8.VAULT$
2011-01-17 16:15 . 2011-01-17 16:15 90632 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-01-17 16:15 . 2011-01-17 16:15 12936 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-01-17 16:15 . 2011-01-17 16:15 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2011-01-17 16:15 . 2011-01-17 16:15 98440 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-01-17 16:15 . 2011-01-17 16:15 26824 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-01-17 16:15 . 2011-01-30 19:02 -------- d-----w- c:\documents and settings\Admin\Application Data\AVGTOOLBAR
2011-01-17 16:15 . 2011-01-17 16:15 -------- d-----w- c:\windows\system32\drivers\Avg
2011-01-17 16:15 . 2011-01-17 16:15 -------- d-----w- c:\program files\AVG
2011-01-17 16:15 . 2011-01-18 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2011-01-16 21:11 . 2011-01-16 21:11 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Help
2011-01-11 17:32 . 2011-01-11 17:32 -------- d-----w- c:\documents and settings\Admin\Application Data\Image Zone Express
2011-01-11 17:25 . 2011-01-11 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-01-11 17:25 . 2011-01-11 17:25 -------- d-----w- c:\program files\Common Files\HP
2011-01-11 17:23 . 2011-01-11 17:23 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-01-11 17:22 . 2004-09-29 11:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2011-01-11 17:22 . 2004-09-29 11:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-01-11 17:22 . 2004-09-29 11:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2011-01-11 17:22 . 2004-09-29 11:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2011-01-11 17:22 . 2004-09-29 11:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2011-01-11 17:22 . 2004-09-29 11:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2011-01-11 17:22 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-01-11 17:20 . 2011-09-04 14:41 -------- d-----w- c:\program files\HP
2011-01-11 17:19 . 2011-01-11 19:15 113679 ----a-w- c:\windows\hpoins07.dat
2011-01-11 17:19 . 2005-05-24 02:48 21124 ------w- c:\windows\hpomdl07.dat
2011-01-11 17:19 . 2011-01-16 20:39 -------- d-----w- c:\documents and settings\Admin\Application Data\HP
2011-01-11 15:41 . 2011-01-11 15:41 -------- d-----w- c:\program files\Graphisoft
2011-01-09 15:31 . 2011-01-09 15:31 -------- d-----w- c:\program files\Alwil Software
2011-01-09 15:25 . 2011-01-09 15:25 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Ahead
2011-01-09 15:23 . 2011-01-09 15:23 -------- d-----w- c:\documents and settings\Admin\DoctorWeb
2011-01-08 16:35 . 2010-08-18 18:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2011-01-08 16:35 . 2011-01-11 20:18 -------- d-----w- c:\documents and settings\Admin\Application Data\Graphisoft
2011-01-08 16:35 . 2011-01-08 16:35 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Graphisoft
2011-01-08 16:34 . 2011-01-08 16:34 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Apple
2011-01-08 16:34 . 2010-01-07 00:18 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Apple Computer
2010-12-31 18:41 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\Admin\Application Data\GRETECH\GomPlayer\GrLauncher.exe
2010-12-31 18:23 . 2010-12-31 18:23 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-18 12:04 . 2010-08-18 12:06 -------- d-----w- c:\program files\trend micro
2010-08-18 12:04 . 2010-08-18 12:06 -------- d-----w- C:\rsit
2010-08-05 09:09 . 2010-08-05 09:09 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-08-05 09:09 . 2010-08-05 09:09 -------- d-----w- c:\program files\Hero Fighter
2010-08-04 13:44 . 2010-08-04 13:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Hero_Fighter
2010-08-04 12:06 . 2010-08-04 12:06 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Conduit
2010-08-04 12:06 . 2010-08-04 21:25 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Hero_Fighter
2010-08-04 12:06 . 2010-08-04 12:06 -------- d-----w- c:\program files\Conduit
2010-08-04 12:05 . 2010-08-05 09:11 -------- d-----w- c:\program files\Hero_Fighter
2010-08-04 12:05 . 2009-08-20 10:21 52224 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\pirrguqs.default\extensions\{b12785f5-d8d0-4530-a3ea-5c4263b85bef}\components\FFExternalAlert.dll
2010-08-04 12:05 . 2009-08-20 10:21 114688 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\pirrguqs.default\extensions\{b12785f5-d8d0-4530-a3ea-5c4263b85bef}\components\npmozax.dll
2010-08-02 12:45 . 2010-08-02 12:46 -------- d-----w- c:\program files\Little Fighters 2.5
2010-07-31 14:38 . 2010-07-31 14:38 -------- d-----w- c:\program files\Friendly-Strike3
2010-07-29 21:44 . 2010-08-09 06:55 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2010-07-29 17:27 . 2010-07-29 17:27 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Graboid_Inc
2010-07-29 17:27 . 2010-07-29 17:40 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Graboid
2010-07-29 17:27 . 2010-07-29 17:27 -------- d-----w- c:\documents and settings\Admin\Application Data\MozillaControl
2010-07-29 17:27 . 2010-07-29 17:27 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-07-29 17:25 . 2010-07-29 17:25 -------- d-----w- c:\program files\VideoLAN
2010-07-29 17:24 . 2010-07-29 17:27 -------- d-----w- c:\program files\Graboid
2010-07-21 13:41 . 2010-07-21 13:41 -------- d-----w- c:\program files\tamasoftware

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-24 21:56 . 2006-12-26 13:28 -------- d-----w- c:\documents and settings\Admin\Application Data\BitTorrent
2011-08-24 21:56 . 2006-12-26 13:28 -------- d-----w- c:\documents and settings\Admin\Application Data\DNA
2011-08-24 10:39 . 2006-12-26 13:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-08-24 10:39 . 2006-12-26 13:27 -------- d-----w- c:\program files\Common Files\InstallShield
2011-07-24 10:53 . 2005-01-24 09:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll
2011-05-12 14:14 . 2007-03-03 15:03 -------- d-----w- c:\program files\NO$GBA
2011-05-12 14:13 . 2008-12-19 15:01 -------- d-----w- c:\program files\Jade Empire
2011-01-25 10:23 . 2006-12-26 10:52 44064 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2011-01-24 14:58 . 2008-12-11 20:39 -------- d-----w- c:\program files\AskTBar
2011-01-22 19:02 . 2008-04-26 06:05 -------- d-----w- c:\program files\Scorpions WinCheater
2011-01-22 18:58 . 2006-12-26 16:26 -------- d-----w- c:\program files\The Creative Assembly
2011-01-22 18:41 . 2006-12-28 07:19 -------- d-----w- c:\program files\Sony Ericsson
2011-01-18 20:46 . 2011-01-18 20:46 0 ----a-w- c:\documents and settings\All Users\Application Data\123478687123.dat
2011-01-01 13:16 . 2011-01-01 13:16 382 ----a-w- c:\program files\Zástupce - Program Files.lnk
2010-08-18 18:57 . 2007-02-13 11:29 107264 ----a-w- c:\windows\system32\bidisp.dll
2010-08-18 17:03 . 2009-10-17 18:44 -------- d-----w- c:\program files\BitComet
2010-08-04 12:07 . 2008-04-04 22:29 -------- d-----w- c:\program files\LittleFighter2
2010-07-18 15:32 . 2010-07-18 15:32 -------- d-----w- c:\documents and settings\Admin\Application Data\CoffeeCup Software
2010-07-18 15:30 . 2010-07-18 15:30 -------- d-----w- c:\program files\CoffeeCup Software
2010-06-24 07:35 . 2010-06-24 07:35 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb79.tmp.exe
2010-06-10 20:29 . 2010-06-10 20:29 34 ---ha-w- c:\windows\system32\Converter_sysquict.dat
2009-10-29 16:56 . 2006-09-28 14:55 1561718 ----a-w- c:\program files\Apr2006_MDX1_x86_Archive.cab
2006-09-28 15:22 . 2006-09-28 15:22 91265 ----a-w- c:\program files\OCT2006_xinput_x64.cab
2006-09-28 15:22 . 2006-09-28 15:22 49149 ----a-w- c:\program files\OCT2006_xinput_x86.cab
2006-09-28 15:21 . 2006-09-28 15:21 1413862 ----a-w- c:\program files\OCT2006_d3dx9_31_x64.cab
2006-09-28 15:21 . 2006-09-28 15:21 183321 ----a-w- c:\program files\OCT2006_XACT_x64.cab
2006-09-28 15:21 . 2006-09-28 15:21 138977 ----a-w- c:\program files\OCT2006_XACT_x86.cab
2006-09-28 15:21 . 2006-09-28 15:21 41996 ----a-w- c:\program files\dxdllreg_x86.cab
2006-09-28 15:21 . 2006-09-28 15:21 1128177 ----a-w- c:\program files\OCT2006_d3dx9_31_x86.cab
.

------- Sigcheck -------

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\tcpip.sys
[-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-12-11 57344]
"{b12785f5-d8d0-4530-a3ea-5c4263b85bef}"= "c:\program files\Hero_Fighter\tbHer1.dll" [2010-08-04 2515552]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CLASSES_ROOT\clsid\{b12785f5-d8d0-4530-a3ea-5c4263b85bef}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b12785f5-d8d0-4530-a3ea-5c4263b85bef}]
2010-08-04 21:24 2515552 ----a-w- c:\program files\Hero_Fighter\tbHer1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b12785f5-d8d0-4530-a3ea-5c4263b85bef}"= "c:\program files\Hero_Fighter\tbHer1.dll" [2010-08-04 2515552]

[HKEY_CLASSES_ROOT\clsid\{b12785f5-d8d0-4530-a3ea-5c4263b85bef}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B12785F5-D8D0-4530-A3EA-5C4263B85BEF}"= "c:\program files\Hero_Fighter\tbHer1.dll" [2010-08-04 2515552]

[HKEY_CLASSES_ROOT\clsid\{b12785f5-d8d0-4530-a3ea-5c4263b85bef}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-01-28 68856]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2009-09-24 2768696]
"PSwitch"="c:\program files\Proxy Switcher Standard\ProxySwitcher.exe" [2007-01-17 1302528]
"Google Update"="c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-08 7340032]
"nwiz"="nwiz.exe" [2005-12-08 1519616]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NvSvc"="c:\windows\system32\nvsvc32.exe" [2005-12-08 143426]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-08 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Google Translate Client.lnk - c:\program files\Google Translate Client\gtc.exe [2009-6-6 225280]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Primary output from IPViewer (Active).lnk - c:\windows\Installer\{BE44FEE4-D48B-4CE1-BEE9-69B174DE2B53}\_926C758108DE0C907734D4.exe [2010-4-25 10134]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\nvsvc32.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14926:TCP"= 14926:TCP:BitComet 14926 TCP
"14926:UDP"= 14926:UDP:BitComet 14926 UDP
"9827:TCP"= 9827:TCP:BitComet 9827 TCP
"9827:UDP"= 9827:UDP:BitComet 9827 UDP

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [17.1.2011 18:15 12936]
R0 zefoufqw;zefoufqw;c:\windows\system32\drivers\kskimojz.dat --> c:\windows\system32\drivers\kskimojz.dat [?]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.8.2011 12:59 114768]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17.1.2011 18:15 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17.1.2011 18:15 90632]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [17.8.2006 23:49 11970]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.8.2011 12:59 20560]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [17.1.2011 18:15 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [17.1.2011 18:15 231704]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [17.8.2006 23:49 207424]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [17.8.2006 23:49 299843]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [17.8.2006 23:49 148545]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [17.8.2006 23:49 497216]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [17.8.2006 23:49 23104]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.1.2010 23:36 135664]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.12.2008 17:17 717296]
.
Obsah adresáře 'Naplánované úlohy'

2010-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-18 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-08-24 15:58]

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:36]

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:36]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1801674531-839522115-1003Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 08:15]

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1801674531-839522115-1003UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 08:15]

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1801674531-839522115-1005Core.job
- c:\documents and settings\hieu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-29 22:59]

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1801674531-839522115-1005UA.job
- c:\documents and settings\hieu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-29 22:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://kingkongsearch.com/search-kkc-hm.php
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
DPF: {35A9D2C9-B3FF-472D-AF68-FA63AD28A7DD} - hxxp://ongame.vn/activeX/OnGameDownLoader.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\pirrguqs.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: network.proxy.ftp - 66.57.224.28
FF - prefs.js: network.proxy.ftp_port - 8085
FF - prefs.js: network.proxy.gopher - 66.57.224.28
FF - prefs.js: network.proxy.gopher_port - 8085
FF - prefs.js: network.proxy.http - 66.57.224.28
FF - prefs.js: network.proxy.http_port - 8085
FF - prefs.js: network.proxy.socks - 66.57.224.28
FF - prefs.js: network.proxy.socks_port - 8085
FF - prefs.js: network.proxy.ssl - 66.57.224.28
FF - prefs.js: network.proxy.ssl_port - 8085
FF - prefs.js: network.proxy.type - 5
FF - plugin: c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{37D27A2F-C684-48F8-933E-881CEC6F8066} - c:\windows\system32\bootvi.dll
Notify-wineak32 - wineak32.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-18 21:00
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\zefoufqw]
"ImagePath"="system32\drivers\kskimojz.dat"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3480)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2010-08-18 21:05:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-18 19:05

Před spuštěním: 197 808 934 912 bytes free
Po spuštění: Volných bajtů: 197 846 937 600

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - E32ADDFDCD193736887C58F82D11BF1D

jinak internet uz jede

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\AskTBar

Collect::
c:\windows\system32\drivers\kskimojz.dat
c:\windows\system32\bidisp.dll

Driver::
kskimojz

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"=-
[-HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.