VIRY.CZ

Logfile of random's system information tool 1.08 (written by random/random)
Run by imac at 2010-09-30 15:28:38
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 4 GB (12%) free of 32 GB
Total RAM: 1008 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:28:41, on 30.9.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\STINGE~1\wh_exec.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\smss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\imac\Plocha\RSIT.exe
C:\Program Files\trend micro\imac.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.videobash.com/?cfg=2-215-0-1x6sE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {283B4AA3-1B7A-46E6-B56D-90EF4743FB2C} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [Brightness] C:\WINDOWS\system32\Brightness.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] "C:\Program Files\Boot Camp\KbdMgr.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [WheelMouse] C:\STINGE~1\wh_exec.exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files\OSCAR Editor\OscarEditor.exe" Minimum
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastavit prekladac - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložit &oznacený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E252F0D-7EFB-4F82-89A7-B97266C4CC4D}: NameServer = 93.188.162.84,93.188.161.224
O17 - HKLM\System\CCS\Services\Tcpip\..\{2127BF92-AFBA-47F3-8B8D-3D61141CF59D}: NameServer = 93.188.162.84,93.188.161.224
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A3F995E-43DB-4FB0-B6CA-E15F0A52AED0}: NameServer = 93.188.162.84,93.188.161.224
O17 - HKLM\System\CCS\Services\Tcpip\..\{974CB606-98F8-49B1-9D9B-8FBB0D5698AD}: NameServer = 93.188.162.84,93.188.161.224
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.84,93.188.161.224
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E252F0D-7EFB-4F82-89A7-B97266C4CC4D}: NameServer = 93.188.162.84,93.188.161.224
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.84,93.188.161.224
O17 - HKLM\System\CS2\Services\Tcpip\..\{0E252F0D-7EFB-4F82-89A7-B97266C4CC4D}: NameServer = 93.188.162.84,93.188.161.224
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.84,93.188.161.224
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipameti kategorií soucástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 9849 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\PROGRA~1\PCTRAN~1\webie.dll [2004-05-13 319488]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{855F3B16-6D32-4fe6-8A56-BBB695989046}
{283B4AA3-1B7A-46E6-B56D-90EF4743FB2C}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"IRW"=C:\WINDOWS\system32\IRW.exe [2007-06-04 147456]
"Brightness"=C:\WINDOWS\system32\Brightness.exe [2007-06-04 235088]
"Apple_KbdMgr"=C:\Program Files\Boot Camp\KbdMgr.exe [2007-06-04 390736]
""= []
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-09-07 2838912]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2006-03-02 159232]
"WheelMouse"=C:\STINGE~1\wh_exec.exe [2007-11-10 98304]
"lsass"=C:\WINDOWS\lsass.exe [2009-07-21 1461651]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"=C:\Program Files\OSCAR Editor\OscarEditor.exe [2009-11-24 2642432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OscarEditor]
C:\Program Files\OSCAR Editor\OscarEditor.exe [2009-11-24 2642432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštení^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\INSTAL~1\{AC76B~1\SC_ACR~1.EXE [2010-06-21 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^imac^Nabídka Start^Programy^Po spuštení^OpenOffice.org 3.1.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-09-16 384512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=2
"prfldsvc"=2
"Pml Driver HPZ12"=2
"NMIndexingService"=3
"iPod Service"=3
"gupdate1ca3c76f8eafc3c"=2
"Bonjour Service"=2
"Apple Mobile Device"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-04 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\WINDOWS\System32\PnkBstrA.exe"="C:\WINDOWS\System32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\System32\PnkBstrB.exe"="C:\WINDOWS\System32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Quake III Arena\quake3.exe"="E:\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Quake III Arena\quake3.exe"="C:\Program Files\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Mozilla Firefox\FIREFOX.EXE"="C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:hlsw"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.ini - open - C:\WINDOWS\System32\NOTEPAD.EXE %1
.txt - open - C:\WINDOWS\notepad.exe %1

======List of files/folders created in the last 1 months======

2010-09-30 15:28:38 ----D---- C:\rsit
2010-09-30 13:09:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\SecTaskMan
2010-09-30 13:09:38 ----D---- C:\Program Files\Security Task Manager
2010-09-29 20:06:33 ----A---- C:\WINDOWS\game.ini
2010-09-29 19:58:18 ----D---- C:\Program Files\Activision
2010-09-28 18:09:28 ----D---- C:\Documents and Settings\imac\Data aplikací\Movienizer
2010-09-28 18:09:21 ----D---- C:\Program Files\Movienizer
2010-09-28 17:43:49 ----D---- C:\Documents and Settings\imac\Data aplikací\Personal Video Database
2010-09-28 17:43:43 ----D---- C:\Program Files\Personal Video Database
2010-09-23 19:07:53 ----D---- C:\Documents and Settings\imac\Data aplikací\Easy Macro Recorder
2010-09-23 16:29:17 ----D---- C:\Program Files\JitBit
2010-09-15 12:27:23 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-09-15 12:26:57 ----HD---- C:\WINDOWS\$NtUninstallwmp11$
2010-09-13 21:02:39 ----D---- C:\Documents and Settings\imac\Data aplikací\My Macros
2010-09-13 20:12:00 ----D---- C:\Documents and Settings\imac\Data aplikací\Macro Recorder
2010-09-11 21:59:11 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2010-09-11 21:59:11 ----A---- C:\WINDOWS\system32\TURegOpt.exe
2010-09-11 21:59:05 ----D---- C:\Documents and Settings\imac\Data aplikací\TuneUp Software
2010-09-11 21:58:54 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-09-11 21:58:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2010-09-11 21:58:30 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-09-09 16:10:58 ----D---- C:\Stinger Mouse Driver

======List of files/folders modified in the last 1 months======

2010-09-30 14:50:24 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-09-30 00:35:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-27 23:35:12 ----A---- C:\WINDOWS\wdict32.INI
2010-09-26 18:01:56 ----SH---- C:\boot.ini
2010-09-26 18:01:56 ----A---- C:\WINDOWS\win.ini
2010-09-26 18:01:56 ----A---- C:\WINDOWS\system.ini
2010-09-16 00:26:42 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-07 17:11:54 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-09-05 20:30:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský radic IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2006-03-02 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-12-03 685816]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 HMFAxCore037d6601ae411556da2f9588b1bb2812;HMFAxCore037d6601ae411556da2f9588b1bb2812; \??\C:\WINDOWS\system32\drivers\HMFAxCore037d6601ae411556da2f9588b1bb2812.sys []
R1 intelppm;Radic procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-02 39936]
R1 kbdhid;Ovladac klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2006-03-02 14848]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 KeyAgent;KeyAgent; \??\C:\WINDOWS\system32\drivers\KeyAgent.sys []
R2 MacHALDriver;Mac HAL; \??\C:\WINDOWS\system32\drivers\MacHALDriver.sys []
R3 applebt;Apple Built-in Bluetooth; C:\WINDOWS\system32\DRIVERS\applebt.sys [2007-06-04 8064]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-03-02 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-04 1972736]
R3 BCM43XX;Broadcom 802.11 - ovládac sietového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-06-04 592256]
R3 BthEnum;Ovladac pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
R3 BTHUSB;Ovladac rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
R3 DevUpper;iSight Filter Driver; C:\WINDOWS\system32\DRIVERS\iSightFT.sys [2007-06-04 8320]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-06-09 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladac trídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IRRemoteFlt;IR Receiver Filter Driver; C:\WINDOWS\system32\DRIVERS\IRFilter.sys [2007-06-04 16512]
R3 KeyMagic;USB Keyboard HID Filter; C:\WINDOWS\system32\DRIVERS\KeyMagic.sys [2007-06-04 10752]
R3 mouhid;Ovladac myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-03-02 61824]
R3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
R3 RFCOMM;Zarízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-06-04 1177864]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbccgp;Obecný nadrazený ovladac Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-03-02 31616]
R3 USBSTOR;Ovladac velkokapacitního pametového zarízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladac Microsoft univerzálního hostitelského radice USB od spolecnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 usbvideo;Zobrazovací zarízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\WINDOWS\system32\DRIVERS\whfltr2k.sys [2007-01-26 6784]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-06-04 255232]
S3 agbwzpso;agbwzpso; C:\WINDOWS\system32\drivers\agbwzpso.sys []
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender9\bdfdll.sys []
S3 BthKicker;Apple Bluetooth Device Driver; C:\WINDOWS\system32\DRIVERS\BthKicker.sys [2007-06-04 7424]
S3 BTHPORT;Ovladac portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\DC++\Downloads\everest 2006\everestultimate_build_0492_n9vqc4xkltp\kerneld.wnt []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-12-16 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-12-16 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-12-16 21744]
S3 iSightUpdate;iSight Update Driver; C:\WINDOWS\system32\DRIVERS\iSightUP.sys [2007-06-04 18304]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys []
S3 se59bus;Sony Ericsson Device 089 driver (WDM); C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS); C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM); C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Trída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladac skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Dálnopisný kodek svetového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-04 446464]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-07-25 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-09-30 214520]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\STacSV.exe [2007-06-04 86016]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-08-27 1051968]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 AppleTimeSrv;Apple Time Service; C:\WINDOWS\system32\AppleTimeSrv.exe [2007-06-04 95824]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-03-13 520192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-02-17 69632]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-09-11 435008]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 gupdate1ca3c76f8eafc3c;Služba Google Update (gupdate1ca3c76f8eafc3c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-23 133104]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]

-----------------EOF-----------------

Zdravím, tyhle zbytečnosti fixni v HJT :

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {283B4AA3-1B7A-46E6-B56D-90EF4743FB2C} - (no file)

HJT najdeš zde :

C:\Program Files\trend micro\imac.exe

Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Jinak nic špatného nevidím, je tedy nějaký problém s PC ?

dik za odpoved... povodne som mal taky problem ze mi z nicoho nic prehliadace (firefox, chrome) nechceli nacitat niektore stranky alebo len velmi pomaly a zaroven sa mi v procesoch zjavili 2x lsass.exe a 2x smss.exe z coho tie nove duplikaty neboli systemove ... tak som skusil obnovu systemu a vyzera to tak ze problem sa stratil ako aj procesy.

No mohl bys použít Mbam z mého podpisu a dát mi sem z něj log dříve než něco smažeš.

Mbam scan :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4735

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

3.10.2010 12:08:48
mbam-log-2010-10-03 (12-08-48).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 136130
Uplynulý èas: 6 min, 1 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registraèné k¾úèe: 0
Infikované registraèné hodnoty: 0
Infikované položky registraèných dát: 0
Infikované prieèinky: 1
Infikované súbory: 5

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registraèné k¾úèe:
(Škodlivé položky neboli zistené)

Infikované registraèné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registraèných dát:
(Škodlivé položky neboli zistené)

Infikované prieèinky:
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Infikované súbory:
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\WINDOWS\lsass.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\WINDOWS\smss.exe (Trojan.Agent) -> Quarantined and deleted successfully.



po dalsom scane mi to uz nic nenaslo .

Psal jsem že mi sem máš dát log dříve než něco smažeš, ale co už se stalo.

Nyní použijeme větší kalibr a ten už chyby netoleruje, tak že tentokrát pozorně číst.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

combo fix log :
ComboFix 10-10-03.01 - imac 04.10.2010 16:01:42.2.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1029.18.1008.492 [GMT 2:00]
Running from: c:\documents and settings\imac\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\spool\prtprocs\w32x86\hpzpp3xu.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))
.

2010-10-03 10:01 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-03 10:00 . 2010-10-03 10:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-03 10:00 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 09:58 . 2010-10-01 09:58 33 ----a-w- c:\documents and settings\All Users\Data aplikací\SecTaskMan\icn_E4BF75D27726D6A4789303C48350B198.dll
2010-09-30 16:38 . 2010-09-30 16:39 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-30 14:14 . 2010-09-30 18:23 4 ----a-w- C:\cache.dat
2010-09-30 13:28 . 2010-09-30 13:28 -------- d-----w- C:\rsit
2010-09-29 17:58 . 2010-09-29 17:58 -------- d-----w- c:\program files\Activision
2010-09-23 14:29 . 2010-09-23 14:29 -------- d-----w- c:\program files\JitBit
2010-09-11 19:59 . 2010-08-27 13:02 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-09-11 19:59 . 2010-08-27 12:56 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-09-11 19:58 . 2010-09-11 19:58 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-09-09 14:10 . 2010-09-09 14:11 -------- d-----w- C:\Stinger Mouse Driver
2010-09-06 09:55 . 2010-09-06 09:55 1791 ----a-w- c:\documents and settings\imac\Data aplikací\.purple\certificates\x509\tls_peers\bos.oscar.aol.com
2010-09-06 09:55 . 2010-09-06 09:55 1505 ----a-w- c:\documents and settings\imac\Data aplikací\.purple\certificates\x509\tls_peers\slogin.oscar.aol.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 13:44 . 2009-08-09 15:13 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-04 13:43 . 2009-08-09 15:14 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-04 10:55 . 2010-01-19 21:50 12 ----a-w- c:\windows\bthservsdp.dat
2010-10-03 17:14 . 2010-02-22 16:50 1 ----a-w- c:\documents and settings\imac\Data aplikací\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-07 15:12 . 2010-07-12 16:37 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-07-12 16:37 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-07-12 16:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-07-12 16:37 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-07-12 16:37 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-07-12 16:37 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-07-12 16:37 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-07-12 16:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-07-12 16:37 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-05 18:30 . 2006-03-02 10:00 63744 ----a-w- c:\windows\system32\perfc005.dat
2010-09-05 18:30 . 2006-03-02 10:00 402826 ----a-w- c:\windows\system32\perfh005.dat
2010-08-24 08:44 . 2010-08-24 08:44 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-17 13:43 . 2010-08-17 13:43 -------- d-----w- c:\program files\mIRC
2010-08-12 21:49 . 2010-07-25 17:02 187528 ----a-w- c:\documents and settings\imac\Data aplikací\id Software\quakelive\home\baseq3\uix86.dll
2010-08-12 21:39 . 2010-07-25 17:02 388232 ----a-w- c:\documents and settings\imac\Data aplikací\id Software\quakelive\home\baseq3\cgamex86.dll
2010-08-12 21:38 . 2010-08-12 21:03 478344 ----a-w- c:\documents and settings\imac\Data aplikací\id Software\quakelive\home\baseq3\qagamex86.dll
2010-08-12 21:38 . 2010-07-25 17:02 57344 ----a-w- c:\documents and settings\imac\Data aplikací\id Software\quakelive\home\pb\pbag.dll
2010-08-12 21:38 . 2010-07-25 17:02 887448 ----a-w- c:\documents and settings\imac\Data aplikací\id Software\quakelive\home\pb\pbcl.dll
2010-08-12 21:38 . 2010-07-25 17:02 2600072 ----a-w- c:\documents and settings\imac\Data aplikací\id Software\quakelive\home\baseq3\quakelive.dll
2010-08-08 20:32 . 2009-08-27 17:10 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-08-02 09:31 . 2010-08-02 09:31 629896 ----a-w- c:\documents and settings\All Users\Data aplikací\id Software\QuakeLive\npquakezero.dll
2010-08-02 09:24 . 2010-08-02 09:24 2373712 ----a-w- c:\documents and settings\All Users\Data aplikací\id Software\QuakeLive\pbsvc.exe
2010-07-25 16:50 . 2009-08-09 15:13 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-07-25 13:29 . 2010-07-25 13:29 61440 ----a-w- c:\documents and settings\imac\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4e06af86-n\decora-sse.dll
2010-07-25 13:29 . 2010-07-25 13:29 503808 ----a-w- c:\documents and settings\imac\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-45efba37-n\msvcp71.dll
2010-07-25 13:29 . 2010-07-25 13:29 499712 ----a-w- c:\documents and settings\imac\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-45efba37-n\jmc.dll
2010-07-25 13:29 . 2010-07-25 13:29 348160 ----a-w- c:\documents and settings\imac\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-45efba37-n\msvcr71.dll
2010-07-25 13:29 . 2010-07-25 13:29 12800 ----a-w- c:\documents and settings\imac\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4e06af86-n\decora-d3d.dll
2010-07-25 13:29 . 2010-07-25 13:29 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-20 12:21 . 2010-07-20 12:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-12 10:34 . 2010-07-12 10:34 38592 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-02-01 20:22 . 2008-04-01 18:47 6148 ---ha-w- c:\program files\.DS_Store
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files\OSCAR Editor\OscarEditor.exe" [2009-11-24 2642432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 110592]
"IRW"="c:\windows\system32\IRW.exe" [2007-06-04 147456]
"Brightness"="c:\windows\system32\Brightness.exe" [2007-06-04 235088]
"Apple_KbdMgr"="c:\program files\Boot Camp\KbdMgr.exe" [2007-06-04 390736]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"WheelMouse"="c:\stinge~1\wh_exec.exe" [2007-11-10 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštení^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštení\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^imac^Nabídka Start^Programy^Po spuštení^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\imac\Nabídka Start\Programy\Po spuštení\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OscarEditor]
2009-11-24 16:13 2642432 ----a-w- c:\program files\OSCAR Editor\OscarEditor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=2 (0x2)
"prfldsvc"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"NMIndexingService"=3 (0x3)
"iPod Service"=3 (0x3)
"gupdate1ca3c76f8eafc3c"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\WINDOWS\\System32\\PnkBstrA.exe"=
"c:\\WINDOWS\\System32\\PnkBstrB.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18023:TCP"= 18023:TCP:*:Disabled:BitComet 18023 TCP
"18023:UDP"= 18023:UDP:*:Disabled:BitComet 18023 UDP
"18844:TCP"= 18844:TCP:BitComet 18844 TCP
"18844:UDP"= 18844:UDP:BitComet 18844 UDP

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.7.2010 18:37 165584]
R1 HMFAxCore037d6601ae411556da2f9588b1bb2812;HMFAxCore037d6601ae411556da2f9588b1bb2812;c:\windows\system32\drivers\HMFAxCore037d6601ae411556da2f9588b1bb2812.sys [10.1.2009 19:30 22304]
R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [4.6.2007 14:51 95824]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.7.2010 18:37 17744]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [4.6.2007 14:40 4864]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [4.6.2007 14:39 5632]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [27.8.2010 14:59 1051968]
R3 applebt;Apple Built-in Bluetooth;c:\windows\system32\drivers\applebt.sys [18.7.2007 12:59 8064]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [18.7.2007 13:02 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [18.7.2007 13:02 10752]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [24.2.2010 14:41 10064]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [19.3.2009 15:01 6784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 BthKicker;Apple Bluetooth Device Driver;c:\windows\system32\drivers\BthKicker.sys [18.7.2007 13:02 7424]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\DC++\Downloads\everest 2006\everestultimate_build_0492_n9vqc4xkltp\kerneld.wnt --> c:\program files\DC++\Downloads\everest 2006\everestultimate_build_0492_n9vqc4xkltp\kerneld.wnt [?]
S3 iSightUpdate;iSight Update Driver;c:\windows\system32\drivers\iSightUP.sys [18.7.2007 12:58 18304]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 gupdate1ca3c76f8eafc3c;Služba Google Update (gupdate1ca3c76f8eafc3c);c:\program files\Google\Update\GoogleUpdate.exe [23.9.2009 19:55 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.12.2007 16:48 685816]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PNKBSTRB
*NewlyCreated* - PNKBSTRK

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-23 17:54]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-23 17:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.videobash.com/?cfg=2-215-0-1x6sE
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
FF - ProfilePath - c:\documents and settings\imac\Data aplikací\Mozilla\Firefox\Profiles\ge58dcy9.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe



[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\DC++\Downloads\everest 2006\everestultimate_build_0492_n9vqc4xkltp\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1482476501-1767777339-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D88C9E6D-AA7C-7173-2048-C14F71D306CC}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"naapeejppfaojpkomonlpnackmoj"=hex:6a,61,65,65,67,6c,69,61,6d,70,62,6a,63,63,
62,67,64,6f,68,67,00,f9
"macoghnkffghlohkdlfdjkpfdf"=hex:6a,61,65,65,67,6c,69,61,6d,70,62,6a,63,63,62,
67,64,6f,68,67,00,f9

[HKEY_USERS\S-1-5-21-1482476501-1767777339-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:f3,53,ab,31,6d,7a,20,c1,30,b8,fc,27,8f,1d,69,e3,b7,19,0b,b3,64,
6f,bb,0f,ba,30,fe,02,9f,0c,4b,47,17,df,2e,58,30,a7,44,12,71,af,12,78,0f,12,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1204)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2672)
c:\program files\Xfire\xfire_toucan_43094.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-04 16:06:56
ComboFix-quarantined-files.txt 2010-10-04 14:06

Pre-Run: 3 333 111 808
Post-Run: 3 295 526 912

- - End Of File - - BFF8835DE1EE2A77BBC432ADB215BBCD

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jaký je stav PC.

vsetko vyzera vporiadku . velka vdaka za pomoc

Není zač.