VIRY.CZ

Dobrý deň, kamarátka mi dala jej notebook aby som s ním niečo porobil lebo bol naozaj veľmi pomalý, dokonca aj keď som otváral tento počítač tak som čakal asi 30 sekúnd
tak som to zatiaľ prečistil tuneupom je to o niečo lepšie ako predtým, aj prečistil disk aby mala dosť miesta aj to niečo pomohlo, a dal som jej preč antivírus lebo mala nejaký divný, dám jej tam ten čo mám aj ja,...

tu je log z RSIT prosím pozrite sa na to či tam ešte nie je niečo čo to tak spomaluje

ďakujem

Logfile of random's system information tool 1.08 (written by random/random)
Run by Katka at 2010-10-06 17:49:46
Microsoft® Windows Vista™ Home Premium
System drive C: has 82 GB (68%) free of 120 GB
Total RAM: 1918 MB (66% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\User_Feed_Synchronization-{7742CFB6-2AE7-4729-AD64-B693622A507F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
MediaBar - C:\Program Files\BearShareTb\BearShareDx.dll [2009-08-10 91576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
Media Access Startup - C:\Program Files\Media Access Startup\2.0.0.1050\HPIEAddOn.dll [2009-09-08 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2010-07-28 1267024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
NP Helper Class - C:\Program Files\Internet Saving Optimizer\3.8.1.4690\NPIEAddOn.dll [2009-09-09 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
System Search Dispatcher - C:\Program Files\System Search Dispatcher\1.4.3.1040\ssd.dll [2009-09-10 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0974BA1E-64EC-11DE-B2A5-E43756D89593} - MediaBar - C:\Program Files\BearShareTb\BearShareDx.dll [2009-08-10 91576]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2010-07-28 1267024]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-03-11 1006264]
"NDSTray.exe"=NDSTray.exe []
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-11-29 1029416]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2008-01-17 431456]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2007-10-31 54608]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-10-06 17:49:51 ----SHD---- C:\Config.Msi
2010-10-06 17:49:46 ----D---- C:\rsit
2010-10-06 17:49:46 ----D---- C:\Program Files\trend micro
2010-10-06 16:06:16 ----A---- C:\Windows\system32\TUProgSt.exe
2010-10-06 16:06:13 ----A---- C:\Windows\system32\uxtuneup.dll
2010-10-06 16:06:12 ----A---- C:\Windows\system32\authuitu.dll
2010-10-06 16:06:07 ----A---- C:\Windows\system32\TuneUpDefragService.exe
2010-10-06 16:06:00 ----D---- C:\Users\Katka\AppData\Roaming\TuneUp Software
2010-10-06 16:05:03 ----D---- C:\Program Files\TuneUp Utilities 2009
2010-10-06 16:05:02 ----D---- C:\ProgramData\TuneUp Software
2010-10-06 16:03:44 ----SHD---- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}

======List of files/folders modified in the last 1 months======

2010-10-06 17:49:52 ----D---- C:\Windows\Temp
2010-10-06 17:49:47 ----SHD---- C:\Windows\Installer
2010-10-06 17:49:46 ----RD---- C:\Program Files
2010-10-06 17:32:53 ----SHD---- C:\Boot
2010-10-06 17:32:53 ----D---- C:\Windows\system32\config
2010-10-06 17:15:09 ----HD---- C:\ProgramData
2010-10-06 17:15:09 ----D---- C:\Windows
2010-10-06 17:15:09 ----D---- C:\Program Files\Google
2010-10-06 17:05:59 ----D---- C:\Windows\system32\Tasks
2010-10-06 17:00:53 ----AD---- C:\Windows\System32
2010-10-06 17:00:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-06 17:00:52 ----D---- C:\Windows\inf
2010-10-06 16:28:17 ----D---- C:\Windows\Minidump
2010-10-06 16:27:08 ----SHD---- C:\System Volume Information
2010-10-06 16:18:34 ----D---- C:\Windows\system32\drivers
2010-10-06 16:14:46 ----D---- C:\Users\Katka\AppData\Roaming\OpenOffice.org2
2010-10-06 16:09:49 ----D---- C:\Users\Katka\AppData\Roaming\skypePM
2010-10-06 16:06:06 ----D---- C:\Windows\Tasks
2010-10-06 15:41:10 ----D---- C:\Windows\Prefetch
2010-10-06 15:38:34 ----D---- C:\ProgramData\McAfee
2010-10-06 15:38:24 ----D---- C:\Program Files\Common Files
2010-10-06 15:28:54 ----A---- C:\Users\Katka\AppData\Roaming\burnaware.ini
2010-10-06 15:26:20 ----D---- C:\Users\Katka\AppData\Roaming\Skype
2010-10-06 15:25:45 ----D---- C:\Program Files\Winamp
2010-10-06 10:13:08 ----SD---- C:\Users\Katka\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 7680]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-09-03 717296]
R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2008-01-21 285184]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-17 8704]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-27 2929664]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2008-02-01 187904]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]
R3 QIOMem;Generic IO & Memory Access; C:\Windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]
R3 RTL8187B;Síťový adaptér Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0; C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-03-11 82432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-11-29 196144]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-12-26 131584]
R3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-11-29 74240]
R3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-03-11 133888]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101632]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-07-27 610304]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-12 65536]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 Sukoku Service;Sukoku Service; C:\ProgramData\Sukoku\sukoku125.exe [2009-10-28 54760]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-08-24 185640]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-01-21 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2008-01-17 431456]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 128360]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2010-10-06 603904]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-07-04 779560]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-07-04 267560]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2010-10-06 360192]

-----------------EOF-----------------

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Zatiaľ ďakujem, tu je druhý log

ComboFix 10-10-05.06 - Katka . 10. 2010 20:04:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.421.1029.18.1918.1395 [GMT 2:00]
Running from: c:\users\Katka\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.8.1.4690\adwpx.exe
c:\program files\Internet Saving Optimizer\3.8.1.4690\Data\config.md
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.8.1.4690\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.8.1.4690\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.8.1.4690\unins000.dat
c:\program files\Internet Saving Optimizer\3.8.1.4690\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\2.0.0.1050\Data\config.md
c:\program files\Media Access Startup\2.0.0.1050\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\2.0.0.1050\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\2.0.0.1050\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome.manifest
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\2.0.0.1050\FF\install.rdf
c:\program files\Media Access Startup\2.0.0.1050\HPCommon.dll
c:\program files\Media Access Startup\2.0.0.1050\HPIEAddOn.dll
c:\program files\Media Access Startup\2.0.0.1050\hppx.exe
c:\program files\Media Access Startup\2.0.0.1050\MAHelper.exe
c:\program files\Media Access Startup\2.0.0.1050\unins000.dat
c:\program files\Media Access Startup\2.0.0.1050\unins000.exe
c:\program files\System Search Dispatcher\1.4.3.1040\ssD.dll
c:\users\Katka\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-06 18:18 . 2010-10-06 18:20 -------- d-----w- c:\users\Katka\AppData\Local\temp
2010-10-06 18:18 . 2010-10-06 18:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-06 15:49 . 2010-10-06 15:49 -------- d-----w- C:\rsit
2010-10-06 15:49 . 2010-10-06 15:49 -------- d-----w- c:\program files\trend micro
2010-10-06 14:06 . 2010-10-06 14:06 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2010-10-06 14:06 . 2008-12-11 11:31 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2010-10-06 14:06 . 2008-12-11 11:31 17152 ----a-w- c:\windows\system32\authuitu.dll
2010-10-06 14:06 . 2010-10-06 14:06 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-10-06 14:06 . 2010-10-06 14:06 -------- d-----w- c:\users\Katka\AppData\Roaming\TuneUp Software
2010-10-06 14:05 . 2010-10-06 14:05 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-10-06 14:05 . 2010-10-06 14:05 -------- d-----w- c:\programdata\TuneUp Software
2010-10-06 14:03 . 2010-10-06 14:03 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 15:15 . 2008-03-11 09:48 -------- d-----w- c:\program files\Google
2010-10-06 15:00 . 2007-01-08 21:09 81312 ----a-w- c:\windows\system32\perfc005.dat
2010-10-06 15:00 . 2007-01-08 21:09 465114 ----a-w- c:\windows\system32\perfh005.dat
2010-10-06 14:14 . 2008-09-16 20:46 -------- d-----w- c:\users\Katka\AppData\Roaming\OpenOffice.org2
2010-10-06 14:09 . 2008-09-05 21:26 -------- d-----w- c:\users\Katka\AppData\Roaming\skypePM
2010-10-06 13:38 . 2008-03-11 09:44 -------- d-----w- c:\programdata\McAfee
2010-10-06 13:26 . 2008-09-05 21:22 -------- d-----w- c:\users\Katka\AppData\Roaming\Skype
2010-10-06 13:25 . 2008-09-03 15:03 -------- d-----w- c:\program files\Winamp
2010-09-26 10:40 . 2008-09-16 20:47 1 ----a-w- c:\users\Katka\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-08-11 20:44 . 2008-09-03 15:03 -------- d-----w- c:\users\Katka\AppData\Roaming\Winamp
2010-08-11 20:39 . 2010-08-11 20:39 -------- d-----w- c:\program files\Winamp Toolbar
2010-07-29 19:14 . 2009-03-17 08:43 680 ----a-w- c:\users\Katka\AppData\Local\d3d9caps.dat
2010-07-28 15:36 . 2010-07-28 15:36 180224 ----a-w- c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\winamptbres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-08-10 14:06 91576 ----a-w- c:\program files\BearShareTb\BearShareDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShareTb\BearShareDx.dll" [2009-08-10 91576]

[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-03-11 1006264]
"NDSTray.exe"="NDSTray.exe" [BU]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-1-25 2938184]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ares"="c:\program files\Ares\Ares.exe" -h
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"TOSCDSPD"=TOSCDSPD.EXE
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" /start
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"Desktop SMS"=c:\program files\IDM\Desktop SMS\DesktopSMS.exe /auto
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe"
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"topi"=c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe"
"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"00TCrdMain"=%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-09-03 717296]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 Sukoku Service;Sukoku Service;c:\programdata\Sukoku\sukoku125.exe [2009-10-28 54760]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-08-24 185640]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-02-01 187904]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]
S3 RTL8187B;Síťový adaptér Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2010-10-06 c:\windows\Tasks\User_Feed_Synchronization-{7742CFB6-2AE7-4729-AD64-B693622A507F}.job
- c:\windows\system32\msfeedssync.exe [2010-04-30 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home
FF - ProfilePath - c:\users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\ubr41659.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----


FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\2.0.0.1050\unins000.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-06 20:27:33
ComboFix-quarantined-files.txt 2010-10-06 18:27

Pre-Run: Volných bajtů: 76 706 480 128
Post-Run: Volných bajtů: 76 784 246 784

- - End Of File - - 88BA89ED238BD712D6275C30CEFA08B5

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\BearShareTb

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
[-HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pustte. CF se spustí a vykoná příkazy ze skriptu.