Controla logu - celkové zpomaleni compu.

[parazit27]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Marian at 2010-11-16 19:59:22
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 54 GB (69%) free of 79 GB
Total RAM: 1527 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:59:26, on 16.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Instal\hodiny na plochu\tclock.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Instal\rsit\RSIT.exe
C:\Program Files\trend micro\Marian.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=15627
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TransClock] "D:\Instal\hodiny na plochu\tclock.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí NetXferu - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí Net&Xferu - C:\Program Files\Xi\NetXfer\NXAddList.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 9976804577
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9976755124
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6518 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\wavepadShakeIcon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83B80A9C-D91A-4F22-8DCF-EA7204039F79}]
NXIECatcher Class - C:\Program Files\Xi\NetXfer\NXIEHelper.dll [2007-08-15 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-22 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - NetXfer - C:\Program Files\Xi\NetXfer\NXToolBar.dll [2007-07-11 57344]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-07-30 143360]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-09-07 2838912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
"TransClock"=D:\Instal\hodiny na plochu\tclock.exe [2010-08-27 248320]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Databox\Databanka\ContactLite.exe"="D:\Program Files\Databox\Databanka\ContactLite.exe:*:Enabled:Databanka českých firem"
"C:\Program Files\Databox\Server\nxServer.exe"="C:\Program Files\Databox\Server\nxServer.exe:*:Enabled:nxServer"
"D:\Program Files\Databox\Server\nxServer.exe"="D:\Program Files\Databox\Server\nxServer.exe:*:Enabled:nxServer"
"C:\Program Files\NinjaTrader 7\bin\NinjaTrader.exe"="C:\Program Files\NinjaTrader 7\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application"
"C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe"="C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\PathFinder Trader\fbSSL\fbssl.exe"="C:\Program Files\PathFinder Trader\fbSSL\fbssl.exe:*:Enabled:fbssl"
"C:\Program Files\PathFinder Trader\PathFinder.exe"="C:\Program Files\PathFinder Trader\PathFinder.exe:*:Enabled:PathFinder Trader"
"D:\Instal\MP4 to MP3\VideoConverter_Setup.exe"="D:\Instal\MP4 to MP3\VideoConverter_Setup.exe:*:Enabled:Video Converter"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\Marian\Local Settings\Temp\Rar$EX00.828\PedalPower.exe"="C:\Documents and Settings\Marian\Local Settings\Temp\Rar$EX00.828\PedalPower.exe:*:Enabled:PedalPower"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Xi\NetXfer\NetTransport.exe"="C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager"
"D:\Instal\asf to avi\asftoavi.exe"="D:\Instal\asf to avi\asftoavi.exe:*:Enabled:Video Converter"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Sibelius Software\Sibelius 6\RegTool.exe"="C:\Program Files\Sibelius Software\Sibelius 6\RegTool.exe:*:Enabled:RegTool.exe"
"C:\Program Files\Sibelius Software\Sibelius 6\Sibelius.exe"="C:\Program Files\Sibelius Software\Sibelius 6\Sibelius.exe:*:Enabled:Sibelius.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-11-15 23:50:21 ----D---- C:\Program Files\Microsoft Expression
2010-11-15 16:57:02 ----A---- C:\WINDOWS\system32\DfSdkBt.exe
2010-11-15 08:36:46 ----A---- C:\WINDOWS\crywmvtoavi.ini
2010-11-15 08:35:37 ----D---- C:\Program Files\Crystal Software
2010-11-14 23:51:07 ----D---- C:\Program Files\NCH Software
2010-11-14 23:42:22 ----D---- C:\Documents and Settings\Marian\Data aplikací\NCH Swift Sound
2010-11-14 23:42:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\NCH Swift Sound
2010-11-14 23:42:09 ----D---- C:\Program Files\NCH Swift Sound
2010-11-10 17:17:01 ----A---- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
2010-11-10 17:11:33 ----D---- C:\Program Files\Ss-Tools
2010-11-10 15:16:56 ----A---- C:\WINDOWS\system32\AUDIOGENIE2.DLL
2010-11-10 15:16:47 ----D---- C:\WINDOWS\Replay Media Catcher
2010-11-10 15:16:35 ----D---- C:\Program Files\Replay Media Catcher
2010-11-10 10:09:39 ----D---- C:\Program Files\Common Files\Digidesign
2010-11-10 10:09:23 ----A---- C:\WINDOWS\system32\NI_IRC_1_2.dll
2010-11-10 10:09:23 ----A---- C:\WINDOWS\system32\NI_DFD_1_5.dll
2010-11-10 10:09:20 ----D---- C:\Program Files\Native Instruments
2010-11-10 09:57:53 ----D---- C:\Documents and Settings\Marian\Data aplikací\EBookSys
2010-11-08 18:01:50 ----D---- C:\Program Files\Cossacks
2010-11-08 18:01:12 ----RA---- C:\WINDOWS\uncsetup.exe
2010-11-08 09:18:03 ----D---- C:\Program Files\PokerStars
2010-11-08 09:08:14 ----D---- C:\Documents and Settings\Marian\Data aplikací\PacificPoker
2010-11-08 09:07:56 ----D---- C:\Program Files\PacificPoker
2010-11-07 00:10:46 ----D---- C:\Documents and Settings\Marian\Data aplikací\COWON
2010-11-07 00:09:27 ----D---- C:\Program Files\Common Files\COWON
2010-11-07 00:09:25 ----D---- C:\Program Files\JetAudio
2010-11-06 11:39:35 ----D---- C:\Program Files\ElcomSoft
2010-11-04 17:22:59 ----D---- C:\Program Files\QuickTime
2010-11-04 17:22:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-11-04 17:22:07 ----D---- C:\Program Files\Common Files\Apple
2010-11-04 17:21:54 ----D---- C:\Program Files\Apple Software Update
2010-11-04 17:21:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2010-11-02 00:48:51 ----D---- C:\Program Files\Common Files\PCSuite
2010-11-02 00:48:44 ----D---- C:\Program Files\Common Files\Nokia
2010-11-02 00:48:27 ----D---- C:\Program Files\PC Connectivity Solution
2010-11-02 00:48:21 ----A---- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2010-11-02 00:48:20 ----A---- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2010-11-02 00:48:19 ----A---- C:\WINDOWS\system32\wdfcoinstaller01009.dll
2010-11-02 00:48:19 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2010-11-02 00:48:19 ----A---- C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010-11-02 00:48:19 ----A---- C:\WINDOWS\system32\drivers\ccdcmb.sys
2010-11-02 00:48:13 ----D---- C:\Program Files\Nokia
2010-11-02 00:28:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\MP3Recorder
2010-10-23 17:45:16 ----A---- C:\WINDOWS\system32\msonpmon.dll
2010-10-23 17:14:44 ----D---- C:\Documents and Settings\Marian\Data aplikací\GetRightToGo
2010-10-22 08:48:34 ----D---- C:\Program Files\PFGBest
2010-10-22 08:27:51 ----D---- C:\Documents and Settings\Marian\Data aplikací\Media Player Classic
2010-10-22 05:47:30 ----D---- C:\Program Files\VTTrader 2
2010-10-21 16:41:11 ----D---- C:\Program Files\Ashampoo
2010-10-21 15:20:52 ----D---- C:\Documents and Settings\Marian\Data aplikací\ImTOO
2010-10-21 13:38:50 ----D---- C:\Users
2010-10-21 11:57:06 ----D---- C:\Program Files\Agree Free AVI DIVX WMV WMV to MPEG DVD Converter
2010-10-21 11:56:54 ----D---- C:\Program Files\XP Codec Pack
2010-10-21 11:38:33 ----D---- C:\DigitalVideoConverter
2010-10-21 11:38:30 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-10-21 11:37:39 ----D---- C:\Program Files\DigitalVideoConverter
2010-10-21 11:29:40 ----D---- C:\Program Files\Babylon
2010-10-21 11:29:34 ----D---- C:\Program Files\VideoConverter
2010-10-21 10:49:33 ----D---- C:\Documents and Settings\Marian\Data aplikací\Xi
2010-10-21 10:49:05 ----D---- C:\Program Files\Xi
2010-10-21 07:43:15 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-10-21 07:43:15 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-10-21 07:43:14 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-10-21 07:43:13 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-10-21 07:43:12 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-10-21 07:43:12 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-10-21 07:43:12 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-10-21 07:43:01 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-10-18 14:04:33 ----D---- C:\Documents and Settings\Marian\Data aplikací\OpenOffice.org
2010-10-18 14:00:06 ----D---- C:\Program Files\OpenOffice.org 3
2010-10-18 13:24:34 ----D---- C:\Documents and Settings\Marian\Data aplikací\Ashampoo
2010-10-18 13:22:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\ashampoo

======List of files/folders modified in the last 1 months======

2010-11-16 19:59:24 ----D---- C:\Program Files\trend micro
2010-11-16 19:58:47 ----D---- C:\WINDOWS\Prefetch
2010-11-16 19:47:27 ----D---- C:\WINDOWS\Temp
2010-11-16 19:46:35 ----D---- C:\Documents and Settings\Marian\Data aplikací\Skype
2010-11-16 17:53:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-16 13:05:52 ----D---- C:\WINDOWS\Microsoft.NET
2010-11-16 13:05:51 ----RSD---- C:\WINDOWS\assembly
2010-11-16 02:26:33 ----SHD---- C:\WINDOWS\Installer
2010-11-16 02:26:33 ----D---- C:\Config.Msi
2010-11-16 02:24:47 ----D---- C:\WINDOWS\system32
2010-11-16 02:24:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-16 02:24:30 ----D---- C:\WINDOWS\WinSxS
2010-11-16 01:56:19 ----SD---- C:\WINDOWS\Tasks
2010-11-16 00:24:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-15 23:50:40 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-11-15 23:50:21 ----D---- C:\Program Files
2010-11-15 23:48:06 ----D---- C:\WINDOWS\system32\cs-cz
2010-11-15 17:00:25 ----D---- C:\WINDOWS\Debug
2010-11-15 17:00:25 ----D---- C:\WINDOWS
2010-11-15 13:12:57 ----D---- C:\Program Files\Digiarty
2010-11-12 13:19:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2010-11-11 16:55:54 ----D---- C:\Program Files\XTB-Trader
2010-11-11 12:18:39 ----D---- C:\WINDOWS\system32\Restore
2010-11-10 17:21:54 ----D---- C:\Documents and Settings\Marian\Data aplikací\Sibelius Software
2010-11-10 17:21:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sibelius Software
2010-11-10 17:19:48 ----D---- C:\Program Files\Sibelius Software
2010-11-10 17:18:40 ----SD---- C:\Documents and Settings\Marian\Data aplikací\Microsoft
2010-11-10 17:18:00 ----RSD---- C:\WINDOWS\Fonts
2010-11-10 10:10:13 ----D---- C:\Program Files\Mozilla Thunderbird
2010-11-10 10:09:39 ----D---- C:\Program Files\Common Files
2010-11-10 08:25:58 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-07 00:26:25 ----A---- C:\WINDOWS\wincmd.ini
2010-11-07 00:18:33 ----D---- C:\Documents and Settings\Marian\Data aplikací\Forexyard
2010-11-07 00:09:23 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-06 13:25:41 ----D---- C:\Program Files\MP3Recorder
2010-11-05 16:32:14 ----D---- C:\Program Files\DVD Shrink
2010-11-02 00:51:59 ----D---- C:\WINDOWS\system32\drivers
2010-11-02 00:51:55 ----D---- C:\WINDOWS\system32\drivers\UMDF
2010-11-02 00:51:35 ----HD---- C:\WINDOWS\inf
2010-11-02 00:50:10 ----D---- C:\WINDOWS\system32\CatRoot
2010-11-02 00:49:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-01 14:51:46 ----DC---- C:\WINDOWS\system32\dllcache
2010-11-01 09:54:02 ----D---- C:\Documents and Settings\Marian\Data aplikací\skypePM
2010-10-29 07:17:07 ----D---- C:\Program Files\Mozilla Firefox
2010-10-24 22:09:29 ----D---- C:\Documents and Settings\Marian\Data aplikací\Adobe
2010-10-24 22:09:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-10-24 10:23:10 ----D---- C:\Program Files\Common Files\Adobe
2010-10-24 10:21:21 ----D---- C:\Program Files\Adobe
2010-10-24 10:20:26 ----D---- C:\Program Files\Common Files\InstallShield
2010-10-23 18:19:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-10-23 18:18:45 ----D---- C:\Program Files\Microsoft Works
2010-10-23 18:18:45 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-10-23 18:18:44 ----D---- C:\Program Files\Microsoft Office
2010-10-23 17:45:05 ----D---- C:\WINDOWS\system32\config
2010-10-21 07:38:07 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-10-20 16:25:16 ----D---- C:\Program Files\Common Files\Ahead
2010-10-19 21:51:33 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-10-18 13:52:22 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-08-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-10 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 MLPTDR_C;MLPTDR_C; \??\C:\WINDOWS\system32\MLPTDR_C.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-07-25 176640]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2003-04-16 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-15 612416]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys []
S3 ateylbif;ateylbif; C:\WINDOWS\system32\drivers\ateylbif.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe [2009-08-24 406016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-22 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-30 133104]
S2 MSSQLSERVER;SQL Server (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[parazit27]

Díky za čas

[Rudy]

Nemáte zač!

[parazit27]

Dobrý večer,

můžete prosím projet log. Nahlášeni nějací koně.

díky moc.


Logfile of random's system information tool 1.09 (written by random/random)
Run by MM at 2011-11-01 23:34:11
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (11%) free of 79 GB
Total RAM: 1527 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:34:13, on 1.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17103)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Documents and Settings\MM\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MM\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MM\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MM\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MM\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\MM.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=102876&gct=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TransClock] "D:\Instal\hodiny na plochu\tclock.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\MM\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4505313379
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8628 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-796845957-1606980848-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-796845957-1606980848-1004UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\MM\Data aplikací\Mozilla\Firefox\Profiles\ezv486r8.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =723823&p="

"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
"{6904342A-8307-11DF-A508-4AE2DFD72085}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npwachk.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Documents and Settings\MM\Data aplikací\Mozilla\Firefox\Profiles\ezv486r8.default\extensions\
cacaoweb@cacaoweb.org

C:\Documents and Settings\MM\Data aplikací\Mozilla\Firefox\Profiles\ezv486r8.default\searchplugins\
askcom.xml
daemon-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll [2011-09-27 1050464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll [2011-09-27 1050464]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-09-06 3722416]
"DivX Download Manager"= []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-09-27 894304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"TransClock"=D:\Instal\hodiny na plochu\tclock.exe [2010-08-27 248320]
"Google Update"=C:\Documents and Settings\MM\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-01-08 136176]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2011-06-16 1500160]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\PROGRA~1\Eraser\Eraser.exe [2010-11-04 980368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
c:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-09-27 894304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlimDrivers]
C:\Program Files\SlimDrivers\SlimDrivers.exe [2011-04-01 23742304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MM^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MM^Nabídka Start^Programy^Po spuštění^EvernoteClipper.lnk]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.mui"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.mui:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\Sibelius Software\Sibelius 6\RegTool.exe"="C:\Program Files\Sibelius Software\Sibelius 6\RegTool.exe:*:Enabled:RegTool.exe"
"C:\Program Files\Sibelius Software\Sibelius 6\Sibelius.exe"="C:\Program Files\Sibelius Software\Sibelius 6\Sibelius.exe:*:Enabled:Sibelius.exe"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MIDI3"=SYNCOR11.DLL
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=LameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.vorbis"=vorbis.acm

======File associations======

.reg - open - "regedit.exe" "%1"
.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2011-11-01 23:27:22 ----D---- C:\rsit
2011-11-01 18:41:48 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-11-01 18:41:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-10-31 11:34:52 ----D---- C:\Program Files\Common Files\Skype
2011-10-31 11:33:57 ----D---- C:\Program Files\Automatické vypnutí počítače
2011-10-30 18:38:36 ----D---- C:\Program Files\ESET
2011-10-24 09:53:09 ----SHD---- C:\Config.Msi
2011-10-24 09:25:39 ----D---- C:\DVD_VIDEO_RECORDER
2011-10-24 09:20:21 ----D---- C:\Program Files\DVD Shrink
2011-10-24 09:08:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\LightScribe
2011-10-24 09:07:48 ----D---- C:\Documents and Settings\MM\Data aplikací\Nero
2011-10-24 09:04:48 ----D---- C:\Program Files\Common Files\Nero
2011-10-24 09:04:38 ----D---- C:\Program Files\Nero
2011-10-24 09:04:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2011-10-24 08:59:35 ----D---- C:\Program Files\Common Files\LightScribe
2011-10-20 15:06:36 ----D---- C:\Documents and Settings\MM\Data aplikací\FXTS2
2011-10-20 15:06:31 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{DF80F583-0FB3-4D00-948D-29F3329C1D87}
2011-10-13 16:48:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-13 16:41:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-13 16:41:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2011-10-13 16:35:28 ----A---- C:\WINDOWS\imsins.BAK
2011-10-10 00:12:03 ----A---- C:\WINDOWS\eNK.ini
2011-10-09 11:27:37 ----D---- C:\Program Files\Alawar
2011-10-09 11:21:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Big Fish Games
2011-10-09 11:14:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\BigFishGamesCache
2011-10-07 08:29:09 ----D---- C:\Documents and Settings\MM\Data aplikací\Search Settings
2011-10-07 08:29:02 ----D---- C:\Program Files\IObit Toolbar
2011-10-07 08:29:02 ----D---- C:\Program Files\Application Updater
2011-10-06 17:01:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\TNT-HF
2011-10-06 17:00:37 ----D---- C:\Program Files\CandleWorks
2011-10-06 17:00:30 ----D---- C:\Program Files\Gecko Software
2011-10-03 09:46:55 ----D---- C:\Program Files\EssentialPIM
2011-10-03 09:46:55 ----D---- C:\Documents and Settings\MM\Data aplikací\EssentialPIM
2011-10-02 00:20:55 ----D---- C:\Documents and Settings\MM\Data aplikací\PLANStudio Setup

======List of files/folders modified in the last 1 month======

2011-11-01 23:34:12 ----D---- C:\Program Files\Trend Micro
2011-11-01 23:27:53 ----D---- C:\WINDOWS\Prefetch
2011-11-01 22:33:13 ----SHD---- C:\WINDOWS\Installer
2011-11-01 22:31:42 ----D---- C:\WINDOWS\system32\drivers\etc
2011-11-01 22:30:00 ----D---- C:\WINDOWS
2011-11-01 22:09:42 ----D---- C:\WINDOWS\Temp
2011-11-01 22:05:29 ----D---- C:\Program Files\PokerStars.NET
2011-11-01 21:54:27 ----D---- C:\WINDOWS\system32\drivers
2011-11-01 21:53:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-01 21:53:39 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-01 21:52:58 ----D---- C:\Program Files\cacaoweb
2011-11-01 19:42:47 ----D---- C:\Documents and Settings\MM\Data aplikací\cacaoweb
2011-11-01 18:41:48 ----RD---- C:\Program Files
2011-11-01 18:26:35 ----D---- C:\Program Files\Microsoft ActiveSync
2011-11-01 00:20:04 ----D---- C:\Program Files\MetaTrader Admiral Markets AS
2011-10-31 11:37:21 ----D---- C:\WINDOWS\system32
2011-10-31 11:36:04 ----D---- C:\WINDOWS\system32\config
2011-10-31 11:35:43 ----D---- C:\WINDOWS\system32\wbem
2011-10-31 11:35:42 ----D---- C:\WINDOWS\Registration
2011-10-31 11:34:53 ----RD---- C:\Program Files\Skype
2011-10-31 11:34:52 ----D---- C:\Program Files\Common Files
2011-10-31 11:34:52 ----D---- C:\Documents and Settings\MM\Data aplikací\Skype
2011-10-31 11:34:35 ----D---- C:\Program Files\Ashampoo
2011-10-31 11:34:34 ----D---- C:\WINDOWS\WinSxS
2011-10-31 11:34:31 ----D---- C:\WINDOWS\system32\DirectX
2011-10-31 11:34:21 ----D---- C:\Documents and Settings\MM\Data aplikací\vlc
2011-10-31 11:34:21 ----D---- C:\Documents and Settings\MM\Data aplikací\dvdcss
2011-10-31 11:32:02 ----D---- C:\Program Files\MP3 Player Utilities 4.00
2011-10-31 11:31:52 ----D---- C:\Program Files\Nitro PDF
2011-10-31 11:27:41 ----SD---- C:\WINDOWS\Tasks
2011-10-31 08:29:29 ----D---- C:\Documents and Settings\MM\Data aplikací\PrimoPDF
2011-10-24 09:21:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2011-10-24 09:01:09 ----D---- C:\WINDOWS\SxsCaPendDel
2011-10-24 08:59:18 ----HD---- C:\WINDOWS\inf
2011-10-23 21:10:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-10-20 23:02:11 ----D---- C:\Documents and Settings\MM\Data aplikací\skypePM
2011-10-14 16:05:05 ----RSD---- C:\WINDOWS\assembly
2011-10-14 16:05:05 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-13 21:01:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-10-13 16:47:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-13 16:41:52 ----D---- C:\WINDOWS\Debug
2011-10-13 16:41:44 ----A---- C:\WINDOWS\system32\MRT.exe
2011-10-13 16:41:24 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-13 16:35:21 ----D---- C:\WINDOWS\system32\cs-cz
2011-10-13 16:35:21 ----D---- C:\Program Files\Internet Explorer
2011-10-13 16:35:09 ----D---- C:\WINDOWS\ie7updates
2011-10-12 23:20:12 ----D---- C:\Documents and Settings\MM\Data aplikací\Winamp
2011-10-09 18:39:11 ----D---- C:\Program Files\Cossacks
2011-10-07 11:33:04 ----D---- C:\Documents and Settings\MM\Data aplikací\Media Player Classic
2011-10-07 11:07:03 ----D---- C:\Program Files\Mozilla Thunderbird
2011-10-07 11:07:03 ----D---- C:\Program Files\Mozilla Firefox
2011-10-07 09:25:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Boxtools
2011-10-07 08:10:05 ----A---- C:\WINDOWS\win.ini
2011-10-05 13:40:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\MP3Recorder
2011-10-04 15:16:05 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-04-28 691696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-09-06 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-09-06 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-09-06 442200]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-09-06 320856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-09-06 52568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2011-01-18 158736]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2011-01-18 42960]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-09-06 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-09-06 110552]
R2 MLPTDR_C;MLPTDR_C; \??\C:\WINDOWS\system32\MLPTDR_C.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2010-05-20 224808]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2011-01-18 109328]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2011-01-18 120208]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2000-01-01 207488]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
S3 AteksoftAudio;WebCamera Plus Audio; C:\WINDOWS\system32\drivers\ateksoftaudio.sys [2009-07-26 12288]
S3 FreshIO;FreshIO; C:\WINDOWS\system32\drivers\FreshIO.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\Sandra.sys []
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-15 612416]
S3 SWDUMon;SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [2011-05-04 12984]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2011-06-07 26112]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-09-06 44768]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2011-02-08 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe [2009-08-24 93336]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-05-31 1044816]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Rudy]

Zdravím!
Poprosím o log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[parazit27]

JJ zde je.


ComboFix 11-11-02.03 - MM 03.11.2011 1:21.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1527.1013 [GMT 1:00]
Spuštěný z: c:\documents and settings\MM\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\cacaoweb
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FAD
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-03 do 2011-11-03 )))))))))))))))))))))))))))))))
.
.
2011-11-03 00:14 . 2011-11-03 00:14 -------- d-----w- c:\documents and settings\All Users\Oblíbené položky
2011-11-01 22:27 . 2011-11-01 22:27 -------- d-----w- C:\rsit
2011-11-01 17:41 . 2011-11-01 17:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-11-01 17:41 . 2011-11-01 17:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-31 10:35 . 2011-10-31 10:35 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-31 10:34 . 2011-10-31 10:34 -------- d-----w- c:\program files\Common Files\Skype
2011-10-31 10:33 . 2011-10-31 10:33 -------- d-----w- c:\program files\Automatické vypnutí počítače
2011-10-30 17:38 . 2011-10-30 17:38 -------- d-----w- c:\program files\ESET
2011-10-24 08:25 . 2011-10-31 10:34 -------- d-----w- C:\DVD_VIDEO_RECORDER
2011-10-24 08:20 . 2011-10-31 10:34 -------- d-----w- c:\program files\DVD Shrink
2011-10-24 08:08 . 2011-10-24 08:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LightScribe
2011-10-24 08:07 . 2011-10-31 10:34 -------- d-----w- c:\documents and settings\MM\Data aplikací\Nero
2011-10-24 08:04 . 2011-10-31 10:34 -------- d-----w- c:\program files\Common Files\Nero
2011-10-24 08:04 . 2011-10-31 10:34 -------- d-----w- c:\program files\Nero
2011-10-24 08:04 . 2011-10-31 10:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nero
2011-10-24 07:59 . 2011-10-31 10:34 -------- d-----w- c:\program files\Common Files\LightScribe
2011-10-20 14:06 . 2011-10-20 14:11 -------- d-----w- c:\documents and settings\MM\Data aplikací\FXTS2
2011-10-20 14:06 . 2011-10-20 14:06 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\{DF80F583-0FB3-4D00-948D-29F3329C1D87}
2011-10-20 14:06 . 2011-10-20 14:06 -------- d-----w- c:\documents and settings\MM\Local Settings\Data aplikací\PackageAware
2011-10-09 10:27 . 2011-10-09 10:27 -------- d-----w- c:\program files\Alawar
2011-10-09 10:21 . 2011-10-09 10:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Big Fish Games
2011-10-09 10:14 . 2011-10-09 10:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BigFishGamesCache
2011-10-07 07:29 . 2011-10-07 07:29 -------- d-----w- c:\documents and settings\MM\Data aplikací\Search Settings
2011-10-07 07:29 . 2011-11-01 20:52 -------- d-----w- c:\program files\Application Updater
2011-10-07 07:29 . 2011-10-07 07:29 -------- d-----w- c:\program files\IObit Toolbar
2011-10-06 16:01 . 2011-10-06 16:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TNT-HF
2011-10-06 16:00 . 2011-10-31 10:33 -------- d-----w- c:\program files\CandleWorks
2011-10-06 16:00 . 2011-10-07 10:47 -------- d-----w- c:\program files\Gecko Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-16 08:47 . 2011-05-26 20:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2008-07-29 18:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2008-04-14 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2008-04-14 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2011-02-23 21:48 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-02-23 21:48 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-02-23 22:00 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-02-23 21:48 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-02-23 21:48 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-02-23 21:48 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-02-23 21:48 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2011-02-23 21:48 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2011-02-23 21:48 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2011-02-23 21:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-17 21:25 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:25 . 2008-04-14 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:25 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:25 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-08-17 13:49 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2008-04-14 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-10-06 12:58 . 2011-04-11 18:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TransClock"="d:\instal\hodiny na plochu\tclock.exe" [2010-08-27 248320]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-09-27 894304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^MM^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^MM^Nabídka Start^Programy^Po spuštění^EvernoteClipper.lnk]
backup=c:\windows\pss\EvernoteClipper.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-11-04 20:09 980368 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2011-09-27 19:34 894304 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlimDrivers]
2011-04-01 06:44 23742304 ----a-w- c:\program files\SlimDrivers\SlimDrivers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\sandra.mui"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6\\RegTool.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6\\Sibelius.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.4.2011 14:49 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23.2.2011 23:00 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23.2.2011 22:48 320856]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2.9.2011 12:20 158736]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2.9.2011 12:20 42960]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.2.2011 22:48 20568]
R2 MLPTDR_C;MLPTDR_C;c:\windows\system32\MLPTDR_C.SYS [4.9.2002 2:31 19296]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [18.1.2011 16:43 109328]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [18.1.2011 16:43 120208]
S2 Application Updater;Application Updater; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.1.2011 16:38 136176]
S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [26.9.2011 15:43 12288]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe [8.1.2011 21:32 93336]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [15.3.2011 9:00 12984]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.4.2008 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-12 15:38]
.
2011-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-12 15:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=102876&gct=hp
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\MM\Data aplikací\Mozilla\Firefox\Profiles\ezv486r8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=723823&p=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
------- Asociace souborů -------
.
.scr=AutoCADLTScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
HKLM-Run-DivX Download Manager - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-03 01:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3224)
c:\windows\system32\msi.dll
c:\windows\system32\AcSignIcon.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-11-03 01:38:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-03 00:38
.
Před spuštěním: Volných bajtů: 11 541 221 376
Po spuštění: Volných bajtů: 11 589 148 672
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 8128D880F432B4E9076861B18A1A65E4

[Rudy]

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\Common Files\Spigot

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-

Firefox::
FF - ProfilePath - c:\documents and settings\MM\Data aplikací\Mozilla\Firefox\Profiles\ezv486r8.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =723823&p=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[parazit27]

Vše jsem provedl díky moc.

Ať se daří

[Rudy]

Vy nemáte zač a my děkujeme za přání!