VIRY.CZ

Dobrý den, mám tu jedno zasviněné PC, prosím o radu jak postupovat. AVG našlo "Trojský kůn Generic21.FRP" a "Trojský kůň BackDoor.Generic12.CAVN"

Log z RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by deži at 2011-02-13 19:27:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 72 GB (63%) free of 114 GB
Total RAM: 511 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:27:40, on 13.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Documents and Settings\deži\Local Settings\Temporary Internet Files\Content.IE5\PAHCPUPV\RSIT[1].exe
C:\Program Files\trend micro\deži.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 browser-security.microsoft.com
O1 - Hosts: 94.232.248.66 antivguardian.com
O1 - Hosts: 94.232.248.66 http://www.antivguardian.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.6.910\HPIEAddOn.dll (file missing)
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.7.0.4550\NPIEAddOn.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.4.0.970\ssd.dll (file missing)
O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.3.22530\stb0.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\DEI~1\LOCALS~1\Temp\perce.jpg.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: myPrintMileage.lnk = C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: avgwlntf - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 8782 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for deži.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-11 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
Media Access Startup - C:\Program Files\Media Access Startup\1.5.6.910\HPIEAddOn.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
NP Helper Class - C:\Program Files\Internet Saving Optimizer\3.7.0.4550\NPIEAddOn.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-11-24 1623392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-10-06 2475336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-29 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-29 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
System Search Dispatcher - C:\Program Files\System Search Dispatcher\1.4.0.970\ssd.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5617ECA9-488D-4BA2-8562-9710B9AB78D2} - GamingHarbor Toolbar - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.3.22530\stb0.dll [2009-08-21 1134592]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-10-06 2475336]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-29 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-12-20 131072]
"nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2005-04-29 266240]
"WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2005-05-04 282624]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-11-24 2069344]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-05-01 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-05-01 13672040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-05-20 77824]
"WMDM PMSP Service"=C:\WINDOWS\system32\cssrss.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background []
"Cognac"=C:\DOCUME~1\DEI~1\LOCALS~1\Temp\perce.jpg.exe []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-02-23 39408]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
myPrintMileage.lnk - C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-07-15 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgwlntf]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE:*:Enabled:OUTLOOK"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Průvodce přenesením souborů a nastavení"
"C:\Program Files\Grisoft\AVG7\avgw.exe"="C:\Program Files\Grisoft\AVG7\avgw.exe:*:Enabled:AVG Testovací rozhraní"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Xtech electronics\HotCars\HotCars.exe"="C:\Program Files\Xtech electronics\HotCars\HotCars.exe:*:Enabled:HotCars"
"C:\Documents and Settings\deži\Local Settings\Temporary Internet Files\Content.IE5\DOS1B8L3\calc[1].exe"="C:\Documents and Settings\deži\Local Settings\Temporary Internet Files\Content.IE5\DOS1B8L3\calc[1].exe:*:Disabled:calc[1].exe"
"C:\WINDOWS\system32\cssrss.exe"="C:\WINDOWS\system32\cssrss.exe:*:Enabled:GnuPT-Portable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-02-13 19:22:30 ----D---- C:\Program Files\trend micro
2011-02-13 19:22:29 ----DC---- C:\rsit
2011-02-13 19:12:28 ----RDC---- C:\32788R22FWJFW
2011-02-13 19:10:31 ----DC---- C:\Qoobox
2011-02-13 18:58:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-02-13 18:58:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-02-10 15:20:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-02-10 15:19:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-02-10 15:19:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-02-10 15:19:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-02-10 15:14:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-02-10 15:14:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-02-10 15:14:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-01-22 20:12:58 ----D---- C:\Program Files\Svět koní

======List of files/folders modified in the last 1 months======

2011-02-13 19:22:30 ----RD---- C:\Program Files
2011-02-13 19:18:30 ----D---- C:\WINDOWS\temp
2011-02-13 19:06:03 ----D---- C:\WINDOWS\system32
2011-02-13 19:01:02 ----D---- C:\WINDOWS\system32\drivers\etc
2011-02-13 18:58:31 ----D---- C:\WINDOWS\Prefetch
2011-02-13 18:38:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-13 17:30:34 ----D---- C:\WINDOWS\system32\drivers\Avg
2011-02-13 14:44:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-02-13 14:44:43 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-13 14:44:42 ----D---- C:\WINDOWS\system32\drivers
2011-02-13 14:44:39 ----A---- C:\WINDOWS\win.ini
2011-02-13 12:13:58 ----A---- C:\WINDOWS\NeroDigital.ini
2011-02-12 10:04:11 ----D---- C:\WINDOWS
2011-02-10 15:20:14 ----HD---- C:\WINDOWS\inf
2011-02-10 15:20:02 ----A---- C:\WINDOWS\imsins.BAK
2011-02-10 15:16:04 ----A---- C:\WINDOWS\system32\MRT.exe
2011-02-10 15:15:46 ----D---- C:\WINDOWS\system32\cs-cz
2011-02-10 15:15:46 ----D---- C:\Program Files\Internet Explorer
2011-02-10 15:13:34 ----HD---- C:\WINDOWS\$hf_mig$
2011-02-09 21:12:12 ----D---- C:\WINDOWS\network diagnostic
2011-02-06 18:41:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Barbie Fashion Show
2011-01-23 16:36:28 ----D---- C:\Documents and Settings\deži\Data aplikací\AdobeUM
2011-01-21 15:44:07 ----A---- C:\WINDOWS\system32\shimgvw.dll
2011-01-21 15:44:07 ----A---- C:\WINDOWS\system32\shell32.dll
2011-01-18 19:06:42 ----D---- C:\Program Files\Stabenfeldt
2011-01-18 19:06:38 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2005-05-12 92800]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-05-13 111808]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-07-15 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-03 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-07-15 243024]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 BT848;WinFast TV2000 XP WDM Video Capture; C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-06-18 75925]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-06-18 36423]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-06-18 10005]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-05-01 10308640]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2005-04-13 53376]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2005-04-13 414464]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 catchme;catchme; \??\C:\DOCUME~1\deniska\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sony_ssm.sys;sony_ssm.sys; \??\C:\DOCUME~1\deniska\LOCALS~1\Temp\sony_ssm.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-04-29 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-11-30 20543]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-04-29 131136]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-04-29 57412]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-05-01 154216]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2007-03-18 225280]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-10-06 517448]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-23 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravím, tohle fixni v HJT :

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.6.910\HPIEAddOn.dll (file missing)
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.7.0.4550\NPIEAddOn.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.4.0.970\ssd.dll (file missing)
O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.3.22530\stb0.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\DEI~1\LOCALS~1\Temp\perce.jpg.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

HJT najdeš zde :

C:\Program Files\trend micro\deži.exe

Fix znamená že spustíš HJT Obrázek

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.

Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\DOCUME~1\DEI~1\LOCALS~1\Temp\perce.jpg.exe
C:\Program Files\Media Access Startup
C:\Program Files\Internet Saving Optimizer
C:\Program Files\System Search Dispatcher

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Cognac"=-

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

Pak použij Mbam z mého podpisu a dej mi sem z něj také log, předem nic nemazat !!!

Dodrž pořadí akcí !!!

Smazal jsem ještě to AVG a nahradil Avastem, jak radil kolega předtím (jehož příspěvek už tu koukám není...

) Bohužel se mi potom ale spustila kontrola systému ještě před nabootováním Windows a jelikož by to trvalo asi několik hodin (po 20 minutách bylo hotovo 1%), tak jsem restartoval PC, což se asi OTMoveIt nelíbilo :-[

OTM log

All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[start explorer]> in the current context!

OTM by OldTimer - Version 3.1.17.2 log created on 02132011_203107

Mbam log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5754

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

13.2.2011 21:02:35
mbam-log-2011-02-13 (21-02-29).txt

Typ kontroly: Rychlý test
Testované objekty: 154564
Uplynulý čas: 12 minut, 19 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 53
Infikované hodnoty v registru: 5
Infikované datové položky v registru: 0
Infikované složky: 9
Infikované soubory: 91

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\AppID\{57ABA38E-6535-48F3-99FD-EFDC62137C78} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2E8E2100-98CB-4AAC-9480-63A281ACAFF5} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{D335D84D-61D8-4B5F-9C4E-067DC8B27ED5} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{42C23154-00FA-4A93-9DE9-3EB523CFFFF6} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\AIMActiveXDLL.AIMHelper.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\AIMActiveXDLL.AIMHelper (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3FB17508-0BF4-4FDE-845A-323A1052957C} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{0514C9B0-E4C6-4D6B-A3A6-B38BC280B115} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3FB17508-0BF4-4FDE-845A-323A1052957C} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{51B67A88-02D0-43CB-8D12-5CA3E2D4CF49} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\OEActiveXDLL.DesktopButtonHandler.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\OEActiveXDLL.DesktopButtonHandler (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{D44CC2FB-77B8-48A5-A5DC-F961F2D258FB} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\OEActiveXDLL.DesktopOEAddin1.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\OEActiveXDLL.DesktopOEAddin1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{883DFC00-8A21-411D-956C-73A4E4B7D16F} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{AC5AB953-ED25-4F9C-87F0-B086B0178FFA} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160F76A-1992-4B17-A32D-0C706D159105} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{C28A0312-C403-417B-A425-A915BC0519CD} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877F3EAB-4462-44DF-8475-6064EAFD7FBF} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA42713-5C1E-48E2-B432-D8BF420DD31D} (Rogue.AntiVirus2008) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBD4551A-9B23-41CD-9BCD-818AA2DA7B63} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CDBFB47B-58A8-4111-BF95-06178DCE326D} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\ExplorerBar.FunExplorer (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\ExplorerBar.FunExplorer.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\ExplorerBar.FunRedirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\ExplorerBar.FunRedirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\AppID\AIMActiveXDLL.DLL (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSAntiSpyware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MS AntiSpyware 2009 5.7 (Rogue.MSAntiSpyware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C5096216-7703-409E-B85A-8A6EE7395128}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{27FF1EE8-8CCC-49E1-B801-F212E3744E80} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{22C12739-C111-44C6-9BB7-F335C2A9BE2A} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{EDB1A56E-2224-4C79-A4BD-42A39C6E4608} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\AxGifAnimator.GifAnimator.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\AxGifAnimator.GifAnimator (Adware.DoubleD) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224E955-00E9-4613-A844-CE69FCCAAE91} (Adware.DoubleD) -> Value: {2224E955-00E9-4613-A844-CE69FCCAAE91} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224E955-00E9-4613-A844-CE69FCCAAE91} (Adware.DoubleD) -> Value: {2224E955-00E9-4613-A844-CE69FCCAAE91} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} (Adware.DoubleD) -> Value: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} (Adware.DoubleD) -> Value: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WMDM PMSP Service (Trojan.Agent) -> Value: WMDM PMSP Service -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\documents and settings\all users\data aplikací\Sukoku (PUP.Zwangi) -> No action taken.
c:\program files\DoubleD (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530 (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Cache (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Skins (Adware.DoubleD) -> No action taken.
c:\program files\Sukoku (PUP.Zwangi) -> No action taken.

Infikované soubory:
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\oeactivexdll.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\stb0.dll (Adware.DoubleD) -> No action taken.
c:\documents and settings\deži\data aplikací\igxpgd32.dat (Malware.Trace) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\axgifanimator.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\gdiplus.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\mfc80.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\microsoft.vc80.mfc.manifest (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\MyDll.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\productinfo.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\riched20smiley.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\skincrafterdll.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\stbapphelper.exe (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Cache\248d6576afce4ee94af42d7350131106.gif (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Cache\24a70fb875fab686b6b3c217612bc07c.gif (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Cache\default1.dat (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Cache\loading.dat (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Cache\loading.gif (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\module_screensaver.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\module_cursor.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\module_dailyvideo.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\module_game.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\module_glitter.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\module_logo.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\module_option.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\module_recipe.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\module_ringtone.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\module_search.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\module_smiley.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\module_smiley_config.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\module_smiley_tellafriend.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\module_wallpaper.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\module_web.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\pixel.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\productinfo.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\profile.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\searchenginelist.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\tbcore.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\toolbarlayout.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\updatecentre.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\updatecentrebk.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\urldynamic.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Data\urlstatic.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\module_logo.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtndisplay.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\About.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\component_combobox.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\module_cursor.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\module_cursor.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\module_dailyvideo.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\module_game.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\module_glitter.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\module_glitter.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\module_option.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\module_recipe.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\module_ringtone.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\module_screensaver.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\module_search.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\module_smiley.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\module_smiley.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\module_wallpaper.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\module_web.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtndefault.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtndisplay.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtndisplay18.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtndisplay20.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtnglitters.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtnglitters.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtnglitters18.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtnglitters20.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtnoption.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtnsmiley.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtnsmiley.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtnsmiley18.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtnsmiley20.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtntellfd.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtntellfd.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtntellfd18.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtntellfd20.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtnwink.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtnwink.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtnwink18.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Icons\tbbtnwink20.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Skins\myskin1.skf (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Skins\myskin2.skf (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Skins\myskin3.skf (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Skins\myskin4.skf (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Skins\tellafriendskin.skf (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Skins\tellafriendskin_s.skf (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.2.3.22530\Skins\toastskin.skf (Adware.DoubleD) -> No action taken.

Tak že to co Mbam našel nech smazat.

Pak mi sem dej aktuální log z Rsit, kouknu co tam ještě zbylo.

Tady to je

Logfile of random's system information tool 1.08 (written by random/random)
Run by deži at 2011-02-13 22:11:33
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 74 GB (64%) free of 114 GB
Total RAM: 511 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:12:04, on 13.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\deži\Local Settings\Temporary Internet Files\Content.IE5\NK1I4G4J\RSIT[1].exe
C:\Program Files\trend micro\deži.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 browser-security.microsoft.com
O1 - Hosts: 94.232.248.66 antivguardian.com
O1 - Hosts: 94.232.248.66 www.antivguardian.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: myPrintMileage.lnk = C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O20 - Winlogon Notify: avgwlntf - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6747 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for deži.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-11 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-29 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-29 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-29 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-12-20 131072]
"nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2005-04-29 266240]
"WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2005-05-04 282624]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-05-01 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-05-01 13672040]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-05-20 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
myPrintMileage.lnk - C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgwlntf]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE:*:Enabled:OUTLOOK"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Průvodce přenesením souborů a nastavení"
"C:\Program Files\Grisoft\AVG7\avgw.exe"="C:\Program Files\Grisoft\AVG7\avgw.exe:*:Enabled:AVG Testovací rozhraní"
"C:\Program Files\Xtech electronics\HotCars\HotCars.exe"="C:\Program Files\Xtech electronics\HotCars\HotCars.exe:*:Enabled:HotCars"
"C:\Documents and Settings\deži\Local Settings\Temporary Internet Files\Content.IE5\DOS1B8L3\calc[1].exe"="C:\Documents and Settings\deži\Local Settings\Temporary Internet Files\Content.IE5\DOS1B8L3\calc[1].exe:*:Disabled:calc[1].exe"
"C:\WINDOWS\system32\cssrss.exe"="C:\WINDOWS\system32\cssrss.exe:*:Enabled:GnuPT-Portable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-02-13 20:47:40 ----D---- C:\Documents and Settings\deži\Data aplikací\Malwarebytes
2011-02-13 20:47:31 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-02-13 20:47:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-02-13 20:47:26 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-02-13 20:47:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-13 20:30:30 ----DC---- C:\_OTM
2011-02-13 20:17:00 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-02-13 20:17:00 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-02-13 20:17:00 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-02-13 20:17:00 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-02-13 20:16:59 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-02-13 20:16:59 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-02-13 20:16:59 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-02-13 20:16:41 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-02-13 20:16:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2011-02-13 19:22:30 ----D---- C:\Program Files\trend micro
2011-02-13 19:22:29 ----DC---- C:\rsit
2011-02-13 19:12:28 ----RDC---- C:\32788R22FWJFW
2011-02-13 19:10:31 ----DC---- C:\Qoobox
2011-02-13 18:58:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-02-13 18:58:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-02-10 15:20:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-02-10 15:19:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-02-10 15:19:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-02-10 15:19:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-02-10 15:14:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-02-10 15:14:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-02-10 15:14:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-01-22 20:12:58 ----D---- C:\Program Files\Svět koní

======List of files/folders modified in the last 1 months======

2011-02-13 22:11:38 ----D---- C:\WINDOWS\Prefetch
2011-02-13 22:10:29 ----D---- C:\WINDOWS\temp
2011-02-13 22:09:27 ----D---- C:\WINDOWS
2011-02-13 22:08:26 ----D---- C:\WINDOWS\system32\drivers
2011-02-13 22:07:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-13 22:06:54 ----RD---- C:\Program Files
2011-02-13 20:54:43 ----D---- C:\WINDOWS\system32
2011-02-13 20:16:54 ----SHD---- C:\WINDOWS\Installer
2011-02-13 20:16:53 ----D---- C:\WINDOWS\WinSxS
2011-02-13 20:16:28 ----D---- C:\Program Files\Alwil Software
2011-02-13 20:14:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2011-02-13 20:12:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2011-02-13 19:01:02 ----D---- C:\WINDOWS\system32\drivers\etc
2011-02-13 14:44:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-02-13 14:44:43 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-13 14:44:39 ----A---- C:\WINDOWS\win.ini
2011-02-13 12:13:58 ----A---- C:\WINDOWS\NeroDigital.ini
2011-02-10 15:20:14 ----HD---- C:\WINDOWS\inf
2011-02-10 15:20:02 ----A---- C:\WINDOWS\imsins.BAK
2011-02-10 15:16:04 ----A---- C:\WINDOWS\system32\MRT.exe
2011-02-10 15:15:46 ----D---- C:\WINDOWS\system32\cs-cz
2011-02-10 15:15:46 ----D---- C:\Program Files\Internet Explorer
2011-02-10 15:13:34 ----HD---- C:\WINDOWS\$hf_mig$
2011-02-09 21:12:12 ----D---- C:\WINDOWS\network diagnostic
2011-02-06 18:41:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Barbie Fashion Show
2011-01-23 16:36:28 ----D---- C:\Documents and Settings\deži\Data aplikací\AdobeUM
2011-01-21 15:44:07 ----A---- C:\WINDOWS\system32\shimgvw.dll
2011-01-21 15:44:07 ----A---- C:\WINDOWS\system32\shell32.dll
2011-01-18 19:06:42 ----D---- C:\Program Files\Stabenfeldt
2011-01-18 19:06:38 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2005-05-12 92800]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-05-13 111808]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R2 BT848;WinFast TV2000 XP WDM Video Capture; C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-06-18 75925]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-06-18 36423]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-06-18 10005]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-05-01 10308640]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2005-04-13 53376]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2005-04-13 414464]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 catchme;catchme; \??\C:\DOCUME~1\deniska\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sony_ssm.sys;sony_ssm.sys; \??\C:\DOCUME~1\deniska\LOCALS~1\Temp\sony_ssm.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-04-29 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-11-30 20543]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-04-29 131136]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-04-29 57412]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-05-01 154216]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2007-03-18 225280]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-23 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Tak že tohle fixni v HJT :

O1 - Hosts: 94.232.248.66 antivguardian.com
O1 - Hosts: 94.232.248.66 www.antivguardian.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O20 - Winlogon Notify: avgwlntf - Invalid registry found

Jak to uděláš jsem ti již psal.

Znovu spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\Program Files\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Data aplikací\avg9
C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
C:\DOCUME~1\DEI~1\LOCALS~1\Temp\perce.jpg.exe
C:\Program Files\Grisoft\AVG7

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Grisoft\AVG7\avgw.exe"=-

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

Hotovo (omlouvám se, že až teď - je to počítač sousedů a nějak jsme neměli štěstí potkat se...)

Log z OTM

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Program Files\Spybot - Search & Destroy\Updates folder moved successfully.
C:\Program Files\Spybot - Search & Destroy\Skins folder moved successfully.
C:\Program Files\Spybot - Search & Destroy\Plugins folder moved successfully.
C:\Program Files\Spybot - Search & Destroy\Languages folder moved successfully.
C:\Program Files\Spybot - Search & Destroy\Includes folder moved successfully.
C:\Program Files\Spybot - Search & Destroy\Help folder moved successfully.
C:\Program Files\Spybot - Search & Destroy\Dummies folder moved successfully.
C:\Program Files\Spybot - Search & Destroy folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Logs folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Excludes folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Backups folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar\cache folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar folder moved successfully.
File/Folder C:\DOCUME~1\DEI~1\LOCALS~1\Temp\perce.jpg.exe not found.
C:\Program Files\Grisoft\AVG7 folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Grisoft\AVG7\avgw.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: deniska
->Temp folder emptied: 1416 bytes
->Temporary Internet Files folder emptied: 1045982 bytes
->Flash cache emptied: 406143 bytes

User: deži
->Temp folder emptied: 311003192 bytes
->Temporary Internet Files folder emptied: 33947855 bytes
->Flash cache emptied: 327070 bytes

User: deﾞi

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: mirka

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 78076146 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91253916 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 492,00 mb

OTM by OldTimer - Version 3.1.17.2 log created on 02172011_180237

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.

Pak dej vědět jaký je stav PC.

VIRY.CZ

Zpomalený počítač atp.

Zpomalený počítač atp.

Re: Zpomalený počítač atp.

Re: Zpomalený počítač atp.

Re: Zpomalený počítač atp.

Re: Zpomalený počítač atp.

Re: Zpomalený počítač atp.

Re: Zpomalený počítač atp.

Re: Zpomalený počítač atp.