VIRY.CZ

Hezký večer.
Prosím o kontorlu logu. Avast nahlásil trojský kůň, nevím zda se podařilo odstranit. PC není můj, ale od známých. Celkově je zpomalený.Děkuji a přikládám log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by správce at 2012-10-15 18:53:01
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (16%) free of 30 GB
Total RAM: 1535 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:53:11, on 15.10.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Documents and Settings\správce\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\správce.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - c:\Program Files\TRANSLAT\WEBIE.DLL
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Internet Keyboard.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - c:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5D3BC73-5476-4C1D-A343-E49DE0A9ADE2}: NameServer = 62.204.234.2,62.204.224.2
O20 - AppInit_DLLs:
O20 - Winlogon Notify: attmgr - attmgr32.dll (file missing)
O20 - Winlogon Notify: conmgr - conmgr32.dll (file missing)
O20 - Winlogon Notify: dssmgr - egamgr32.dll (file missing)
O20 - Winlogon Notify: sysshtic - C:\WINDOWS\system32\sysshtic.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8513 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\správce\Data aplikací\Mozilla\Firefox\Profiles\hhk7v825.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "wrc@avast.com:6.0.1289, pdfforge@mybrowserbar.com:4.3, wtxpcom@mybrowserbar.com:4.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11"
prefs.js - "keyword.URL" - "http://websearch.ask.com/redirect?clien ... YYYYCZ&&q="
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =827316&p="
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =827316&p="

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX® Web Player
"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0]
"Description"=DivX® Content Upload Plugin
"Path"=C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35]
"Description"=
"Path"=C:\WINDOWS\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsILegitCheckPlugin.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npLegitCheckPlugin.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Documents and Settings\správce\Data aplikací\Mozilla\Firefox\Profiles\hhk7v825.default\extensions\
toolbar@ask.com

C:\Documents and Settings\správce\Data aplikací\Mozilla\Firefox\Profiles\hhk7v825.default\searchplugins\
askcom.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-10-09 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll [2011-01-28 726016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-05-04 1519272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-10-09 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-10-09 79856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - c:\Program Files\TRANSLAT\WEBIE.DLL [2006-11-21 114688]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll [2011-01-28 726016]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-05-04 1519272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe []
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-05-12 344064]
"RegistryMechanic"= []
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-10 198160]
"PAC207_Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-01-28 526336]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2012-05-04 1561768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Internet Keyboard.lnk - C:\Program Files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-05-13 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\attmgr]
attmgr32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\conmgr]
conmgr32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dssmgr]
egamgr32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sysshtic]
C:\WINDOWS\system32\sysshtic.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Hry\Half life 2\hl2.exe"="D:\Hry\Half life 2\hl2.exe:*:Disabled:hl2"
"D:\Hry\NHL 2005\nhl2005.exe"="D:\Hry\NHL 2005\nhl2005.exe:*:Enabled:nhl2005"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\WINDOWS\system32\mshta.exe"="C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft (R) HTML Application host"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Pavel1\Local Settings\Data aplikací\Skype\Phone\Skype.exe"="C:\Documents and Settings\Pavel1\Local Settings\Data aplikací\Skype\Phone\Skype.exe:*:Disabled:Skype "
"C:\Documents and Settings\Pavel1\Local Settings\Data aplikací\Skype\Plugin Manager\skypePM.exe"="C:\Documents and Settings\Pavel1\Local Settings\Data aplikací\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\PortableApps\SkypePortable\App\Skype\Phone\Skype.exe"="C:\PortableApps\SkypePortable\App\Skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MIDI1"=SYNCOR11.DLL
"MSVideo8"=VfWWDM32.dll
"vidc.avrn"=C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.advj"=C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.mszh"=C:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll
"vidc.zlib"=C:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll
"vidc.cscd"=C:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll
"vidc.cvid"=C:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll
"msacm.trspch"=C:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm
"vidc.em2v"=C:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll
"vidc.mkvc"=C:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll
"vidc.hfyu"=C:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll
"msacm.lameacm"=C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm
"msacm.lhacm"=C:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm
"msacm.l3acm"=C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm
"vidc.sjpg"=C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.dmb2"=C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.gepj"=C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.qpeg"=C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.q1.0"=C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"msacm.sl_anet"=C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.tscc"=C:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll
"vidc.vifp"=C:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll
"vidc.wrpr"=C:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll
"vidc.wnv1"=C:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll
"vidc.advs"=C:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll
"vidc.aflc"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.afli"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.aasc"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"=C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll
"vidc.asv2"=C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.asvx"=C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"=C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"=C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.yv12"=DivX.dll
"vidc.mwv1"=C:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll
"vidc.bt20"=C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"vidc.y41p"=C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"msacm.pcdv"=C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm
"vidc.cdvc"=C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"=C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"=C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL
"msacm.CoreFLAC_ACM"=C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM
"vidc.davc"=C:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll
"vidc.div3"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll
"msacm.divxa32"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm
"vidc.frwd"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwt"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwa"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll
"vidc.frwu"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll
"vidc.glzw"=C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll
"vidc.gpeg"=C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll
"vidc.i263"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv50"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir50_32.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"vidc.ir21"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM
"vidc.lead"=C:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvc"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvcs"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dcmj"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi1"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi2"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.dv25"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

======List of files/folders created in the last 1 month======

2012-10-15 18:53:01 ----D---- C:\rsit
2012-10-15 18:53:01 ----D---- C:\Program Files\trend micro
2012-10-13 17:18:25 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-10-09 20:06:50 ----D---- C:\Program Files\Ask.com
2012-10-09 19:56:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ask
2012-10-09 19:56:15 ----A---- C:\WINDOWS\system32\npdeployJava1.dll
2012-10-09 19:56:14 ----A---- C:\WINDOWS\system32\javaws.exe
2012-10-09 19:56:14 ----A---- C:\WINDOWS\system32\javaw.exe
2012-10-09 19:56:14 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 month======

2012-10-15 18:53:03 ----D---- C:\WINDOWS\Prefetch
2012-10-15 18:53:01 ----AD---- C:\Program Files
2012-10-15 18:51:21 ----D---- C:\WINDOWS\Temp
2012-10-15 18:50:57 ----D---- C:\Program Files\Mozilla Firefox
2012-10-15 18:20:41 ----D---- C:\WINDOWS\system32\CatRoot2
2012-10-13 21:07:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-10-13 19:35:48 ----A---- C:\WINDOWS\wincmd.ini
2012-10-13 18:47:13 ----A---- C:\WINDOWS\win.ini
2012-10-13 17:19:35 ----SD---- C:\WINDOWS\Tasks
2012-10-13 17:18:25 ----D---- C:\WINDOWS\system32
2012-10-09 20:07:00 ----SHD---- C:\WINDOWS\Installer
2012-10-09 19:56:32 ----D---- C:\WINDOWS
2012-10-09 19:56:00 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-10-09 19:55:57 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-08-24 682232]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 viasraid;viasraid; C:\WINDOWS\system32\drivers\viasraid.sys [2003-10-31 77312]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-08-21 25256]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2012-03-07 24408]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-08-21 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-08-21 729752]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-08-21 355632]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-08-21 54232]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-08-21 25520]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-21 16512]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-08-21 21256]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-08-21 97608]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-05-13 1198080]
R3 Cap7134;Philips SAA7133(5) WDM Capture; C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-11-05 334816]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-13 47360]
R3 PhTVTune;Philips TDA8275 Silicon TV Tuner; C:\WINDOWS\system32\DRIVERS\phtvtune.sys [2004-11-05 19904]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\yukonwxp.sys [2003-11-10 174464]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 age8vaz5;age8vaz5; C:\WINDOWS\system32\drivers\age8vaz5.sys []
S3 Cap713x;Cap713x Video Capture; C:\WINDOWS\System32\DRIVERS\Cap713x.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FlyPCI;FlyPCI; \??\C:\WINDOWS\system32\drivers\FlyPCI.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-14 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PAC207;Trust 100K Series Webcam; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 STIrUsb;STIrUsb.sys SigmaTel USB-IrDA Adapter; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2003-12-12 31048]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-06-20 565248]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-01-28 387072]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-05-13 368640]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-10-09 153584]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-05-12 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe []

-----------------EOF-----------------

Též pěkný večer!
Poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Zde je log z comboFixu:

ComboFix 12-10-14.03 - správce 15.10.2012 19:12:57.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1112 [GMT 2:00]
Spuštěný z: c:\documents and settings\sprßvce\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Pavel1\Local Settings\Temporary Internet Files\WDICT32.INI
c:\documents and settings\Pavel1\Local Settings\Temporary Internet Files\WTRAN32.INI
c:\program files\pdfforge Toolbar\IE\4.3\pdFForgetoolbarie.dll
c:\windows\bn2uuw7.ini
c:\windows\ec2md8g.log
c:\windows\IsUn0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-15 do 2012-10-15 )))))))))))))))))))))))))))))))
.
.
2012-10-09 18:06 . 2012-10-15 16:34 -------- d-----w- c:\documents and settings\správce\Local Settings\Data aplikací\AskToolbar
2012-10-09 17:56 . 2012-10-09 17:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ask
2012-10-09 17:56 . 2012-10-09 17:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-09 17:56 . 2012-10-09 17:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-13 15:18 . 2011-06-08 07:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 17:56 . 2012-01-12 17:50 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 09:13 . 2011-06-08 07:49 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-06-08 07:49 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-06-08 07:49 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-06-08 07:49 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2011-06-08 07:49 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2011-06-08 07:49 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-06-08 07:49 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2011-06-08 07:49 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2011-06-08 07:48 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-06-08 07:48 227648 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-21 04:19 . 2011-10-30 17:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-06 19:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-10 198160]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2004-12-6 565248]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Internet Keyboard.lnk - c:\program files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe [2004-12-11 1126400]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Pavel1\\Local Settings\\Data aplikací\\Skype\\Phone\\Skype.exe"=
"c:\\PortableApps\\SkypePortable\\App\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.8.2008 14:04 682232]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [6.12.2004 4:34 77312]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [14.6.2012 20:40 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8.6.2011 9:49 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.6.2011 9:49 355632]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28.1.2011 18:10 387072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.6.2011 9:49 21256]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [13.1.2008 20:03 47360]
R3 PhTVTune;Philips TDA8275 Silicon TV Tuner;c:\windows\system32\drivers\phtvtune.sys [28.12.2004 16:03 19904]
S3 Cap713x;Cap713x Video Capture;c:\windows\system32\DRIVERS\Cap713x.sys --> c:\windows\system32\DRIVERS\Cap713x.sys [?]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [28.12.2004 16:01 4134]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [19.2.2011 17:15 618112]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-15 09:12]
.
2012-10-15 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-06-06 19:33]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/support/chrome/bin/reque ... s=5.1.2600
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\TRANSLAT\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\TRANSLAT\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\TRANSLAT\WEBIE.DLL
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 192.168.100.100
TCP: Interfaces\{A5D3BC73-5476-4C1D-A343-E49DE0A9ADE2}: NameServer = 62.204.234.2,62.204.224.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\správce\Data aplikací\Mozilla\Firefox\Profiles\hhk7v825.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&locale=en_EU&apn_uid=56E4707A-F454-465F-8BB2-AC075D94E76F&apn_ptnrs=U3&apn_sauid=FFE88260-743B-418C-BC00-4EF97A0D2037&apn_dtid=YYYYYYYYCZ&&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - ExtSQL: 2012-10-09 19:56; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-09 20:07; toolbar@ask.com; c:\documents and settings\sprĂÂˇvce\Data aplikacĂÂ\Mozilla\Firefox\Profiles\hhk7v825.default\extensions\toolbar@ask.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-Smapp - c:\program files\Analog Devices\SoundMAX\SMTray.exe
HKLM-Run-RegistryMechanic - (no file)
Notify-attmgr - attmgr32.dll
Notify-conmgr - conmgr32.dll
Notify-dssmgr - egamgr32.dll
Notify-sysshtic - c:\windows\system32\sysshtic.dll
AddRemove-HijackThis - c:\docume~1\ADMINI~1\LOCALS~1\Temp\Dočasný adresář 1 pro hijackthis.zip\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-15 19:23
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-10-15 19:25:02
ComboFix-quarantined-files.txt 2012-10-15 17:25
.
Před spuštěním: 6 824 812 544
Po spuštění: 7 728 328 704
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - F721346E42F8B95CF45995CFE8CEC777

Ještě dočistíme. Přesuňte ComboFix na kořenový adresář c:\. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\documents and settings\správce\Local Settings\Data aplikací\AskToolbar
c:\documents and settings\All Users\Data aplikací\Ask
c:\program files\Ask.com
c:\program files\Common Files\Spigot

File::
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
"ApnUpdater"=-

Firefox::
FF - ProfilePath - c:\documents and settings\správce\Data aplikací\Mozilla\Firefox\Profiles\hhk7v825.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... YYYYCZ&&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =827316&p=
FF - ExtSQL: 2012-10-09 19:56; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-09 20:07; toolbar@ask.com; c:\documents and settings\sprĂÂˇvce\Data aplikacĂÂ\Mozilla\Firefox\Profiles\hhk7v825.default\extensions\toolbar@ask.com

Reboot::

Uložte rovněž na kořenový adresář c:\ jako CFScript.txt. Pak jej myší v průzkumníku windows (nebo jiném souborovém manažéru) přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skrtipu.

ComboFix 12-10-15.01 - správce 15.10.2012 20:17:30.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1140 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\install.rdf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-15 do 2012-10-15 )))))))))))))))))))))))))))))))
.
.
2012-10-15 16:53 . 2012-10-15 16:53 -------- d-----w- C:\rsit
2012-10-15 16:53 . 2012-10-15 16:53 -------- d-----w- c:\program files\trend micro
2012-10-13 15:18 . 2012-10-13 15:18 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-13 10:24 . 2012-10-13 10:24 -------- d-----w- c:\documents and settings\Malťulka\Local Settings\Data aplikací\AskToolbar
2012-10-09 18:06 . 2012-10-15 16:34 -------- d-----w- c:\documents and settings\správce\Local Settings\Data aplikací\AskToolbar
2012-10-09 17:56 . 2012-10-09 17:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ask
2012-10-09 17:56 . 2012-10-09 17:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-09 17:56 . 2012-10-09 17:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-13 15:18 . 2011-06-08 07:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 17:56 . 2012-01-12 17:50 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 09:13 . 2011-06-08 07:49 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-06-08 07:49 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-06-08 07:49 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-06-08 07:49 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2011-06-08 07:49 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2011-06-08 07:49 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-06-08 07:49 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2011-06-08 07:49 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2011-06-08 07:48 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-06-08 07:48 227648 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-21 04:19 . 2011-10-30 17:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-10 198160]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2004-12-6 565248]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Internet Keyboard.lnk - c:\program files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe [2004-12-11 1126400]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Pavel1\\Local Settings\\Data aplikací\\Skype\\Phone\\Skype.exe"=
"c:\\PortableApps\\SkypePortable\\App\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.8.2008 14:04 682232]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [6.12.2004 4:34 77312]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [14.6.2012 20:40 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8.6.2011 9:49 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.6.2011 9:49 355632]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28.1.2011 18:10 387072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.6.2011 9:49 21256]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [13.1.2008 20:03 47360]
R3 PhTVTune;Philips TDA8275 Silicon TV Tuner;c:\windows\system32\drivers\phtvtune.sys [28.12.2004 16:03 19904]
S3 Cap713x;Cap713x Video Capture;c:\windows\system32\DRIVERS\Cap713x.sys --> c:\windows\system32\DRIVERS\Cap713x.sys [?]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [28.12.2004 16:01 4134]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [19.2.2011 17:15 618112]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-15 09:12]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/support/chrome/bin/reque ... s=5.1.2600
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\TRANSLAT\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\TRANSLAT\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\TRANSLAT\WEBIE.DLL
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 192.168.100.100
TCP: Interfaces\{A5D3BC73-5476-4C1D-A343-E49DE0A9ADE2}: NameServer = 62.204.234.2,62.204.224.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\správce\Data aplikací\Mozilla\Firefox\Profiles\hhk7v825.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2012-10-09 19:56; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-09 20:07; toolbar@ask.com; c:\documents and settings\sprĂÂˇvce\Data aplikacĂÂ\Mozilla\Firefox\Profiles\hhk7v825.default\extensions\toolbar@ask.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-15 20:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3372)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\TEMP\pdfforgeToolbar.exe
c:\windows\system32\MSIEXEC.EXE
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
c:\windows\system32\MsiExec.exe
.
**************************************************************************
.
Celkový čas: 2012-10-15 20:35:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-15 18:35
ComboFix2.txt 2012-10-15 17:25
.
Před spuštěním: 7 721 050 112
Po spuštění: 7 683 375 104
.
- - End Of File - - 3AC57694E85BF52934840A5649C55E10

Log již vypadá čistý.

Děkuji Vám za pomoc a přeji dobrou noc.

Nemáte zač a dobrou!

VIRY.CZ

Kontrola logu. Avast hlásil trojan

Kontrola logu. Avast hlásil trojan

Re: Kontrola logu. Avast hlásil trojan

Re: Kontrola logu. Avast hlásil trojan

Re: Kontrola logu. Avast hlásil trojan

Re: Kontrola logu. Avast hlásil trojan

Re: Kontrola logu. Avast hlásil trojan

Re: Kontrola logu. Avast hlásil trojan

Re: Kontrola logu. Avast hlásil trojan