VIRY.CZ

caute mam ten problem ako asi uz viacery ludia so Svchost.exe, vzdy pri spusteni pc musis dost dlho cakat a ukaze mi asi tak na 5sec celu cernu obrazovku a mala tabulka v nej kde je napisane_osobne nastavenia uzivatela:svchost.exe, vyuzitie procesora je 100%, net mi blbne a vyhadzuje ma, a pc je spomaleny
Prosil by som o pomoc


Tu je log z rsit:

neLogfile of random's system information tool 1.06 (written by random/random)
Run by Rasto at 2010-01-13 18:31:47
WIN_XP Service Pack 2
System drive C: has 6 GB (10%) free of 57 GB
Total RAM: 767 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:00, on 13.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21148)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\WgaTray.exe
C:\windows\Explorer.EXE
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\windows\system32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\System32\svchost.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\windows\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\SOUNDMAN.EXE
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\rundll32.exe
C:\PROGRA~1\2hotspot\2hotspot.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\smms.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Rasto\Desktop\Tomáš pesničky obrázky\RSIT.exe
C:\Program Files\trend micro\Rasto.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60016
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60016
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Rasto\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Rasto\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [2hotspot] C:\PROGRA~1\2hotspot\2hotspot.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Application Layer Gateway] C:\Windows\system32\driverssvchosts.exe
O4 - HKLM\..\Run: [Google Updater] C:\Windows\smms.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nvdsp] C:\svchosts.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [nvdsp] C:\svchosts.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User '?')
O4 - HKUS\S-1-5-21-484763869-839522115-2053108931-1003\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User '?')
O4 - HKUS\S-1-5-21-484763869-839522115-2053108931-1003\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-484763869-839522115-2053108931-1003\..\Run: [nvdsp] C:\svchosts.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: 2hotspot (2hotspotsvc) - 2hotspot.com - C:\PROGRA~1\2hotspot\Program\pacsvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 13957 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{014DA6C1-189F-421a-88CD-07CFE51CFF10}]
My Search BHO

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-10-16 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-19 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Rasto\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll [2009-02-10 119808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-15 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-19 1262888]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - ZoneAlarm Spy Blocker Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-10-16 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"DXDllRegExe"=dxdllreg.exe []
"SoundMan"=C:\windows\SOUNDMAN.EXE [2007-04-16 577536]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-01 7618560]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-06-01 86016]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"2hotspot"=C:\PROGRA~1\2hotspot\2hotspot.exe [2006-02-06 245760]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584]
"Application Layer Gateway"=C:\Windows\system32\driverssvchosts.exe []
"Google Updater"=C:\Windows\smms.exe [2009-11-14 21504]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-11-16 2054360]
"nvdsp"=C:\svchosts.exe [2009-11-07 124416]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"Software Informer"=C:\Program Files\Software Informer\softinfo.exe -autorun []
"fsm"= []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2007-03-21 1694208]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2004-08-04 15360]
"nvdsp"=C:\svchosts.exe [2009-11-07 124416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-08-18 4608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2007-12-29 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-06-11 1838592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-03-14 54832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvdsp]
C:\svchosts.exe [2009-11-07 124416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-01-26 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"Nero BackItUp Scheduler 3"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-03-21 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Counter-Strike\hl.exe"="C:\Program Files\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Counter-Strike\hlds.exe"="C:\Program Files\Counter-Strike\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\2hotspot\Program\pacsvc.exe"="C:\Program Files\2hotspot\Program\pacsvc.exe:*:Enabled:2hotspot controller"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\wuamgrd.exe"="C:\WINDOWS\system32\wuamgrd.exe:*:Disabled:wuamgrd"
"C:\Windows\system32\driverssvchosts.exe"="C:\Windows\system32\driverssvchosts.exe:*:Enabled:WindowsUpdateService"
"C:\Windows\system32\nvscv32.exe"="C:\Windows\system32\nvscv32.exe:*:Enabled:Windows Boot Device"
"C:\Windows\smms.exe"="C:\Windows\smms.exe:*:Enabled:WindowsUpdateService"
"C:\windows\ati2evxx.exe"="C:\windows\ati2evxx.exe:*:Enabled:Plug-N-PlayDeviceDriver"
"C:\windows\nsvsc32.exe"="C:\windows\nsvsc32.exe:*:Enabled:Plug-N-PlayDeviceDriver"
"C:\windows\system32\drivers\services.exe"="C:\windows\system32\drivers\services.exe:*:Enabled:Plug-N-PlayDeviceDriver"
"C:\windows\system32\drivers\etc\services.exe"="C:\windows\system32\drivers\etc\services.exe:*:Enabled:Plug-N-PlayDeviceDriver"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2010-01-13 18:31:48 ----D---- C:\Program Files\trend micro
2010-01-13 18:31:47 ----D---- C:\rsit
2010-01-13 17:59:04 ----HDC---- C:\windows\$NtUninstallKB921883$
2010-01-13 16:28:01 ----HDC---- C:\windows\$NtUninstallKB972270$
2010-01-13 13:22:19 ----HDC---- C:\windows\$NtUninstallKB955759$
2010-01-12 15:48:58 ----A---- C:\windows\wjragl.exe
2010-01-12 15:48:58 ----A---- C:\windows\tsavij.exe
2010-01-12 15:34:59 ----A---- C:\windows\uttshz.exe
2010-01-12 15:28:38 ----A---- C:\windows\wiovgq.exe
2010-01-12 15:24:50 ----A---- C:\windows\oaqntw.exe
2010-01-12 15:24:48 ----A---- C:\windows\psrqat.exe
2010-01-12 15:14:57 ----A---- C:\windows\njjjmq.exe
2010-01-12 15:13:24 ----A---- C:\windows\eswqev.exe
2010-01-12 15:13:24 ----A---- C:\windows\dtxjyi.exe
2010-01-12 13:41:29 ----A---- C:\windows\zzskty.exe
2010-01-12 13:18:46 ----A---- C:\windows\fqqvmq.exe
2010-01-12 13:18:45 ----A---- C:\windows\vcnnzb.exe
2010-01-12 13:12:29 ----A---- C:\windows\zjydnw.exe
2010-01-12 13:12:29 ----A---- C:\windows\jxafwl.exe
2010-01-12 13:10:07 ----A---- C:\windows\nhgnuf.exe
2010-01-12 12:27:55 ----A---- C:\windows\mmlnlb.exe
2010-01-12 12:27:55 ----A---- C:\windows\miojfv.exe
2010-01-11 00:18:15 ----A---- C:\windows\upplbb.exe
2010-01-10 20:52:21 ----A---- C:\windows\rciahp.exe
2010-01-10 12:33:49 ----A---- C:\windows\ntegoq.exe
2010-01-10 12:10:02 ----A---- C:\windows\wztoid.exe
2010-01-10 11:51:50 ----A---- C:\windows\rmmnoo.exe
2010-01-10 11:48:25 ----A---- C:\windows\rambcx.exe
2010-01-10 11:39:59 ----A---- C:\windows\blxama.exe
2010-01-09 16:32:57 ----A---- C:\windows\yoxiag.exe
2010-01-09 16:27:53 ----A---- C:\windows\dabthp.exe
2010-01-09 14:28:12 ----A---- C:\windows\uhqlrt.exe
2010-01-09 13:36:11 ----A---- C:\windows\otdxas.exe
2010-01-09 13:30:06 ----A---- C:\windows\qoigzu.exe
2010-01-09 13:04:26 ----A---- C:\windows\vebyvq.exe
2010-01-09 12:55:59 ----A---- C:\windows\btmzzh.exe
2010-01-09 12:08:18 ----A---- C:\windows\eajtey.exe
2010-01-09 01:40:27 ----A---- C:\windows\rpjogq.exe
2010-01-08 13:14:00 ----A---- C:\windows\suuufl.exe
2010-01-08 12:20:48 ----A---- C:\windows\jprmkb.exe
2010-01-07 17:14:56 ----D---- C:\Program Files\Common Files\DESIGNER
2010-01-07 17:05:24 ----A---- C:\windows\system32\msonpmon.dll
2010-01-07 17:01:56 ----D---- C:\Program Files\Microsoft Works
2010-01-07 17:00:56 ----D---- C:\Program Files\Microsoft Visual Studio
2010-01-07 16:59:33 ----D---- C:\Program Files\Microsoft.NET
2010-01-07 16:54:05 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-01-07 16:53:00 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-01-07 16:42:33 ----A---- C:\windows\yevint.exe
2010-01-07 10:50:51 ----A---- C:\windows\pzklto.exe
2010-01-07 05:22:28 ----A---- C:\windows\gwqypx.exe
2010-01-06 22:47:03 ----A---- C:\windows\opywcy.exe
2010-01-06 22:32:37 ----A---- C:\windows\rglzlw.exe
2010-01-06 21:07:47 ----A---- C:\windows\bsukpt.exe
2010-01-06 21:01:35 ----D---- C:\Program Files\MySearch
2010-01-06 21:01:34 ----D---- C:\Documents and Settings\Rasto\Application Data\Desktopicon
2010-01-06 21:01:32 ----D---- C:\Documents and Settings\All Users\Application Data\FreeRIP
2010-01-06 21:01:30 ----D---- C:\Program Files\FreeRIP3
2010-01-06 13:53:56 ----A---- C:\windows\hpeiwv.exe
2010-01-05 11:10:28 ----A---- C:\windows\tbjlbv.exe
2010-01-04 12:59:24 ----A---- C:\windows\ywwgcy.exe
2010-01-04 00:35:29 ----A---- C:\windows\qavudc.exe
2010-01-03 17:23:37 ----A---- C:\windows\zordeo.exe
2010-01-03 00:21:29 ----A---- C:\windows\zdqnru.exe
2010-01-03 00:10:41 ----A---- C:\windows\syjpml.exe
2010-01-03 00:01:53 ----A---- C:\windows\trazwx.exe
2010-01-02 23:02:52 ----A---- C:\windows\hhfugc.exe
2010-01-02 22:47:35 ----A---- C:\windows\ijylah.exe
2010-01-02 22:25:08 ----A---- C:\windows\vukznb.exe
2010-01-02 21:29:45 ----A---- C:\windows\aikwjt.exe
2010-01-02 20:11:34 ----A---- C:\windows\zwxpfq.exe
2010-01-02 20:11:34 ----A---- C:\windows\bqbmrd.exe
2010-01-01 18:58:45 ----A---- C:\windows\xdfery.exe
2010-01-01 18:58:45 ----A---- C:\windows\luqgpc.exe
2009-12-31 19:27:24 ----A---- C:\windows\dweuwi.exe
2009-12-31 19:27:24 ----A---- C:\windows\axqnlt.exe
2009-12-31 16:56:37 ----A---- C:\windows\dkgpvy.exe
2009-12-31 16:56:37 ----A---- C:\windows\cgtadp.exe
2009-12-31 13:22:42 ----A---- C:\windows\rwfhrq.exe
2009-12-31 13:22:42 ----A---- C:\windows\pldlti.exe
2009-12-31 01:16:41 ----A---- C:\windows\tkruym.exe
2009-12-31 01:16:41 ----A---- C:\windows\bgueeo.exe
2009-12-30 15:12:44 ----A---- C:\windows\evwrfp.exe
2009-12-30 15:12:38 ----A---- C:\windows\szygzd.exe
2009-12-30 10:56:56 ----A---- C:\windows\psfcug.exe
2009-12-30 10:56:56 ----A---- C:\windows\jhcfjz.exe
2009-12-30 01:10:47 ----A---- C:\windows\qgcgdp.exe
2009-12-30 01:10:44 ----A---- C:\windows\uywrgw.exe
2009-12-29 17:37:33 ----A---- C:\windows\ydbexn.exe
2009-12-29 17:37:33 ----A---- C:\windows\jyisdr.exe
2009-12-29 14:40:02 ----A---- C:\windows\toefod.exe
2009-12-29 10:47:46 ----A---- C:\windows\jktucp.exe
2009-12-29 08:24:31 ----A---- C:\windows\tmkbyf.exe
2009-12-29 08:24:31 ----A---- C:\windows\jcejfp.exe
2009-12-29 00:33:50 ----A---- C:\windows\jmatrr.exe
2009-12-28 09:49:18 ----A---- C:\windows\dpoxyw.exe
2009-12-28 09:49:16 ----A---- C:\windows\ujxqih.exe
2009-12-28 01:09:43 ----A---- C:\windows\mnipan.exe
2009-12-27 13:47:04 ----A---- C:\windows\ggcudi.exe
2009-12-27 12:12:36 ----D---- C:\Documents and Settings\Rasto\Application Data\InstallShield
2009-12-27 12:12:36 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-12-27 12:12:14 ----D---- C:\Program Files\MF Software
2009-12-27 12:12:14 ----D---- C:\Program Files\Common Files\HTML kódy 2.0
2009-12-26 10:24:28 ----A---- C:\windows\rhsezc.exe
2009-12-25 17:23:13 ----A---- C:\windows\zghctr.exe
2009-12-25 15:13:20 ----A---- C:\windows\rrupig.exe
2009-12-25 15:13:20 ----A---- C:\windows\mpcwmp.exe
2009-12-25 14:48:16 ----A---- C:\windows\ckewua.exe
2009-12-25 14:30:16 ----A---- C:\windows\dhwmvf.exe
2009-12-25 09:21:38 ----A---- C:\windows\eencbe.exe
2009-12-24 08:38:48 ----A---- C:\windows\wrhfov.exe
2009-12-23 16:40:26 ----A---- C:\windows\dmhgwq.exe
2009-12-23 08:31:37 ----A---- C:\windows\jsdvzj.exe
2009-12-22 22:39:22 ----A---- C:\windows\cjcqrk.exe
2009-12-22 07:28:07 ----A---- C:\windows\zskldk.exe
2009-12-21 15:11:04 ----D---- C:\Program Files\Common Files\Skype
2009-12-21 13:17:55 ----A---- C:\windows\zqygrh.exe
2009-12-20 09:33:08 ----A---- C:\windows\hzdhlq.exe
2009-12-20 09:31:48 ----A---- C:\windows\sckqao.exe
2009-12-20 09:25:05 ----A---- C:\windows\wtzevo.exe
2009-12-20 09:21:09 ----A---- C:\windows\rvifkf.exe
2009-12-20 09:14:21 ----A---- C:\windows\ycdtqe.exe
2009-12-20 09:14:19 ----A---- C:\windows\mswdop.exe
2009-12-20 09:13:14 ----A---- C:\windows\ogzdoa.exe
2009-12-20 09:12:06 ----A---- C:\windows\ecaaiw.exe
2009-12-20 09:08:27 ----A---- C:\windows\qtcwot.exe
2009-12-20 09:08:27 ----A---- C:\windows\kkwzli.exe
2009-12-20 08:57:27 ----A---- C:\windows\system32\javaws.exe
2009-12-20 08:57:27 ----A---- C:\windows\system32\javaw.exe
2009-12-20 08:57:27 ----A---- C:\windows\system32\java.exe
2009-12-20 08:43:05 ----A---- C:\windows\ryatoa.exe
2009-12-19 09:52:22 ----A---- C:\windows\mykmpt.exe
2009-12-19 09:52:22 ----A---- C:\windows\hmzoye.exe
2009-12-18 07:32:50 ----A---- C:\windows\pswgnu.exe
2009-12-17 07:28:09 ----A---- C:\windows\rodokx.exe
2009-12-17 07:28:09 ----A---- C:\windows\hepwro.exe
2009-12-16 13:13:27 ----A---- C:\windows\mospbd.exe
2009-12-15 12:28:09 ----A---- C:\windows\ccvigl.exe
2009-12-14 15:35:58 ----A---- C:\windows\ukcfxh.exe
2009-12-14 15:35:58 ----A---- C:\windows\mgqnuo.exe

======List of files/folders modified in the last 1 months======

2010-01-13 18:33:08 ----D---- C:\windows\Temp
2010-01-13 18:31:48 ----RD---- C:\Program Files
2010-01-13 18:31:41 ----A---- C:\windows\NeroDigital.ini
2010-01-13 18:15:45 ----D---- C:\Documents and Settings\Rasto\Application Data\Skype
2010-01-13 18:05:30 ----D---- C:\Program Files\Mozilla Firefox
2010-01-13 18:05:02 ----D---- C:\WINDOWS
2010-01-13 18:02:18 ----A---- C:\windows\SchedLgU.Txt
2010-01-13 18:01:03 ----HD---- C:\windows\inf
2010-01-13 17:57:32 ----HD---- C:\windows\$hf_mig$
2010-01-13 17:57:28 ----D---- C:\windows\system32\CatRoot2
2010-01-13 17:26:08 ----D---- C:\Documents and Settings\Rasto\Application Data\skypePM
2010-01-13 17:23:03 ----A---- C:\windows\win.ini
2010-01-13 17:23:03 ----A---- C:\windows\system.ini
2010-01-13 16:29:00 ----SHD---- C:\windows\Installer
2010-01-13 16:28:11 ----A---- C:\windows\imsins.BAK
2010-01-13 16:28:03 ----RSHDC---- C:\windows\system32\dllcache
2010-01-13 16:28:03 ----D---- C:\windows\system32
2010-01-13 16:07:17 ----SHD---- C:\windows\CSC
2010-01-13 15:43:05 ----D---- C:\Shoty
2010-01-13 13:34:37 ----D---- C:\windows\AppPatch
2010-01-13 13:25:33 ----D---- C:\Documents and Settings\Rasto\Application Data\HPAppData
2010-01-12 16:01:40 ----SD---- C:\Documents and Settings\Rasto\Application Data\Microsoft
2010-01-12 15:50:13 ----D---- C:\windows\system32\drivers
2010-01-12 15:28:45 ----A---- C:\windows\ohoqgc.exe
2010-01-12 12:29:19 ----D---- C:\windows\Prefetch
2010-01-10 12:29:30 ----A---- C:\windows\gmypvz.exe
2010-01-10 11:45:52 ----D---- C:\Program Files\SwiftKit
2010-01-09 23:51:22 ----D---- C:\windows\system32\wbem
2010-01-09 23:51:21 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-01-08 23:37:13 ----RSD---- C:\windows\assembly
2010-01-08 23:31:42 ----RSD---- C:\windows\Fonts
2010-01-08 23:31:31 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-08 23:28:04 ----D---- C:\Program Files\Common Files\System
2010-01-07 21:56:21 ----D---- C:\Program Files\ICQ6.5
2010-01-07 19:44:18 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-01-07 17:15:09 ----D---- C:\windows\WinSxS
2010-01-07 17:14:56 ----D---- C:\Program Files\Common Files
2010-01-07 17:09:04 ----D---- C:\windows\SHELLNEW
2010-01-07 17:04:53 ----D---- C:\windows\system32\config
2010-01-07 17:01:41 ----D---- C:\Program Files\MSBuild
2010-01-07 17:01:17 ----D---- C:\Program Files\Microsoft Office
2010-01-07 16:59:33 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-05 01:17:46 ----A---- C:\windows\system32\MRT.exe
2009-12-29 14:40:03 ----A---- C:\windows\pwoocr.exe
2009-12-27 12:12:08 ----SD---- C:\windows\Downloaded Program Files
2009-12-27 12:12:07 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-27 12:12:06 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-21 15:11:05 ----RD---- C:\Program Files\Skype
2009-12-21 15:11:00 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-12-20 08:57:10 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\windows\system32\drivers\AFS2K.sys [2004-10-08 35840]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdir;epfwtdir; C:\windows\system32\DRIVERS\epfwtdir.sys [2009-11-16 96408]
R1 intelppm;Intel Processor Driver; C:\windows\system32\DRIVERS\intelppm.sys [2007-03-21 36096]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 eamon;eamon; C:\windows\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\windows\system32\DRIVERS\rspndr.sys [2007-03-21 62336]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\windows\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 hidusb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2007-03-21 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\windows\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\windows\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2007-03-21 30208]
R3 usbhub;USB2 Enabled Hub; C:\windows\system32\DRIVERS\usbhub.sys [2006-10-23 59264]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2006-10-23 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\windows\system32\drivers\WmBEnum.sys [2008-01-24 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\windows\system32\drivers\WmXlCore.sys [2008-01-24 48904]
S1 kbdhid;Keyboard HID Driver; C:\windows\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 a9233d5d;a9233d5d; C:\windows\system32\drivers\a9233d5d.sys []
S3 afktj5p4;afktj5p4; C:\windows\system32\drivers\afktj5p4.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2007-11-01 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2007-11-01 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2007-11-01 21568]
S3 Cheetah1;Cheetah1; \??\C:\Documents and Settings\Rasto\Desktop\Cheetah Engine 2.0\cheetahrules.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\windows\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\windows\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:\windows\system32\DRIVERS\SE2Ebus.sys [2006-11-10 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:\windows\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:\windows\system32\DRIVERS\SE2Emdm.sys [2006-11-10 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM); C:\windows\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 88688]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS); C:\windows\system32\DRIVERS\se2End5.sys [2006-11-10 18704]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\SE2Eobex.sys [2006-11-10 86560]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM); C:\windows\system32\DRIVERS\se2Eunic.sys [2006-11-10 90800]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM); C:\windows\system32\DRIVERS\sea1bus.sys [2007-02-08 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter; C:\windows\system32\DRIVERS\sea1mdfl.sys [2007-02-08 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver; C:\windows\system32\DRIVERS\sea1mdm.sys [2007-02-08 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM); C:\windows\system32\DRIVERS\sea1mgmt.sys [2007-02-08 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS); C:\windows\system32\DRIVERS\sea1nd5.sys [2007-02-08 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\sea1obex.sys [2007-02-08 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM); C:\windows\system32\DRIVERS\sea1unic.sys [2007-02-08 90800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\windows\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\windows\system32\drivers\WmFilter.sys [2008-01-24 28168]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\windows\system32\drivers\WmHidLo.sys [2008-01-24 29192]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\windows\system32\drivers\WmVirHid.sys [2008-01-24 14728]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2007-03-21 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2007-03-21 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2008-10-16 464264]
R2 BthServ;Bluetooth Support Service; C:\windows\system32\svchost.exe [2004-08-04 14336]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\windows\system32\svchost.exe [2004-08-04 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2004-08-04 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2006-06-01 155715]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2004-08-04 14336]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2004-08-04 14336]
R3 hpqcxs08;hpqcxs08; C:\windows\system32\svchost.exe [2004-08-04 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S2 2hotspotsvc;2hotspot; C:\PROGRA~1\2hotspot\Program\pacsvc.exe [2006-02-06 110592]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-08-31 72704]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-11-16 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-06-11 1838592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

mohol by sa aj mne na to niekto pozriet prosim prosim??

Zdravím, pokud si budeš sám sobě odpovídat určitě to neurychlíš, právě naopak.


Jinak pěkně zavšiveno, tak že tohle fixni v HJT :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Rasto\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Rasto\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Google Updater] C:\Windows\smms.exe
O4 - HKLM\..\Run: [nvdsp] C:\svchosts.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [nvdsp] C:\svchosts.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User '?')
O4 - HKUS\S-1-5-21-484763869-839522115-2053108931-1003\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User '?')
O4 - HKUS\S-1-5-21-484763869-839522115-2053108931-1003\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-484763869-839522115-2053108931-1003\..\Run: [nvdsp] C:\svchosts.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')


HJT najdeš zde :

C:\Program Files\trend micro\Rasto

Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci pod účtem s administrátorským oprávněním a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah vlož sem.

diky ten fix z hjt mi velmi pomohol vyuzitie procesora je teras skoro stale 0% takze velmi good a vobec uz tak neseka, internet tiez fakci tak ako ma
a tu je log :
ComboFix 10-01-13.06 - Rasto 13.01.2010 21:28:35.1.1 - x86
Running from: c:\documents and settings\Rasto\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rasto\Application Data\Adssite Advanced Toolbar
c:\documents and settings\Rasto\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
c:\documents and settings\Rasto\Application Data\Adssite Advanced Toolbar\selected.xml
c:\documents and settings\Rasto\Application Data\Desktopicon
c:\documents and settings\Rasto\Application Data\Microsoft\file.exe
c:\documents and settings\Rasto\Application Data\Microsoft\fisheh2.exe
c:\documents and settings\Rasto\Application Data\Microsoft\woode.exe
c:\documents and settings\Rasto\Application Data\Microsoft\woode2.exe
c:\documents and settings\Rasto\autorun.inf
c:\documents and settings\Rasto\Start Menu\Dokument Výstrižok Mäso... .shb
c:\program files\Cheat Engine\dbk32.sys
c:\program files\ICQ6.5\ICQLRun.exe
c:\program files\MySearch
c:\program files\MySearch\bar\1.bin\NPMYSRCH.DLL
c:\program files\MySearch\bar\1.bin\S4FFXTBR.JAR
c:\program files\MySearch\bar\1.bin\S4FFXTBR.MANIFEST
c:\program files\MySearch\bar\1.bin\S4NTSTBR.JAR
c:\program files\MySearch\bar\1.bin\S4NTSTBR.MANIFEST
c:\program files\MySearch\bar\Cache\081742EB
c:\program files\MySearch\bar\Cache\0817452D
c:\program files\MySearch\bar\Cache\08174656.bmp
c:\program files\MySearch\bar\Cache\081747CD.bmp
c:\program files\MySearch\bar\Cache\files.ini
c:\program files\MySearch\bar\History\search2
c:\program files\MySearch\bar\Settings\prevcfg2.htm
C:\svchosts.exe
c:\windows\aikwjt.exe
c:\windows\autorun.inf
c:\windows\bjwdwv.exe
c:\windows\blxama.exe
c:\windows\bqbmrd.exe
c:\windows\bsukpt.exe
c:\windows\btmzzh.exe
c:\windows\ccvigl.exe
c:\windows\cizohk.exe
c:\windows\cviilz.exe
c:\windows\dabthp.exe
c:\windows\dkgpvy.exe
c:\windows\dmhgwq.exe
c:\windows\dpoxyw.exe
c:\windows\dweuwi.exe
c:\windows\eajtey.exe
c:\windows\ebguko.exe
c:\windows\ecaaiw.exe
c:\windows\eswqev.exe
c:\windows\ewbkgj.exe
c:\windows\eyuhor.exe
c:\windows\f96ac0e5-19d2-42c5-8f68-eb7a99861769.ocx
c:\windows\fycrxr.exe
c:\windows\ggcudi.exe
c:\windows\gmypvz.exe
c:\windows\gwqypx.exe
c:\windows\hduaev.exe
c:\windows\hepwro.exe
c:\windows\hgvrjd.exe
c:\windows\hhfugc.exe
c:\windows\hmjaut.exe
c:\windows\hmzoye.exe
c:\windows\hpeiwv.exe
c:\windows\hspzjy.exe
c:\windows\huuhqx.exe
c:\windows\hzdhlq.exe
c:\windows\ijylah.exe
c:\windows\itsvew.exe
c:\windows\jprmkb.exe
c:\windows\jtoyyl.exe
c:\windows\jyisdr.exe
c:\windows\kkwzli.exe
c:\windows\mgqnuo.exe
c:\windows\miojfv.exe
c:\windows\mipxrd.exe
c:\windows\mospbd.exe
c:\windows\mpcwmp.exe
c:\windows\mswdop.exe
c:\windows\mykmpt.exe
c:\windows\nhgnuf.exe
c:\windows\ntegoq.exe
c:\windows\nxoilo.exe
c:\windows\ogzdoa.exe
c:\windows\ohoqgc.exe
c:\windows\okgesp.exe
c:\windows\olcgia.exe
c:\windows\opywcy.exe
c:\windows\otdxas.exe
c:\windows\ouwtoi.exe
c:\windows\ovhtpz.exe
c:\windows\pldlti.exe
c:\windows\psfcug.exe
c:\windows\psrqat.exe
c:\windows\pswgnu.exe
c:\windows\pwoocr.exe
c:\windows\pzklto.exe
c:\windows\qavudc.exe
c:\windows\qoigzu.exe
c:\windows\qtcwot.exe
c:\windows\qtjyik.exe
c:\windows\rciahp.exe
c:\windows\rglzlw.exe
c:\windows\rmmnoo.exe
c:\windows\rodokx.exe
c:\windows\rpjogq.exe
c:\windows\rvifkf.exe
c:\windows\ryatoa.exe
c:\windows\sckqao.exe
c:\windows\suuufl.exe
c:\windows\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
c:\windows\system32\dontexecute.dll
c:\windows\system32\drivers\services.exe
c:\windows\system32\Ijl11.dll
c:\windows\system32\thgcounted.dll
c:\windows\system32\twain_32.dll
c:\windows\system32\wuamgrd.exe
c:\windows\szygzd.exe
c:\windows\tbjlbv.exe
c:\windows\tkruym.exe
c:\windows\tmkbyf.exe
c:\windows\trazwx.exe
c:\windows\tsavij.exe
c:\windows\ucxsqe.exe
c:\windows\uhqlrt.exe
c:\windows\ukcfxh.exe
c:\windows\upplbb.exe
c:\windows\uttshz.exe
c:\windows\uywrgw.exe
c:\windows\vcnnzb.exe
c:\windows\vebyvq.exe
c:\windows\vukznb.exe
c:\windows\wktbib.exe
c:\windows\wkueyn.exe
c:\windows\wlofra.exe
c:\windows\wtzevo.exe
c:\windows\wztoid.exe
c:\windows\xdfery.exe
c:\windows\ycdtqe.exe
c:\windows\yevint.exe
c:\windows\yoxiag.exe
c:\windows\ywwgcy.exe
c:\windows\zdqnru.exe
c:\windows\zjydnw.exe
c:\windows\zordeo.exe
c:\windows\zqygrh.exe
c:\windows\zsgykm.exe
c:\windows\zskldk.exe
c:\windows\zwxpfq.exe
c:\windows\zzskty.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-13 to 2010-01-13 )))))))))))))))))))))))))))))))
.

2010-01-13 17:31 . 2010-01-13 20:14 -------- d-----w- c:\program files\trend micro
2010-01-13 17:31 . 2010-01-13 17:33 -------- d-----w- C:\rsit
2010-01-12 14:48 . 2010-01-12 14:48 40960 ----a-w- c:\windows\wjragl.exe
2010-01-12 14:28 . 2010-01-12 14:28 40960 ----a-w- c:\windows\wiovgq.exe
2010-01-12 14:24 . 2010-01-12 14:24 40960 ----a-w- c:\windows\oaqntw.exe
2010-01-12 14:14 . 2010-01-12 14:14 40960 ----a-w- c:\windows\njjjmq.exe
2010-01-12 14:13 . 2010-01-12 14:13 40960 ----a-w- c:\windows\dtxjyi.exe
2010-01-12 12:18 . 2010-01-12 12:18 40960 ----a-w- c:\windows\fqqvmq.exe
2010-01-12 12:12 . 2010-01-12 12:12 40960 ----a-w- c:\windows\jxafwl.exe
2010-01-12 11:27 . 2010-01-12 11:27 40960 ----a-w- c:\windows\mmlnlb.exe
2010-01-10 10:48 . 2010-01-10 10:49 21630 ----a-w- c:\windows\rambcx.exe
2010-01-08 11:32 . 2010-01-08 11:32 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-01-07 16:05 . 2008-11-10 10:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-01-07 16:05 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-01-07 16:01 . 2010-01-08 22:30 -------- d-----w- c:\program files\Microsoft Works
2010-01-07 15:59 . 2010-01-07 15:59 -------- d-----w- c:\program files\Microsoft.NET
2010-01-07 15:54 . 2010-01-07 15:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-01-07 15:53 . 2010-01-07 15:53 -------- d-----w- c:\documents and settings\Rasto\Local Settings\Application Data\Microsoft Help
2010-01-07 15:53 . 2010-01-13 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-06 20:01 . 2010-01-06 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeRIP
2010-01-06 20:01 . 2010-01-06 20:01 -------- d-----w- c:\program files\FreeRIP3
2010-01-02 23:10 . 2010-01-02 23:13 14420 ----a-w- c:\windows\syjpml.exe
2009-12-27 11:12 . 2009-12-27 11:12 -------- d-----w- c:\documents and settings\Rasto\Application Data\InstallShield
2009-12-27 11:12 . 2009-12-27 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-12-27 11:12 . 2009-12-27 11:12 -------- d-----w- c:\program files\Common Files\HTML kódy 2.0
2009-12-27 11:12 . 2009-12-27 11:12 -------- d-----w- c:\program files\MF Software
2009-12-25 13:48 . 2009-12-25 13:49 15862 ----a-w- c:\windows\ckewua.exe
2009-12-21 14:11 . 2009-12-21 14:11 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 20:42 . 2008-05-02 21:03 86080 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-13 20:42 . 2008-05-19 13:14 -------- d-----w- c:\documents and settings\Rasto\Application Data\Skype
2010-01-13 20:35 . 2009-07-26 15:14 -------- d-----w- c:\program files\ICQ6.5
2010-01-13 20:35 . 2008-12-04 15:13 -------- d-----w- c:\program files\Cheat Engine
2010-01-13 16:26 . 2008-05-02 20:04 -------- d-----w- c:\documents and settings\Rasto\Application Data\skypePM
2010-01-13 14:49 . 2009-09-02 13:44 69 ----a-w- c:\documents and settings\Rasto\jagex_runescape_preferences2.dat
2010-01-13 13:47 . 2008-09-06 18:27 39 ----a-w- c:\documents and settings\Rasto\jagex_runescape_preferences.dat
2010-01-13 12:25 . 2008-07-14 11:22 -------- d-----w- c:\documents and settings\Rasto\Application Data\HPAppData
2010-01-10 10:45 . 2009-02-16 21:53 -------- d-----w- c:\program files\SwiftKit
2010-01-07 18:44 . 2008-06-19 14:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-07 16:01 . 2009-09-18 14:52 -------- d-----w- c:\program files\MSBuild
2009-12-27 11:12 . 2008-05-02 21:10 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-27 11:12 . 2008-05-02 21:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-21 14:11 . 2008-05-19 13:13 -------- d-----r- c:\program files\Skype
2009-12-21 14:11 . 2008-05-19 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-20 07:57 . 2008-05-08 07:45 -------- d-----w- c:\program files\Java
2009-12-20 07:49 . 2009-12-20 07:49 152576 ----a-w- c:\documents and settings\Rasto\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-20 07:48 . 2009-11-24 12:24 79488 ----a-w- c:\documents and settings\Rasto\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-09 20:33 . 2009-12-09 20:23 1924744 ----a-w- c:\documents and settings\Rasto\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-12-06 14:30 . 2009-12-06 14:30 581632 --sha-r- c:\windows\plugin.dat
2009-11-28 07:38 . 2009-10-24 08:50 1208 ----a-w- c:\windows\wallpaper.jpg.tmp
2009-11-21 16:24 . 2007-03-21 10:08 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 15:13 . 2008-06-18 14:32 -------- d-----w- c:\program files\VstPlugins
2009-11-20 15:13 . 2009-11-20 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-11-20 15:12 . 2009-09-18 15:03 -------- d-----w- c:\program files\Sony
2009-11-16 08:06 . 2009-11-16 08:06 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-11-16 08:03 . 2009-11-16 08:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 07:56 . 2009-11-16 07:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-11-15 13:20 . 2009-11-15 13:20 -------- d-----w- c:\program files\HyCam2
2009-11-14 20:57 . 2008-11-11 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-14 16:48 . 2009-11-11 20:23 21504 --sh--r- c:\windows\smms.exe
2009-11-11 21:07 . 2009-11-11 21:07 302649 ----a-w- c:\documents and settings\Rasto\Application Data\Microsoft\itrigzor.exe
2009-11-11 20:45 . 2009-11-11 20:45 19968 ----a-w- c:\windows\download25396.exe
2009-11-11 20:23 . 2009-11-11 20:23 19968 ----a-w- c:\windows\download27641.exe
2009-11-11 19:48 . 2009-11-11 19:48 19968 ----a-w- c:\windows\sysupdt.exe
2009-11-11 19:06 . 2009-11-26 06:29 581632 --sha-r- c:\documents and settings\Rasto\Application Data\plugin.dat
2009-11-11 19:05 . 2009-11-11 19:05 22528 --sh--r- c:\windows\system32\drivers\svchosts.exe
2009-11-11 14:32 . 2009-11-11 14:32 122880 --sha-r- c:\windows\poloc.exe
2009-11-11 14:13 . 2009-11-11 14:13 581632 --sha-r- C:\plugin.dat
2009-10-29 07:45 . 2007-03-21 10:10 841216 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2007-03-21 10:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2007-03-21 10:11 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-25 05:48 . 2009-10-25 05:48 332800 --sha-r- c:\documents and settings\Rasto\wget.exe
2009-10-24 08:50 . 2009-10-24 08:50 332800 --sha-r- c:\windows\wget.exe
2009-10-21 05:50 . 2004-08-03 23:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:50 . 2004-08-03 23:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:41 . 2007-03-21 10:08 265728 ----a-w- c:\windows\system32\drivers\http.sys
2008-08-18 21:56 . 2008-08-18 21:56 1776512 ----a-w- c:\program files\_Alcohol.exe
2008-06-11 12:21 . 2008-06-11 12:21 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w- c:\windows\system\WININETICMP32.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-03-21 1694208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592]
"2hotspot"="c:\progra~1\2hotspot\2hotspot.exe" [2006-02-06 245760]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IE7-11"="advpack.dll" [2009-10-29 124928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-08-18 22:07 4608 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2007-12-29 12:05 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-06-11 12:21 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-03-14 19:01 54832 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 07:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 19:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-01-26 11:36 495616 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-07-07 07:42 2156368 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 02:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\2hotspot\\Program\\pacsvc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Windows\\smms.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh

R2 2hotspotsvc;2hotspot;c:\progra~1\2hotspot\Program\pacsvc.exe [2006-02-06 110592]
R3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\DRIVERS\sea1bus.sys [2007-02-08 61536]
R3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\DRIVERS\sea1mdfl.sys [2007-02-08 9360]
R3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\DRIVERS\sea1mdm.sys [2007-02-08 97088]
R3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sea1mgmt.sys [2007-02-08 88624]
R3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\DRIVERS\sea1nd5.sys [2007-02-08 18704]
R3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\sea1obex.sys [2007-02-08 86432]
R3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\DRIVERS\sea1unic.sys [2007-02-08 90800]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-08-18 716272]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-11-16 96408]
S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-10-16 464264]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{NP6CQPS0-3638-NN52-54Q7-BYX76BQDOX4R}]
2009-11-11 14:32 122880 --sha-r- c:\windows\poloc.exe
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Rasto\Application Data\Mozilla\Firefox\Profiles\qdx24g75.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - google.sk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\documents and settings\Rasto\Application Data\Mozilla\Firefox\Profiles\qdx24g75.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMySrch.dll
FF - plugin: c:\program files\TV JOJ Media Player\npplugin_netscape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKCU-Run-Software Informer - c:\program files\Software Informer\softinfo.exe
HKCU-Run-fsm - (no file)
HKCU-Run-nvdsp - C:\svchosts.exe
HKLM-Run-DXDllRegExe - dxdllreg.exe
HKLM-Run-nvdsp - C:\svchosts.exe
MSConfigStartUp-nvdsp - C:\svchosts.exe
ActiveSetup-{FJ2CBKNW-23CG-61IG-XBF3-0KVRO34F0IEN} - C:\svchosts.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 21:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3608)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-01-13 21:49:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-13 20:49

Pre-Run: 6 146 121 728 bytes free
Post-Run: 6 273 630 208 voľných bajtov

- - End Of File - - 37BA8E981B4D4650384B3EA88756D55B

Tak že hóóódně smazáno ale je třeba ještě doladit, proto pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



po aplikaci na Tebe vypadne další log, dej ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

ComboFix 10-01-14.01 - Rasto 14.01.2010 19:23:51.2.1 - x86
Running from: c:\documents and settings\Rasto\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rasto\Desktop\CFScript.txt
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\documents and settings\Rasto\Application Data\Microsoft\itrigzor.exe"
"c:\windows\ckewua.exe"
"c:\windows\download25396.exe"
"c:\windows\download27641.exe"
"c:\windows\dtxjyi.exe"
"c:\windows\fqqvmq.exe"
"c:\windows\jxafwl.exe"
"c:\windows\mmlnlb.exe"
"c:\windows\njjjmq.exe"
"c:\windows\oaqntw.exe"
"c:\windows\poloc.exe"
"c:\windows\rambcx.exe"
"c:\windows\smms.exe"
"c:\windows\syjpml.exe"
"c:\windows\system32\drivers\svchosts.exe"
"c:\windows\sysupdt.exe"
"c:\windows\wiovgq.exe"
"c:\windows\wjragl.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rasto\Application Data\Microsoft\itrigzor.exe
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\0006CF97
c:\program files\AskBarDis\bar\Cache\0006D17B
c:\program files\AskBarDis\bar\Cache\0033B9A3.bin
c:\program files\AskBarDis\bar\Cache\0033BB39.bin
c:\program files\AskBarDis\bar\Cache\0033BCCF.bin
c:\program files\AskBarDis\bar\Cache\0033BE56.bin
c:\program files\AskBarDis\bar\Cache\0033C069.bin
c:\program files\AskBarDis\bar\Cache\0033C183.bin
c:\program files\AskBarDis\bar\Cache\0033C28C.bin
c:\program files\AskBarDis\bar\Cache\0033C396.bin
c:\program files\AskBarDis\bar\Cache\0033C49F.bin
c:\program files\AskBarDis\bar\Cache\0033C5B9.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\bar\Settings\prevCfg2.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\AskBarDis\zonealarm.ico
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\windows\ckewua.exe
c:\windows\download25396.exe
c:\windows\download27641.exe
c:\windows\dtxjyi.exe
c:\windows\fqqvmq.exe
c:\windows\jxafwl.exe
c:\windows\mmlnlb.exe
c:\windows\njjjmq.exe
c:\windows\oaqntw.exe
c:\windows\poloc.exe
c:\windows\rambcx.exe
c:\windows\smms.exe
c:\windows\syjpml.exe
c:\windows\system32\drivers\svchosts.exe
c:\windows\sysupdt.exe
c:\windows\wiovgq.exe
c:\windows\wjragl.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASKSERVICE
-------\Legacy_ICQ_SERVICE
-------\Service_ASKService
-------\Service_ICQ Service


((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-13 17:31 . 2010-01-13 20:14 -------- d-----w- c:\program files\trend micro
2010-01-13 17:31 . 2010-01-13 17:33 -------- d-----w- C:\rsit
2010-01-08 11:32 . 2010-01-08 11:32 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-01-07 16:05 . 2008-11-10 10:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-01-07 16:05 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-01-07 16:01 . 2010-01-08 22:30 -------- d-----w- c:\program files\Microsoft Works
2010-01-07 15:59 . 2010-01-07 15:59 -------- d-----w- c:\program files\Microsoft.NET
2010-01-07 15:54 . 2010-01-07 15:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-01-07 15:53 . 2010-01-07 15:53 -------- d-----w- c:\documents and settings\Rasto\Local Settings\Application Data\Microsoft Help
2010-01-07 15:53 . 2010-01-13 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-06 20:01 . 2010-01-06 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeRIP
2010-01-06 20:01 . 2010-01-06 20:01 -------- d-----w- c:\program files\FreeRIP3
2009-12-27 11:12 . 2009-12-27 11:12 -------- d-----w- c:\documents and settings\Rasto\Application Data\InstallShield
2009-12-27 11:12 . 2009-12-27 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-12-27 11:12 . 2009-12-27 11:12 -------- d-----w- c:\program files\Common Files\HTML kódy 2.0
2009-12-27 11:12 . 2009-12-27 11:12 -------- d-----w- c:\program files\MF Software
2009-12-21 14:11 . 2009-12-21 14:11 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 18:33 . 2008-05-19 13:14 -------- d-----w- c:\documents and settings\Rasto\Application Data\Skype
2010-01-14 18:33 . 2008-05-02 20:04 -------- d-----w- c:\documents and settings\Rasto\Application Data\skypePM
2010-01-14 16:41 . 2009-09-02 13:44 69 ----a-w- c:\documents and settings\Rasto\jagex_runescape_preferences2.dat
2010-01-14 16:40 . 2008-09-06 18:27 39 ----a-w- c:\documents and settings\Rasto\jagex_runescape_preferences.dat
2010-01-14 12:36 . 2008-07-14 11:22 -------- d-----w- c:\documents and settings\Rasto\Application Data\HPAppData
2010-01-13 20:42 . 2008-05-02 21:03 86080 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-13 20:35 . 2009-07-26 15:14 -------- d-----w- c:\program files\ICQ6.5
2010-01-13 20:35 . 2008-12-04 15:13 -------- d-----w- c:\program files\Cheat Engine
2010-01-10 10:45 . 2009-02-16 21:53 -------- d-----w- c:\program files\SwiftKit
2010-01-07 18:44 . 2008-06-19 14:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-07 16:01 . 2009-09-18 14:52 -------- d-----w- c:\program files\MSBuild
2009-12-27 11:12 . 2008-05-02 21:10 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-27 11:12 . 2008-05-02 21:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-21 14:11 . 2008-05-19 13:13 -------- d-----r- c:\program files\Skype
2009-12-21 14:11 . 2008-05-19 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-20 07:57 . 2008-05-08 07:45 -------- d-----w- c:\program files\Java
2009-12-20 07:49 . 2009-12-20 07:49 152576 ----a-w- c:\documents and settings\Rasto\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-20 07:48 . 2009-11-24 12:24 79488 ----a-w- c:\documents and settings\Rasto\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-09 20:33 . 2009-12-09 20:23 1924744 ----a-w- c:\documents and settings\Rasto\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-12-06 14:30 . 2009-12-06 14:30 581632 --sha-r- c:\windows\plugin.dat
2009-11-28 07:38 . 2009-10-24 08:50 1208 ----a-w- c:\windows\wallpaper.jpg.tmp
2009-11-21 16:24 . 2007-03-21 10:08 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 15:13 . 2008-06-18 14:32 -------- d-----w- c:\program files\VstPlugins
2009-11-20 15:13 . 2009-11-20 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-11-20 15:12 . 2009-09-18 15:03 -------- d-----w- c:\program files\Sony
2009-11-16 08:06 . 2009-11-16 08:06 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-11-16 08:03 . 2009-11-16 08:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 07:56 . 2009-11-16 07:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-11-11 19:06 . 2009-11-26 06:29 581632 --sha-r- c:\documents and settings\Rasto\Application Data\plugin.dat
2009-11-11 14:13 . 2009-11-11 14:13 581632 --sha-r- C:\plugin.dat
2009-10-29 07:45 . 2007-03-21 10:10 841216 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2007-03-21 10:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2007-03-21 10:11 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-25 05:48 . 2009-10-25 05:48 332800 --sha-r- c:\documents and settings\Rasto\wget.exe
2009-10-24 08:50 . 2009-10-24 08:50 332800 --sha-r- c:\windows\wget.exe
2009-10-21 05:50 . 2004-08-03 23:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:50 . 2004-08-03 23:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:41 . 2007-03-21 10:08 265728 ----a-w- c:\windows\system32\drivers\http.sys
2008-08-18 21:56 . 2008-08-18 21:56 1776512 ----a-w- c:\program files\_Alcohol.exe
2008-06-11 12:21 . 2008-06-11 12:21 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w- c:\windows\system\WININETICMP32.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-03-21 1694208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592]
"2hotspot"="c:\progra~1\2hotspot\2hotspot.exe" [2006-02-06 245760]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IE7-11"="advpack.dll" [2009-10-29 124928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-08-18 22:07 4608 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2007-12-29 12:05 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-06-11 12:21 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-03-14 19:01 54832 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 07:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 19:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-01-26 11:36 495616 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-07-07 07:42 2156368 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 02:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\2hotspot\\Program\\pacsvc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh

R2 2hotspotsvc;2hotspot;c:\progra~1\2hotspot\Program\pacsvc.exe [2006-02-06 110592]
R3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\DRIVERS\sea1bus.sys [2007-02-08 61536]
R3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\DRIVERS\sea1mdfl.sys [2007-02-08 9360]
R3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\DRIVERS\sea1mdm.sys [2007-02-08 97088]
R3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sea1mgmt.sys [2007-02-08 88624]
R3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\DRIVERS\sea1nd5.sys [2007-02-08 18704]
R3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\sea1obex.sys [2007-02-08 86432]
R3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\DRIVERS\sea1unic.sys [2007-02-08 90800]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-08-18 716272]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-11-16 96408]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Rasto\Application Data\Mozilla\Firefox\Profiles\qdx24g75.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - google.sk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\documents and settings\Rasto\Application Data\Mozilla\Firefox\Profiles\qdx24g75.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMySrch.dll
FF - plugin: c:\program files\TV JOJ Media Player\npplugin_netscape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 19:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3992)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Spybot - Search & Destroy\SDHelper.dll
c:\program files\Microsoft Office\Office12\1029\GrooveIntlResource.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WgaTray.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-01-14 19:41:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-14 18:41
ComboFix2.txt 2010-01-13 20:49

Pre-Run: 6 080 970 752 bytes free
Post-Run: 6 052 212 736 voľných bajtov

- - End Of File - - FE913BBEE572BF407CCF0D81C0734611

Šmejdi jsou pryč, nyní přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Pak dej vědět jak je na tom PC.

no pc je na tom ovela lepsie ale ked zapnem pc a dam prehliadac mozzilu tak musim cakat tak 15-20sec kym sa otvori, robilo mi to aj predtym ale chcel by som sa spytat ci bi to nejak neslo spravit...

Smaž nepotřebné soubory

pomocí CCleaneru

návod :

položka Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

položka Registry - tady vyčistíš registry; před použitím doporučuji udělat jejich zálohu, kterou Ccleaner nabízí,

čištění registru je třeba několikrát zopakovat !


U položky Čistič na kartě Aplikace >> Firefox/Mozilla udělej zatržítko vedle Compact Databases.


Dále ve Firefox >> Nástroje >> Správce doplňků, zakaž Zásuvné moduly které nepotřebuješ.

noo uz to ide pekne....dakujem ti velmi pekne
a este by som sa chcel spytat ci si mam nechat automaticke aktualizacie

Senyor píše:este by som sa chcel spytat ci si mam nechat automaticke aktualizacie

Pokud máš na mysli Operační systém (Windows) a Antivir tak samozřejmě ano.