VIRY.CZ

Dobrý večer,
mám problém s tím, že mi Avast hlásil vir, nešel přesunout, odstranit nic. Počítač jsem vypnula s tím, že to dořeším pak, ale při startování pc byla prodleva cca o 5minut delší než normálně. A ihned běží CPU na 100% díky svchost.exe.
Nevíte co s tím, prosím?
Děkuji

Logfile of random's system information tool 1.06 (written by random/random)
Run by Klárka at 2010-01-14 21:31:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (30%) free of 26 GB
Total RAM: 1023 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31:52, on 14.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\ESRI\License\arcgis9x\ARCGIS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Klárka\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Klárka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/ig?rls=ig&hl=cs&source=iglk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Klárka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Klárka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TM12A.tmp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSetup] E:\Setup\Setup.exe /start /restart /l:enu
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: siszyd32.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: siszyd32.exe (User 'Default user')
O4 - Startup: siszyd32.exe
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: PC Health.lnk = C:\Program Files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A139B4D-D1D0-4EAF-BAC5-C9E5A705DCB8}: NameServer = 10.1.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ArcGIS License Manager - Acresso Software Inc. - C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 16209 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-05-12 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\Klárka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-10-05 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-23 196608]
"00THotkey"=C:\WINDOWS\system32\00THotkey.exe [2004-06-28 258048]
"000StTHK"=C:\WINDOWS\system32\000StTHK.exe [2001-06-23 24576]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-04-12 88358]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-03-14 5525504]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"NVRotateSysTray"=C:\WINDOWS\system32\nvsysrot.dll [2005-03-14 49152]
"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2002-09-09 49152]
"TFNF5"=C:\WINDOWS\system32\TFNF5.exe [2004-12-15 73728]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2004-09-15 135168]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2004-12-27 270336]
"TPSODDCtl"=C:\WINDOWS\system32\TPSODDCtl.exe [2004-12-27 110592]
"TMESRV.EXE"=C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE [2004-11-11 126976]
"TMERzCtl.EXE"=C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE [2004-12-06 81920]
"TMESBS.EXE"=C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE [2003-08-01 86016]
"TFncKy"=TFncKy.exe []
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-08-01 802816]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-08-01 696320]
"TAudEffect"=C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe [2004-10-06 331840]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"NWEReboot"= []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2008-12-19 83336]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-05-12 198160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"sysgif32"=C:\WINDOWS\TEMP\~TM12A.tmp [2010-01-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"LogitechSetup"=E:\Setup\Setup.exe /start /restart /l:enu []
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AVer HID Receiver.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PC Health.lnk - C:\Program Files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Klárka\Nabídka Start\Programy\Po spuštění
siszyd32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-19 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Documents and Settings\Klárka\Local Settings\Temp\bulanci.tmp"="C:\Documents and Settings\Klárka\Local Settings\Temp\bulanci.tmp:*:Enabled:bulanci"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Klárka\Plocha\bulanci(2).exe"="C:\Documents and Settings\Klárka\Plocha\bulanci(2).exe:*:Enabled:bulanci(2)"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-14 21:31:19 ----D---- C:\Program Files\trend micro
2010-01-14 21:31:10 ----D---- C:\rsit
2010-01-14 18:13:48 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2010-01-14 17:35:56 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2010-01-14 17:35:55 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2010-01-14 17:35:21 ----D---- C:\Program Files\DivX
2010-01-13 11:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 11:51:16 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-04 19:34:55 ----D---- C:\WINDOWS\5033400B097745AB94CECC135A8E1BBB.TMP
2009-12-31 16:07:14 ----A---- C:\WINDOWS\SMWizard.INI
2009-12-29 16:32:01 ----D---- C:\Program Files\Common Files\AnswerWorks 4.0
2009-12-29 16:30:33 ----D---- C:\Program Files\Leica Geosystems
2009-12-29 16:24:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESRI
2009-12-29 16:23:08 ----D---- C:\Program Files\ArcGIS
2009-12-29 15:42:21 ----D---- C:\Program Files\ESRI
2009-12-28 17:20:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Macrovision
2009-12-28 17:17:41 ----D---- C:\Program Files\SafeNet Sentinel
2009-12-28 17:17:41 ----D---- C:\Program Files\Common Files\SafeNet Sentinel
2009-12-28 16:28:37 ----A---- C:\WINDOWS\system32\python25.dll
2009-12-28 16:27:27 ----D---- C:\Documents and Settings\Klárka\Data aplikací\ESRI
2009-12-28 16:14:51 ----D---- C:\Program Files\Common Files\ESRI
2009-12-28 16:11:42 ----D---- C:\Python25
2009-12-26 14:58:00 ----D---- C:\Program Files\iTunes
2009-12-26 14:58:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-26 14:54:50 ----D---- C:\Program Files\QuickTime

======List of files/folders modified in the last 1 months======

2010-01-14 21:31:19 ----RD---- C:\Program Files
2010-01-14 21:31:14 ----D---- C:\WINDOWS\Prefetch
2010-01-14 21:21:24 ----D---- C:\Program Files\Mozilla Firefox
2010-01-14 20:47:52 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-14 20:46:42 ----D---- C:\Program Files\SUPERAntiSpyware
2010-01-14 20:40:22 ----D---- C:\Documents and Settings\Klárka\Data aplikací\Skype
2010-01-14 20:33:47 ----D---- C:\WINDOWS\Temp
2010-01-14 20:33:43 ----HD---- C:\WINDOWS\inf
2010-01-14 20:29:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-14 19:22:55 ----D---- C:\Documents and Settings\Klárka\Data aplikací\skypePM
2010-01-14 19:19:56 ----D---- C:\WINDOWS
2010-01-14 19:19:36 ----D---- C:\WINDOWS\system32\drivers
2010-01-14 19:04:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-14 18:22:01 ----D---- C:\Program Files\Common Files
2010-01-14 18:22:00 ----SHD---- C:\WINDOWS\Installer
2010-01-14 18:19:16 ----D---- C:\WINDOWS\system32
2010-01-14 17:35:56 ----D---- C:\Program Files\Mozilla Thunderbird
2010-01-13 19:14:33 ----D---- C:\WINDOWS\AppPatch
2010-01-13 11:51:28 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-13 11:51:25 ----A---- C:\WINDOWS\imsins.BAK
2010-01-12 18:41:16 ----A---- C:\WINDOWS\win.ini
2010-01-12 18:30:49 ----A---- C:\WINDOWS\LEXICON.INI
2010-01-12 16:57:22 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-12 14:22:55 ----A---- C:\WINDOWS\wincmd.ini
2010-01-12 14:22:50 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-01-09 16:50:08 ----D---- C:\Documents and Settings\Klárka\Data aplikací\vlc
2010-01-05 13:59:37 ----D---- C:\Documents and Settings\Klárka\Data aplikací\dvdcss
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-29 16:41:53 ----RSD---- C:\WINDOWS\assembly
2009-12-29 12:07:13 ----SD---- C:\WINDOWS\Tasks
2009-12-28 17:17:33 ----D---- C:\WINDOWS\Downloaded Installations
2009-12-28 16:17:00 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-28 16:13:41 ----RSD---- C:\WINDOWS\Fonts
2009-12-26 15:04:39 ----D---- C:\Documents and Settings\Klárka\Data aplikací\Apple Computer
2009-12-26 14:58:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-26 14:58:07 ----D---- C:\Program Files\iPod
2009-12-26 14:58:06 ----D---- C:\Program Files\Common Files\Apple
2009-12-26 14:48:12 ----D---- C:\Program Files\Safari
2009-12-26 14:47:14 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-02-24 102320]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 TMEI3E;TMEI3E; C:\WINDOWS\System32\Drivers\TMEI3E.SYS [2004-06-16 5888]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2009-02-19 63872]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-10-19 21419]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.10; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2007-10-19 15890]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-08-02 12544]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2006-03-14 90176]
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-10-06 129280]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-04-12 1066278]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 AVerAF15DMBTH;AVerMedia A850 USB; C:\WINDOWS\System32\Drivers\AVerAF15DMBTH.sys [2009-01-05 487168]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-08-10 32640]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-03-14 3331040]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-09-11 38425]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 TEchoCan;Toshiba Audio Effect; C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2004-09-27 409984]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
R3 tosrfec;Bluetooth ACPI; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2006-06-29 2206720]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-10-18 241280]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2008-02-01 489624]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 Tosrfbd;Bluetooth RFBUS; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2008-10-06 137984]
S3 Tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2009-03-03 36864]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2009-03-05 74368]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2009-03-12 16128]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2009-03-23 54272]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2009-03-19 43264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\ACS.exe [2004-07-07 36864]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 ArcGIS License Manager;ArcGIS License Manager; C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [2008-08-02 1431440]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2008-10-21 352256]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-12-09 405504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-27 110592]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-08-01 434176]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-03-14 127043]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-08-01 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-08-01 937984]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2006-03-14 206400]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 Tmesbs;Tmesbs32; C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe [2003-08-01 86016]
R2 Tmesrv;Tmesrv3; C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe [2004-11-11 126976]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2009-03-17 144752]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

No já to teď nechala proskenovat Antispywarem a odstranila jsem siszyd32.exe, tudíž už mi CPU neběží na 100%, ale stále při startu strašně pomalé načítání, zamrzlá lišta.
Log vložím jen co se vygeneruje

ComboFix 10-01-14.02 - Klárka 14.01.2010 22:41:33.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.450 [GMT 1:00]
Spuštěný z: c:\documents and settings\Klárka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100114-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\d.ini
c:\windows\system32\pthreadVC.dll
c:\windows\system32\Thumbs.db
c:\windows\TEMP\logishrd\LVPrcInj02.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-14 do 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-14 20:31 . 2010-01-14 20:31 -------- d-----w- c:\program files\trend micro
2010-01-14 20:31 . 2010-01-14 20:33 -------- d-----w- C:\rsit
2010-01-14 17:50 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-01-14 17:50 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-01-14 17:50 . 2008-04-13 18:40 27392 -c--a-w- c:\windows\system32\dllcache\fdc.sys
2010-01-14 17:50 . 2008-04-13 18:40 27392 ----a-w- c:\windows\system32\drivers\fdc.sys
2010-01-14 17:21 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-01-14 17:21 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-01-14 17:20 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-01-14 17:20 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2010-01-14 17:13 . 2010-01-14 17:13 122 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-01-14 16:35 . 2009-11-14 00:49 120056 ------w- c:\windows\system32\pxcpyi64.exe
2010-01-14 16:35 . 2009-11-14 00:49 118520 ------w- c:\windows\system32\pxinsi64.exe
2010-01-14 16:35 . 2010-01-14 18:19 -------- d-----w- c:\program files\DivX
2010-01-13 09:06 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-04 18:34 . 2010-01-04 18:34 -------- d-----w- c:\windows\5033400B097745AB94CECC135A8E1BBB.TMP
2009-12-29 15:32 . 2009-12-29 15:32 -------- d-----w- c:\program files\Common Files\AnswerWorks 4.0
2009-12-29 15:30 . 2009-12-29 15:30 -------- d-----w- c:\program files\Leica Geosystems
2009-12-29 15:23 . 2009-12-29 15:32 -------- d-----w- c:\program files\ArcGIS
2009-12-29 14:42 . 2009-12-29 14:42 -------- d-----w- c:\program files\ESRI
2009-12-28 16:17 . 2009-12-28 16:17 -------- d-----w- c:\program files\SafeNet Sentinel
2009-12-28 16:17 . 2009-12-28 16:17 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2009-12-28 15:28 . 2007-04-18 07:51 2113536 ----a-w- c:\windows\system32\python25.dll
2009-12-28 15:14 . 2009-12-29 15:30 -------- d-----w- c:\program files\Common Files\ESRI
2009-12-28 15:11 . 2009-12-28 15:28 -------- d-----w- C:\Python25
2009-12-26 13:58 . 2009-12-26 13:58 -------- d-----w- c:\program files\iTunes
2009-12-26 13:54 . 2009-12-26 13:55 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 19:46 . 2009-03-26 15:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-14 16:35 . 2007-10-28 11:04 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-26 13:58 . 2008-09-07 16:16 -------- d-----w- c:\program files\iPod
2009-12-26 13:58 . 2008-03-24 17:45 -------- d-----w- c:\program files\Common Files\Apple
2009-12-26 13:48 . 2009-01-17 12:09 -------- d-----w- c:\program files\Safari
2009-12-08 10:56 . 2009-12-08 10:56 -------- d-----w- c:\program files\Common Files\Skype
2009-12-08 10:56 . 2007-11-16 22:24 -------- d-----r- c:\program files\Skype
2009-11-24 23:54 . 2007-10-19 07:48 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-10-19 07:48 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2007-10-19 07:48 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-04-10 19:48 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-04-10 19:48 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2007-10-19 07:48 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-10-19 07:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-10-19 07:48 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-10-19 07:48 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 16:03 . 2004-08-18 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 14:58 . 2007-10-19 07:52 -------- d-----w- c:\program files\Java
2009-11-17 14:58 . 2004-08-18 12:00 97798 ----a-w- c:\windows\system32\perfc005.dat
2009-11-17 14:58 . 2004-08-18 12:00 480900 ----a-w- c:\windows\system32\perfh005.dat
2009-11-16 19:11 . 2009-01-17 18:02 -------- d-----w- c:\program files\Singles 2
2009-11-14 00:49 . 2008-06-28 11:57 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-09 18:56 . 2009-11-09 18:56 202240 ----a-w- c:\windows\system32\Durexlogo.scr
2009-10-29 07:43 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-18 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2008-09-07 16:32 . 2008-07-24 18:39 7168 --sha-w- c:\program files\Thumbs.db
2008-01-06 15:36 . 2008-01-06 15:34 6010880 ----a-w- c:\program files\icq5_1_Atlas.exe
2007-11-08 15:58 . 2007-11-08 15:54 12829368 ----a-w- c:\program files\Install_ICQ6.exe
2009-10-05 17:34 . 2009-10-26 18:26 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2004-06-28 258048]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 88358]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-14 5525504]
"nwiz"="nwiz.exe" [2005-03-14 1490944]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2005-03-14 49152]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 49152]
"TFNF5"="TFNF5.exe" [2004-12-15 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-15 135168]
"TPSMain"="TPSMain.exe" [2004-12-27 270336]
"TPSODDCtl"="TPSODDCtl.exe" [2004-12-27 110592]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2004-11-11 126976]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2004-12-06 81920]
"TMESBS.EXE"="c:\program files\TOSHIBA\TME3\TMESBS32.EXE" [2003-08-01 86016]
"TFncKy"="TFncKy.exe" [BU]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2004-10-06 331840]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-12 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-11-6 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-11-6 663552]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-3-19 2532680]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-27 67128]
PC Health.lnk - c:\program files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs [2007-10-19 3531]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2007-10-19 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-18 23:29 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.4.2008 20:48 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17.2.2009 11:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2009 11:43 74480]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [19.10.2007 7:54 5888]
R2 ArcGIS License Manager;ArcGIS License Manager;c:\program files\ESRI\License\arcgis9x\lmgrd.exe [29.12.2009 15:42 1431440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.4.2008 20:48 20560]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [6.11.2009 19:01 352256]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [6.11.2009 19:01 405504]
R2 Tmesbs;Tmesbs32;c:\program files\Toshiba\TME3\tmesbs32.exe [19.10.2007 7:54 86016]
R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [19.10.2007 7:54 126976]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10.8.2005 13:48 32640]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [19.10.2007 8:10 409984]
S3 AVerAF15DMBTH;AVerMedia A850 USB;c:\windows\system32\drivers\AVerAF15DMBTH.sys [6.11.2009 19:03 487168]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2009 11:43 7408]
.
Obsah adresáře 'Naplánované úlohy'

2009-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/ig?rls=ig&hl=cs&source=iglk
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: {9A139B4D-D1D0-4EAF-BAC5-C9E5A705DCB8} = 10.1.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Klárka\Data aplikací\Mozilla\Firefox\Profiles\2lia8gjl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-LogitechSetup - e:\setup\Setup.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-NWEReboot - (no file)
AddRemove-Durex Sperm Screensaver - c:\program files\Durex\Durex Sperm Screensaver\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 22:48
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1352)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(9964)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\nview.dll
c:\program files\TOSHIBA\TME3\TMEEJMD.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
d:\virtualpc-all\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\ACS.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESRI\License\arcgis9x\ARCGIS.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\AGRSMMSG.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TFNF5.exe
c:\windows\system32\TPSODDCtl.exe
c:\program files\TOSHIBA\TME3\TMEEJME.EXE
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-01-14 22:56:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-14 21:56

Před spuštěním: 8 154 189 824
Po spuštění: 9 941 745 664

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 8E1DEF9B0F1849B23B4F9481134D4E56

5 položek bylo smazánho. Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\fjhdyfhsn.bat

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

Děkuju moc

Tak tady je to po tom pročištění - je to v pořádku?

ComboFix 10-01-14.02 - Klárka 15.01.2010 19:16:50.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.251 [GMT 1:00]
Spuštěný z: c:\documents and settings\Klárka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Klárka\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100115-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: c:\windows\system32\fjhdyfhsn.bat
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fjhdyfhsn.bat
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-15 do 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-15 14:41 . 2010-01-15 14:41 -------- d--h--w- c:\windows\PIF
2010-01-14 20:31 . 2010-01-14 20:31 -------- d-----w- c:\program files\trend micro
2010-01-14 20:31 . 2010-01-14 20:33 -------- d-----w- C:\rsit
2010-01-14 17:50 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-01-14 17:50 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-01-14 17:50 . 2008-04-13 18:40 27392 -c--a-w- c:\windows\system32\dllcache\fdc.sys
2010-01-14 17:50 . 2008-04-13 18:40 27392 ----a-w- c:\windows\system32\drivers\fdc.sys
2010-01-14 17:21 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-01-14 17:21 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-01-14 17:20 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-01-14 17:20 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2010-01-14 16:35 . 2009-11-14 00:49 120056 ------w- c:\windows\system32\pxcpyi64.exe
2010-01-14 16:35 . 2009-11-14 00:49 118520 ------w- c:\windows\system32\pxinsi64.exe
2010-01-14 16:35 . 2010-01-14 18:19 -------- d-----w- c:\program files\DivX
2010-01-13 09:06 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-04 18:34 . 2010-01-04 18:34 -------- d-----w- c:\windows\5033400B097745AB94CECC135A8E1BBB.TMP
2009-12-29 15:32 . 2009-12-29 15:32 -------- d-----w- c:\program files\Common Files\AnswerWorks 4.0
2009-12-29 15:30 . 2009-12-29 15:30 -------- d-----w- c:\program files\Leica Geosystems
2009-12-29 15:23 . 2009-12-29 15:32 -------- d-----w- c:\program files\ArcGIS
2009-12-29 14:42 . 2009-12-29 14:42 -------- d-----w- c:\program files\ESRI
2009-12-28 16:17 . 2009-12-28 16:17 -------- d-----w- c:\program files\SafeNet Sentinel
2009-12-28 16:17 . 2009-12-28 16:17 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2009-12-28 15:28 . 2007-04-18 07:51 2113536 ----a-w- c:\windows\system32\python25.dll
2009-12-28 15:14 . 2009-12-29 15:30 -------- d-----w- c:\program files\Common Files\ESRI
2009-12-28 15:11 . 2009-12-28 15:28 -------- d-----w- C:\Python25
2009-12-26 13:58 . 2009-12-26 13:58 -------- d-----w- c:\program files\iTunes
2009-12-26 13:54 . 2009-12-26 13:55 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 19:46 . 2009-03-26 15:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-14 16:35 . 2007-10-28 11:04 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-26 13:58 . 2008-09-07 16:16 -------- d-----w- c:\program files\iPod
2009-12-26 13:58 . 2008-03-24 17:45 -------- d-----w- c:\program files\Common Files\Apple
2009-12-26 13:48 . 2009-01-17 12:09 -------- d-----w- c:\program files\Safari
2009-12-08 10:56 . 2009-12-08 10:56 -------- d-----w- c:\program files\Common Files\Skype
2009-12-08 10:56 . 2007-11-16 22:24 -------- d-----r- c:\program files\Skype
2009-11-24 23:54 . 2007-10-19 07:48 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-10-19 07:48 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2007-10-19 07:48 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-04-10 19:48 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-04-10 19:48 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2007-10-19 07:48 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-10-19 07:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-10-19 07:48 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-10-19 07:48 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 16:03 . 2004-08-18 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 14:58 . 2007-10-19 07:52 -------- d-----w- c:\program files\Java
2009-11-17 14:58 . 2004-08-18 12:00 97798 ----a-w- c:\windows\system32\perfc005.dat
2009-11-17 14:58 . 2004-08-18 12:00 480900 ----a-w- c:\windows\system32\perfh005.dat
2009-11-16 19:11 . 2009-01-17 18:02 -------- d-----w- c:\program files\Singles 2
2009-11-14 00:49 . 2008-06-28 11:57 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-09 18:56 . 2009-11-09 18:56 202240 ----a-w- c:\windows\system32\Durexlogo.scr
2009-10-29 07:43 . 2004-08-18 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-18 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2008-09-07 16:32 . 2008-07-24 18:39 7168 --sha-w- c:\program files\Thumbs.db
2008-01-06 15:36 . 2008-01-06 15:34 6010880 ----a-w- c:\program files\icq5_1_Atlas.exe
2007-11-08 15:58 . 2007-11-08 15:54 12829368 ----a-w- c:\program files\Install_ICQ6.exe
2009-10-05 17:34 . 2009-10-26 18:26 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2004-06-28 258048]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 88358]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-14 5525504]
"nwiz"="nwiz.exe" [2005-03-14 1490944]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2005-03-14 49152]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 49152]
"TFNF5"="TFNF5.exe" [2004-12-15 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-15 135168]
"TPSMain"="TPSMain.exe" [2004-12-27 270336]
"TPSODDCtl"="TPSODDCtl.exe" [2004-12-27 110592]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2004-11-11 126976]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2004-12-06 81920]
"TMESBS.EXE"="c:\program files\TOSHIBA\TME3\TMESBS32.EXE" [2003-08-01 86016]
"TFncKy"="TFncKy.exe" [BU]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2004-10-06 331840]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-12 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-11-6 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-11-6 663552]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-3-19 2532680]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-27 67128]
PC Health.lnk - c:\program files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs [2007-10-19 3531]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2007-10-19 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-18 23:29 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.4.2008 20:48 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17.2.2009 11:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2009 11:43 74480]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [19.10.2007 7:54 5888]
R2 ArcGIS License Manager;ArcGIS License Manager;c:\program files\ESRI\License\arcgis9x\lmgrd.exe [29.12.2009 15:42 1431440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.4.2008 20:48 20560]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [6.11.2009 19:01 352256]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [6.11.2009 19:01 405504]
R2 Tmesbs;Tmesbs32;c:\program files\Toshiba\TME3\tmesbs32.exe [19.10.2007 7:54 86016]
R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [19.10.2007 7:54 126976]
R3 AVerAF15DMBTH;AVerMedia A850 USB;c:\windows\system32\drivers\AVerAF15DMBTH.sys [6.11.2009 19:03 487168]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10.8.2005 13:48 32640]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [19.10.2007 8:10 409984]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2009 11:43 7408]
.
Obsah adresáře 'Naplánované úlohy'

2009-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/ig?rls=ig&hl=cs&source=iglk
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: {9A139B4D-D1D0-4EAF-BAC5-C9E5A705DCB8} = 10.1.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Klárka\Data aplikací\Mozilla\Firefox\Profiles\2lia8gjl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 19:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1356)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(8664)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\nview.dll
c:\program files\TOSHIBA\TME3\TMEEJMD.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
d:\virtualpc-all\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\ACS.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\ESRI\License\arcgis9x\ARCGIS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\TOSHIBA\TME3\TMEEJME.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TFNF5.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\TPSODDCtl.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-01-15 19:32:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-15 18:32
ComboFix2.txt 2010-01-14 21:56

Před spuštěním: Volných bajtů: 10 098 266 112
Po spuštění: Volných bajtů: 10 054 598 656

- - End Of File - - 764A8B34E0A05378ABD79F38C6D33331

Log již vypadá čistý.

Dobrý den,
i mne trápí podobný problém .. na "vyčištění" PC byl použit NOD + Spybot Search&Destroy a CC Cleaner .., bohužel svchost.exe prakticky stále na 99 % CPU
Díky za případnou pomoc ...

----------------

ComboFix 10-01-15.01 - Servis 15.01.2010 19:52:37.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1535.1037 [GMT 1:00]
Spuštěný z: c:\documents and settings\Servis\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-15 do 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-15 15:54 . 2010-01-15 15:54 -------- d-----w- c:\program files\ESET
2010-01-15 05:43 . 2010-01-15 05:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-14 19:21 . 2010-01-14 19:21 -------- d-----w- c:\program files\CCleaner
2010-01-14 18:50 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 05:56 . 2010-01-13 05:56 -------- d-----w- c:\program files\Common Files\Skype
2010-01-12 09:02 . 2010-01-12 09:02 -------- d-----w- c:\program files\Alwil Software
2010-01-08 06:48 . 2010-01-08 06:48 -------- d-----w- C:\pvdatastore
2009-12-29 15:02 . 2009-12-29 15:37 151277 ----a-w- c:\windows\hpwins05.dat
2009-12-23 11:54 . 2009-12-28 07:03 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-23 11:50 . 2010-01-04 09:26 -------- d-----w- c:\program files\Paint.NET
2009-12-23 11:23 . 2009-12-23 11:25 -------- d-----w- c:\program files\Common Files\HP
2009-12-23 10:57 . 2007-07-05 03:42 1275480 ----a-w- c:\windows\hpzshl01.exe
2009-12-23 10:57 . 2007-07-05 03:42 1132120 ----a-w- c:\windows\hpzmsi01.exe
2009-12-23 10:57 . 2007-09-14 16:11 16050 ----a-w- c:\windows\hpwscr05.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 18:57 . 2009-06-12 04:55 -------- d-----w- c:\program files\ICQ6.5
2010-01-15 05:27 . 2008-01-28 14:01 -------- d-----w- c:\program files\LogMeIn
2010-01-13 05:57 . 2009-02-16 13:26 -------- d-----r- c:\program files\Skype
2010-01-07 07:08 . 2009-04-22 08:10 -------- d-----w- c:\program files\AVG
2010-01-06 06:00 . 2008-01-14 14:02 -------- d-----w- c:\program files\Java
2010-01-04 09:28 . 2009-04-10 10:49 -------- d-----w- c:\program files\CaseCaseIH
2009-12-23 11:27 . 2008-10-31 14:10 -------- d-----w- c:\program files\HP
2009-12-12 11:50 . 2008-01-14 11:03 -------- d-----w- c:\program files\Kalina
2009-12-12 11:44 . 2007-05-31 19:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-12 11:44 . 2009-12-11 14:47 -------- d-----w- c:\program files\Carambis
2009-12-12 10:12 . 2009-12-12 09:32 -------- d-----w- c:\program files\iXi Tools
2009-12-10 07:24 . 2006-03-02 12:00 79040 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 07:24 . 2006-03-02 12:00 431998 ----a-w- c:\windows\system32\perfh005.dat
2009-11-27 13:54 . 2008-10-31 14:43 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-24 12:35 . 2008-12-03 13:17 -------- d-----w- c:\program files\EPSON
2009-11-24 12:03 . 2009-11-24 11:44 111835 ----a-w- c:\windows\hpqins07.dat
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 07:52 . 2009-11-20 07:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-11-20 07:52 . 2009-11-20 07:52 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-20 07:51 . 2009-11-20 07:51 -------- d-----w- c:\program files\Synaptics
2009-11-20 07:39 . 2009-11-20 07:39 -------- d-----w- c:\program files\Realtek
2009-11-20 07:35 . 2009-11-20 07:35 -------- d-----w- c:\program files\Intel
2009-11-20 07:29 . 2009-11-20 07:28 -------- d-----w- c:\program files\Realtek AC97
2009-11-18 12:09 . 2009-11-18 12:09 -------- d-----w- c:\program files\Driver-Soft
2009-10-29 07:43 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-06-25 07:54 . 2009-06-01 06:59 548 ----a-w- c:\program files\NetSpares.sct
2009-06-25 07:54 . 2009-06-01 06:59 39 ----a-w- c:\program files\NetSpares.bat
2009-06-25 07:52 . 2009-06-01 06:58 258 ----a-w- c:\program files\pippo.bat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}"= "c:\program files\Spesoft\tbSpes.dll" [2007-10-28 1502232]

[HKEY_CLASSES_ROOT\clsid\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}]
2007-10-28 14:45 1502232 ----a-w- c:\program files\Spesoft\tbSpes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}"= "c:\program files\Spesoft\tbSpes.dll" [2007-10-28 1502232]

[HKEY_CLASSES_ROOT\clsid\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{94817C02-FEAC-4AA8-99D8-1CB47BF4D4C0}"= "c:\program files\Spesoft\tbSpes.dll" [2007-10-28 1502232]

[HKEY_CLASSES_ROOT\clsid\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2001-06-13 139264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Internet Keyboard.lnk - c:\program files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe [2007-9-2 1126400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 06:06 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^RAMASST.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Servis^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\Servis\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-02-06 15:27 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3200]
2002-09-23 18:25 74752 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 12:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-08-03 14:09 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
2005-03-24 12:52 94770 ----a-w- c:\program files\Ringz Studio\Storm Codec\StormSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [11.1.2007 6:39 243584]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11.6.2009 14:45 222968]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [3.8.2007 15:09 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [28.1.2008 15:02 47640]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [14.6.2001 19:27 10195]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2009-11-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-15 c:\windows\Tasks\User_Feed_Synchronization-{AF93C7B5-BA1A-4DDF-A1D2-4A0521CBC767}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://netportalpro.agrotec.cz:58200/irj/portal
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZNxdm795YYCZ
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Servis\Data aplikací\Mozilla\Firefox\Profiles\6ypn2xbo.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\progra~1\MOZILL~1\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\NPOFFICE.DLL
FF - plugin: c:\progra~1\MOZILL~1\plugins\nppdf32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Opera\program\plugins\NPDocBox.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
FF - plugin: f:\instal picaso\Google\Picasa3\npPicasa2.dll
FF - plugin: f:\instal picaso\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{9e35e959-d723-4b5f-9207-2a94f8ab9068} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6\ICQ.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-update_vp - c:\program files\Vyčistit Počítač\UUpdate.exe
MSConfigStartUp-VycistitPocitac - c:\program files\Vyčistit Počítač\VycistitPocitac.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 19:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1957994488-1085031214-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2010-01-15 20:01:32
ComboFix-quarantined-files.txt 2010-01-15 19:01

Před spuštěním: 4 109 434 880
Po spuštění: 4 766 912 512

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - BD71C79893AF17F0DFA4E59C365B8328

2StandaK: Založte si, prosím, vlastní topic. Děkujeme.
2Clarky: Nemáte zač! Za přání děkujeme.