Problém s schvhost vytezuje PC na 100% kratce po startu..

[PajaZ]

Zdravím,
mám ten samý problém kratce po startu je CPU vytizeno na 100%, delá to od včera. Skenoval jsem PC esetem online scenerem, AVG, Spybotem, ale problem pretrvává. Prosím pomozte mi s logem HJT.

Moc dekuji

Logfile of random's system information tool 1.06 (written by random/random)
Run by Zdenek at 2010-03-03 20:08:22
Systém Microsoft Windows XP Professional Service Pack 2
System drive D: has 31 GB (61%) free of 52 GB
Total RAM: 1023 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:40, on 3.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\AVG\AVG9\avgchsvx.exe
D:\Program Files\AVG\AVG9\avgrsx.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\AVG\AVG9\avgwdsvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\AVG\AVG9\avgnsx.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\AVG\AVG9\avgemc.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\Program Files\Canon\CAL\CALMAIN.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\Software\Aplikace\Motherboard Monitor 5\MBM5.EXE
D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
D:\WINDOWS\TBPanel.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\AVG\AVG9\avgtray.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\SweetIM\Messenger\SweetIM.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe
D:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
D:\PROGRA~1\MICROS~3\BLUETO~1\BTSTAC~1.EXE
D:\Program Files\iPod\bin\iPodService.exe
D:\Software\Aplikace\Sysmetrix\SysMetrix.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Documents and Settings\Zdenek.ZDENEK-JG362RMG\Plocha\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\Zdenek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tea-earth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - D:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {840AF9C9-60B2-45A9-910B-FDF0DEB925CA} - D:\WINDOWS\System32\dbgeng32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [MBM 5] "D:\Software\Aplikace\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [LogonStudio] "D:\Software\Aplikace\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Gainward] D:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] D:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] D:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Zdenek.ZDENEK-JG362RMG\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [swg] "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Logitech Touch Mouse Server.lnk = D:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
O4 - Startup: RocketDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\Software\Aplikace\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stáhnout pomocí FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout vše pomocí FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - D:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Software\Aplikace\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c99e7bd27b9410) (gupdate1c99e7bd27b9410) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 12642 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-343818398-839522115-1003Core.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-343818398-839522115-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-05-26 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - D:\Program Files\AVG\AVG9\avgssie.dll [2009-12-12 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - D:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{840AF9C9-60B2-45A9-910B-FDF0DEB925CA}]
D:\WINDOWS\System32\dbgeng32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-01 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - D:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2010-01-01 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
gFlash Class - D:\PROGRA~1\FlashGet\getflash.dll [2006-09-12 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - D:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-01 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MBM 5"=D:\Software\Aplikace\Motherboard Monitor 5\MBM5.EXE [2003-01-08 577536]
"LogonStudio"=D:\Software\Aplikace\LogonStudio\logonstudio.exe [2002-09-03 987187]
"PinnacleDriverCheck"=D:\WINDOWS\System32\PSDrvCheck.exe [2004-03-10 406016]
"HPDJ Taskbar Utility"=D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe [2003-07-28 188416]
"KernelFaultCheck"=D:\WINDOWS\system32\dumprep 0 -k []
"SSBkgdUpdate"=D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]
"OpwareSE4"=D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]
"IMJPMIG8.1"=D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"MSPY2002"=D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
"PHIME2002ASync"=D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"Gainward"=D:\WINDOWS\TBPanel.exe [2007-04-23 2173744]
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=D:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]
"Google Desktop Search"=D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-04 30192]
"AppleSyncNotifier"=D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"AVG9_TRAY"=D:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-01 2033432]
"SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"SweetIM"=D:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-10-20 111928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"Google Update"=D:\Documents and Settings\Zdenek.ZDENEK-JG362RMG\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-08-06 133104]
"RocketDock"=D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
"swg"=D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-01-01 39408]
"SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
D:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-10 67488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPhone PC Suite]
D:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
D:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 4.0"=2

D:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
BTTray.lnk - D:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe

D:\Documents and Settings\Zdenek.ZDENEK-JG362RMG\Nabídka Start\Programy\Po spuštění
Logitech Touch Mouse Server.lnk - D:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
RocketDock.lnk - D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="D:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
D:\WINDOWS\system32\avgrsstx.dll [2009-10-28 12464]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\ICQLite\ICQLite.exe"="D:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\Program Files\Sony\Vegas 6.0\VegSrv60.exe"="D:\Program Files\Sony\Vegas 6.0\VegSrv60.exe:*:Enabled:Sony Vegas Network Render Service Control"
"D:\Program Files\ICQ6\ICQ.exe"="D:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Mozilla Firefox\firefox.exe"="D:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\wincmd\WINCMD32.EXE"="D:\wincmd\WINCMD32.EXE:*:Enabled:Windows Commander 32 bit international version, file manager replacement for Windows"
"L:\PortableApps\MirandaPortable\App\miranda\miranda32.exe"="L:\PortableApps\MirandaPortable\App\miranda\miranda32.exe:*:Enabled:Miranda IM"
"D:\WINDOWS\system32\dpvsetup.exe"="D:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"D:\WINDOWS\system32\rundll32.exe"="D:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"D:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe"="D:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Disabled:Far Cry"
"D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"="D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe:*:Enabled:Google Desktop"
"D:\Program Files\B!Soft\RSS Builder\RSSBuilder.exe"="D:\Program Files\B!Soft\RSS Builder\RSSBuilder.exe:*:Enabled:RSS Builder"
"D:\Program Files\KompoZer 0.7.10\kompozer.exe"="D:\Program Files\KompoZer 0.7.10\kompozer.exe:*:Enabled:Composer"
"D:\Program Files\ICQ6.5\ICQ.exe"="D:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Software\Games\UT\UnrealTournament\System\UnrealTournament.exe"="D:\Software\Games\UT\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
"D:\Program Files\iPhone Tunnel Suite\iTunnel\iTunnel.exe"="D:\Program Files\iPhone Tunnel Suite\iTunnel\iTunnel.exe:*:Enabled:iTunnel"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Program Files\Ripdev\JuiceDrop\JuiceDrop.exe"="D:\Program Files\Ripdev\JuiceDrop\JuiceDrop.exe:*:Enabled:JuiceDrop"
"D:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="D:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Program Files\AVG\AVG9\avgemc.exe"="D:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"D:\Program Files\AVG\AVG9\avgupd.exe"="D:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"D:\Program Files\AVG\AVG9\avgnsx.exe"="D:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe"="D:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe:*:Enabled:Logitech"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Kooperativa\KalkZiv\Kalk_Ziv.exe"="C:\Program Files\Kooperativa\KalkZiv\Kalk_Ziv.exe:*:Enabled:Kalk_Ziv"
"D:\Program Files\Kooperativa\KalkZiv\Kalk_Ziv.exe"="D:\Program Files\Kooperativa\KalkZiv\Kalk_Ziv.exe:*:Enabled:Kalk_Ziv"
"D:\Program Files\TVAnts\Tvants.exe"="D:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-03 20:08:22 ----D---- D:\rsit
2010-03-03 13:18:31 ----D---- D:\Program Files\Spybot - Search & Destroy
2010-03-03 13:18:31 ----D---- D:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2010-03-03 12:37:47 ----D---- D:\Program Files\Trend Micro
2010-03-02 23:22:52 ----A---- D:\WINDOWS\system32\fjhdyfhsn.bat
2010-02-28 19:43:37 ----A---- D:\WINDOWS\ModemLog_Bluetooth Null Modem.txt
2010-02-28 19:43:37 ----A---- D:\WINDOWS\ModemLog_Bluetooth Modem.txt
2010-02-28 19:43:37 ----A---- D:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt
2010-02-24 22:05:22 ----D---- D:\Program Files\TVAnts
2010-02-22 16:07:42 ----D---- D:\Program Files\Kooperativa
2010-02-22 16:07:34 ----D---- D:\Program Files\Borland
2010-02-22 16:07:34 ----A---- D:\WINDOWS\system32\gds32.dll
2010-02-15 19:44:33 ----D---- D:\Program Files\Logitech Touch Mouse Server
2010-02-14 14:04:39 ----D---- D:\Documents and Settings\Zdenek.ZDENEK-JG362RMG\Data aplikací\Opera
2010-02-14 14:03:31 ----D---- D:\Program Files\Opera

======List of files/folders modified in the last 1 months======

2010-03-03 20:07:54 ----A---- D:\WINDOWS\DFC.INI
2010-03-03 19:55:56 ----AD---- D:\WINDOWS\system32
2010-03-03 19:55:56 ----AC---- D:\WINDOWS\system32\PerfStringBackup.INI
2010-03-03 19:53:41 ----A---- D:\WINDOWS\system32\logonuiX.exe
2010-03-03 19:53:17 ----D---- D:\WINDOWS\Temp
2010-03-03 19:53:02 ----A---- D:\WINDOWS\LogonStudio.ini
2010-03-03 16:19:03 ----A---- D:\WINDOWS\SchedLgU.Txt
2010-03-03 13:18:31 ----RD---- D:\Program Files
2010-03-03 12:48:40 ----D---- D:\Program Files\FlashGet
2010-03-03 12:18:09 ----A---- D:\WINDOWS\wincmd.ini
2010-03-03 12:13:06 ----A---- D:\WINDOWS\wcx_ftp.ini
2010-03-02 23:53:32 ----N---- D:\WINDOWS\win.ini
2010-03-02 23:53:32 ----N---- D:\WINDOWS\system.ini
2010-03-02 23:27:34 ----D---- D:\Documents and Settings\Zdenek.ZDENEK-JG362RMG\Data aplikací\Mozilla
2010-03-02 23:27:15 ----D---- D:\Program Files\Mozilla Firefox
2010-03-02 16:51:32 ----D---- D:\Program Files\MrKrax URL Submitter
2010-03-02 15:08:53 ----AC---- D:\WINDOWS\ntbtlog.txt
2010-03-02 12:45:26 ----D---- D:\WINDOWS\Prefetch
2010-03-02 12:31:54 ----D---- D:\WINDOWS\system32\drivers
2010-03-02 12:17:11 ----RSHDC---- D:\WINDOWS\system32\dllcache
2010-03-01 22:37:26 ----D---- D:\Documents and Settings\Zdenek.ZDENEK-JG362RMG\Data aplikací\vlc
2010-03-01 22:04:24 ----D---- D:\Program Files\EurotelSMS
2010-03-01 21:59:33 ----D---- D:\WINDOWS\system32\CatRoot2
2010-02-28 19:43:51 ----A---- D:\WINDOWS\winamp.ini
2010-02-28 19:43:37 ----D---- D:\WINDOWS
2010-02-25 10:03:06 ----SHD---- D:\WINDOWS\Installer
2010-02-24 20:31:38 ----D---- D:\Documents and Settings\Zdenek.ZDENEK-JG362RMG\Data aplikací\Canon
2010-02-24 19:19:34 ----D---- D:\WINDOWS\Minidump
2010-02-22 12:14:55 ----A---- D:\WINDOWS\NeroDigital.ini
2010-02-17 21:22:53 ----D---- D:\Documents and Settings\Zdenek.ZDENEK-JG362RMG\Data aplikací\dvdcss
2010-02-16 17:47:56 ----D---- D:\Documents and Settings\Zdenek.ZDENEK-JG362RMG\Data aplikací\Skype
2010-02-16 16:06:18 ----D---- D:\Documents and Settings\Zdenek.ZDENEK-JG362RMG\Data aplikací\skypePM
2010-02-15 19:44:51 ----D---- D:\Config.Msi
2010-02-09 16:37:06 ----D---- D:\Documents and Settings\Zdenek.ZDENEK-JG362RMG\Data aplikací\Zoner
2010-02-09 16:35:01 ----D---- D:\Program Files\Zoner
2010-02-04 21:33:22 ----HD---- D:\WINDOWS\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; D:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 ATITool;ATITool Overclocking Utility; D:\WINDOWS\system32\DRIVERS\ATITool.sys [2005-12-30 24064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; D:\WINDOWS\System32\Drivers\avgldx86.sys [2009-10-28 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; D:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-10-28 28424]
R1 AvgTdiX;AVG Free Network Redirector; D:\WINDOWS\System32\Drivers\avgtdix.sys [2009-11-10 360584]
R1 kbdhid;Ovladač klávesnice standardu HID; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 mbmiodrvr;mbmiodrvr; \??\D:\WINDOWS\System32\mbmiodrvr.sys []
R1 PQNTDrv;PQNTDrv; D:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; D:\WINDOWS\System32\DRIVERS\tcpip6.sys [2004-08-03 223616]
R2 Angelnt;Angelnt; D:\WINDOWS\System32\Drivers\ANGELNT.SYS [2004-05-27 31936]
R2 Aspi32;Aspi32; D:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877]
R2 BT848;WinFast TV2000 XP WDM Video Capture; D:\WINDOWS\system32\drivers\wf2kvcap.sys [2002-06-24 81356]
R2 BTSERIAL;Bluetooth Serial Driver; \??\D:\WINDOWS\system32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\D:\WINDOWS\system32\drivers\btslbcsp.sys []
R2 Dev_CBIDDRV;Dev_CBIDDRV; \??\D:\WINDOWS\System32\Drivers\CBID.SYS []
R2 PStrip;PStrip; D:\WINDOWS\system32\drivers\PStrip.sys [2004-11-09 21968]
R2 TBPanel;TBPanel; D:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; D:\WINDOWS\system32\drivers\wf2ktunr.sys [2002-06-24 39182]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; D:\WINDOWS\system32\drivers\wf2kxbar.sys [2002-06-24 9804]
R2 XPROTECTOR;XPROTECTOR; \??\D:\WINDOWS\system32\drivers\XPROTECTOR.SYS []
R3 Arp1394;Protokol 1394 ARP Client; D:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ASAPIW2k;ASAPIW2K; D:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
R3 BtAudio;Bluetooth Audio; D:\WINDOWS\System32\DRIVERS\btaudio.sys [2003-01-16 21701]
R3 BTDriver;Bluetooth Virtual Communications Driver; D:\WINDOWS\System32\DRIVERS\btport.sys [2003-01-16 30043]
R3 BTWDNDIS;Bluetooth LAN Access Server; D:\WINDOWS\System32\DRIVERS\btwdndis.sys [2003-01-16 144608]
R3 cmuda;C-Media WDM Audio Interface; D:\WINDOWS\system32\drivers\cmuda.sys [2003-07-01 733248]
R3 dtscsi;dtscsi; D:\WINDOWS\System32\Drivers\dtscsi.sys [2006-08-16 223128]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Ovladač třídy standardu HID; D:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; D:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;1394 Net Driver; D:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; D:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; D:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 SKYNET;B2C2 Broadband Receiver PCI Adapter; D:\WINDOWS\System32\DRIVERS\SkyNET.SYS [2003-08-19 438776]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; D:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416]
R3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; D:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; D:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; D:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbscan;Ovladač skeneru USB; D:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 wanlink;wanlink; D:\WINDOWS\System32\DRIVERS\wanlink.sys [2002-06-24 47968]
S1 SysTool;SysTool Overclocking Utility; D:\WINDOWS\system32\DRIVERS\SysTool.sys [2005-12-30 24064]
S3 Bridge;Most MAC; D:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 BridgeMP;Miniport mostu MAC; D:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; D:\WINDOWS\System32\Drivers\btwusb.sys [2003-01-16 65076]
S3 Cardex;Cardex; \??\D:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 CCDECODE;Dekodér Closed Caption; D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CV2K1;CommView Network Monitor; D:\WINDOWS\system32\DRIVERS\cv2k1.sys []
S3 ENTECH;ENTECH; \??\D:\WINDOWS\System32\DRIVERS\ENTECH.SYS []
S3 GMSIPCI;GMSIPCI; \??\H:\INSTALL\GMSIPCI.SYS []
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; D:\WINDOWS\System32\DRIVERS\HidBatt.sys [2001-08-17 19200]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; D:\WINDOWS\System32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 Netaapl;Apple Mobile Device Ethernet Service; D:\WINDOWS\system32\DRIVERS\netaapl.sys [2009-06-05 17408]
S3 nm;Ovladač programu Sledování sítě; D:\WINDOWS\System32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 RivaTuner32;RivaTuner32; \??\D:\Program Files\RivaTuner v2.0 RC 16\RivaTuner32.sys []
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; D:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2003-02-19 46976]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 TVicHW32;TVicHW32; \??\D:\WINDOWS\System32\DRIVERS\TVicHW32.SYS []
S3 usbprint;Třída USB Printer; D:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 Wdf01000;Wdf01000; D:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;Dálnopisný kodek světového standardu; D:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; D:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg9emc;AVG Free E-mail Scanner; D:\Program Files\AVG\AVG9\avgemc.exe [2009-10-28 906520]
R2 avg9wd;AVG Free WatchDog; D:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-10-28 285392]
R2 Bonjour Service;Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; D:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]
R2 UMWdf;Windows User Mode Driver Framework; D:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S2 gupdate1c99e7bd27b9410;Google Update Service (gupdate1c99e7bd27b9410); D:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-06 133104]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-04 654848]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-04 30192]
S3 gusvc;Google Software Updater; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-01 182768]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]

-----------------EOF-----------------

[Caroprd111]

Zdravím

Na logu se pracuje, prosím o strpení.

[PajaZ]

Moc dekuji, jsem z toho na prášky s PC se nedá vubec pracovat... spíše mám podezreni jestli neni nakopnutá nejaká služba win, zkousel jsem posledni funkčni konfig, obnovený systemu... probehlo s hlaskou nebyla nalezena zmena tudiž neobnoveno...
To se pak fixne pres HJT nebo pres ten RSIT? Ted to kupodivu po resetu jede, ale prestim to také 10 minut jelo a pak už jen 100%. Sken AV trval 6h, už musim uprgradovat na 2 jádro nejmín, ale ...

[Caroprd111]

Fixnutím v HJT to neopravíme a RSIT je pouze scaner, musíme na to jinak.


Odinstalujte Spybot - Search & Destroy.



Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Během skenování může být počítač restartován.

[PajaZ]

Done Mazec generovani logu asi 10minut

ComboFix 10-03-03.03 - Zdenek 03.03.2010 20:38:11.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.632 [GMT 1:00]
Spuštěný z: d:\documents and settings\Zdenek.ZDENEK-JG362RMG\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ADS - system32: deleted 12 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\program files\Windows Media Player\pidgen.dll
d:\recycler\S-1-5-21-329068152-1417001333-682003330-1003
d:\windows\d.ini
d:\windows\EventSystem.log
d:\windows\system32\drivers\Xprotector.sys
d:\windows\system32\kernel1.exe
d:\windows\system32\reboot.txt

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SKYNET
-------\Legacy_XPROTECTOR
-------\Service_SKYNET
-------\Service_XPROTECTOR


((((((((((((((((((((((((( Soubory vytvořené od 2010-02-03 do 2010-03-03 )))))))))))))))))))))))))))))))
.

2010-03-03 19:08 . 2010-03-03 19:08 -------- d-----w- D:\rsit
2010-03-03 12:18 . 2010-03-03 19:20 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-03-03 11:37 . 2010-03-03 11:37 -------- d-----w- d:\program files\Trend Micro
2010-03-02 22:22 . 2010-03-02 22:22 116 ----a-w- d:\windows\system32\fjhdyfhsn.bat
2010-02-24 21:05 . 2010-02-24 21:07 -------- d-----w- d:\program files\TVAnts
2010-02-22 15:07 . 2010-02-23 13:27 -------- d-----w- d:\program files\Kooperativa
2010-02-22 15:07 . 2010-02-22 15:07 -------- d-----w- d:\program files\Borland
2010-02-22 15:07 . 2002-01-21 10:44 346624 ----a-w- d:\windows\system32\gds32.dll
2010-02-15 18:44 . 2010-02-15 18:44 -------- d-----w- d:\program files\Logitech Touch Mouse Server
2010-02-14 13:03 . 2010-02-14 13:03 -------- d-----w- d:\program files\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 19:47 . 2002-09-20 18:05 19483648 ----a-w- d:\windows\system32\logonuiX.exe
2010-03-03 19:38 . 2001-10-25 14:00 82222 ----a-w- d:\windows\system32\perfc005.dat
2010-03-03 19:38 . 2001-10-25 14:00 419884 ----a-w- d:\windows\system32\perfh005.dat
2010-03-03 11:48 . 2007-08-29 15:11 -------- d-----w- d:\program files\FlashGet
2010-03-02 15:51 . 2009-08-29 19:27 -------- d-----w- d:\program files\MrKrax URL Submitter
2010-03-01 21:04 . 2007-09-04 18:25 -------- d-----w- d:\program files\EurotelSMS
2010-02-09 15:35 . 2004-03-27 20:36 -------- d-----w- d:\program files\Zoner
2010-01-28 14:04 . 2008-02-03 21:09 -------- d-----w- d:\program files\Google
2010-01-03 20:21 . 2010-01-03 20:21 -------- d-----w- d:\program files\iPhone Folders
2009-12-20 20:39 . 2006-08-22 12:41 19728 -c--a-w- d:\windows\system32\pgdfgsvc.exe
2007-10-10 17:29 . 2007-10-12 15:12 536064 -c--a-w- d:\program files\GIFAnimator.exe
2004-10-01 14:00 . 2009-11-26 11:47 40960 ----a-w- d:\program files\Uninstall_CDS.exe
2010-02-04 18:51 . 2008-10-06 13:14 119808 ----a-w- d:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[-] 2004-08-17 . 4D32D7FFC2F583FE21EF0A4F99EABB12 . 974848 . . [6.00.2900.2180] . . d:\windows\explorer.exe
[-] 2004-08-17 . 4D32D7FFC2F583FE21EF0A4F99EABB12 . 974848 . . [6.00.2900.2180] . . d:\windows\ServicePackFiles\i386\explorer.exe
[-] 2002-09-20 . 11D80755545CFB5EB9659EE88440EAE2 . 1004544 . . [6.00.2800.1106] . . d:\windows\$NtServicePackUninstall$\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="d:\documents and settings\Zdenek.ZDENEK-JG362RMG\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-08-06 133104]
"RocketDock"="d:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-01 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBM 5"="d:\software\Aplikace\Motherboard Monitor 5\MBM5.EXE" [2003-01-08 577536]
"LogonStudio"="d:\software\Aplikace\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"PinnacleDriverCheck"="d:\windows\System32\PSDrvCheck.exe" [2004-03-10 406016]
"HPDJ Taskbar Utility"="d:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"SSBkgdUpdate"="d:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="d:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"IMJPMIG8.1"="d:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="d:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"Gainward"="d:\windows\TBPanel.exe" [2007-04-23 2173744]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"nwiz"="nwiz.exe" [2007-04-19 1626112]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"Google Desktop Search"="d:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-04 30192]
"AppleSyncNotifier"="d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SweetIM"="d:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-17 54784]

d:\documents and settings\Zdenek.ZDENEK-JG362RMG\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Touch Mouse Server.lnk - d:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 228352]
RocketDock.lnk - d:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]

d:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BTTray.lnk - d:\program files\MICROSTAR\Bluetooth Software\BTTray.exe [2003-1-16 360509]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="d:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-28 17:39 12464 ----a-w- d:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-10 22:43 67488 -c--a-w- d:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- d:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 4.0"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Sony\\Vegas 6.0\\VegSrv60.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\wincmd\\WINCMD32.EXE"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"d:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"d:\\Program Files\\B!Soft\\RSS Builder\\RSSBuilder.exe"=
"d:\\Program Files\\KompoZer 0.7.10\\kompozer.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Software\\Games\\UT\\UnrealTournament\\System\\UnrealTournament.exe"=
"d:\\Program Files\\iPhone Tunnel Suite\\iTunnel\\iTunnel.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Ripdev\\JuiceDrop\\JuiceDrop.exe"=
"d:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Kooperativa\\KalkZiv\\Kalk_Ziv.exe"=
"d:\\Program Files\\TVAnts\\Tvants.exe"=

R0 isdnlink;isdnlink;d:\windows\system32\drivers\linkisdn.sys [27.4.2004 9:25 610403]
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;d:\windows\system32\drivers\SI3112r.sys [26.3.2003 17:44 85265]
R0 SiWinAcc;SiWinAcc;d:\windows\system32\drivers\SiWinAcc.sys [26.3.2003 17:44 9600]
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [8.12.2005 18:26 664064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [28.10.2009 18:39 333192]
R1 AvgTdiX;AVG Free Network Redirector;d:\windows\system32\drivers\avgtdix.sys [28.10.2009 18:39 360584]
R2 Angelnt;Angelnt;d:\windows\system32\drivers\ANGELNT.SYS [9.5.2004 13:24 31936]
R2 avg9emc;AVG Free E-mail Scanner;d:\program files\AVG\AVG9\avgemc.exe [28.10.2009 18:39 906520]
R2 avg9wd;AVG Free WatchDog;d:\program files\AVG\AVG9\avgwdsvc.exe [28.10.2009 18:39 285392]
R2 BT848;WinFast TV2000 XP WDM Video Capture;d:\windows\system32\drivers\wf2kvcap.sys [27.4.2004 9:31 81356]
R2 Dev_CBIDDRV;Dev_CBIDDRV;d:\windows\system32\drivers\CBID.SYS [17.10.2004 20:10 2656]
R2 PStrip;PStrip;d:\windows\system32\drivers\PStrip.sys [9.11.2004 23:32 21968]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;d:\windows\system32\drivers\wf2ktunr.sys [27.4.2004 9:31 39182]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;d:\windows\system32\drivers\wf2kXbar.sys [27.4.2004 9:31 9804]
R3 wanlink;wanlink;d:\windows\system32\drivers\wanlink.sys [27.4.2004 9:25 47968]
S0 ffozeks;ffozeks; [x]
S0 MPRIFL;MPRIFL;d:\windows\system32\DRIVERS\MPRIFL.SYS --> d:\windows\system32\DRIVERS\MPRIFL.SYS [?]
S1 SysTool;SysTool Overclocking Utility;d:\windows\system32\drivers\SysTool.sys [30.12.2005 0:04 24064]
S2 gupdate1c99e7bd27b9410;Google Update Service (gupdate1c99e7bd27b9410);d:\program files\Google\Update\GoogleUpdate.exe [6.3.2009 17:51 133104]
S3 CV2K1;CommView Network Monitor;d:\windows\system32\DRIVERS\cv2k1.sys --> d:\windows\system32\DRIVERS\cv2k1.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;d:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6.10.2008 14:14 30192]
S3 Netaapl;Apple Mobile Device Ethernet Service;d:\windows\system32\drivers\netaapl.sys [17.6.2009 8:43 17408]
S3 TVicHW32;TVicHW32;d:\windows\system32\drivers\TVicHW32.sys [17.10.2004 19:57 24656]
.
Obsah adresáře 'Naplánované úlohy'

2009-03-27 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-03-03 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-03-06 16:51]

2010-03-03 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-03-06 16:51]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://tea-earth.net/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - d:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - d:\software\Aplikace\OFFICE~1\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - d:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - d:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - d:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - d:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Stáhnout pomocí FlashGet - d:\program files\FlashGet\jc_link.htm
IE: Stáhnout vše pomocí FlashGet - d:\program files\FlashGet\jc_all.htm
IE: WikiKomentáře Google... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Name-Space Handler: ftp\JetCarIEClickCatcher - {FB5DA722-162B-11D3-8B9B-AA70B4B0B524} - d:\progra~1\FlashGet\Jccatch.dll
Name-Space Handler: http\JetCarIEClickCatcher - {FB5DA722-162B-11D3-8B9B-AA70B4B0B524} - d:\progra~1\FlashGet\Jccatch.dll
DPF: DirectAnimation Java Classes - file://d:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
FF - ProfilePath - d:\documents and settings\Zdenek.ZDENEK-JG362RMG\Data aplikací\Mozilla\Firefox\Profiles\tumuhuqj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: d:\documents and settings\Zdenek.ZDENEK-JG362RMG\Data aplikací\Mozilla\Firefox\Profiles\tumuhuqj.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: d:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: d:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{840AF9C9-60B2-45A9-910B-FDF0DEB925CA} - d:\windows\System32\dbgeng32.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Notify-AtiExtEvent - (no file)
MSConfigStartUp-iPhone PC Suite - d:\program files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe
AddRemove-BSPlayer - d:\software\Aplikace\BSPlayer\uninstall-bsplay.EXE
AddRemove-LifeGlobe Goldfish Aquarium_is1 - d:\program files\Prolific Publishing
AddRemove-MultiRes (remove only) - d:\program files\MultiRes\uninstal.exe
AddRemove-UT2004 - d:\software\Games\UT2004\System\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 20:47
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x8738F3D0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x8738f3d0
\Driver\ACPI -> ACPI.sys @ 0xf765fcb8
\Driver\atapi -> atapi.sys @ 0xf75f62f0
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059c876
ParseProcedure -> ntoskrnl.exe @ 0x8057016c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059c876
ParseProcedure -> ntoskrnl.exe @ 0x8057016c
NDIS: NVIDIA nForce MCP Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf74d2ba0
PacketIndicateHandler -> NDIS.sys @ 0xf74dfb21
SendHandler -> NDIS.sys @ 0xf74bd87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2280)
d:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
d:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
d:\windows\system32\ntshrui.dll
d:\windows\system32\msi.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\AVG\AVG9\avgchsvx.exe
d:\program files\AVG\AVG9\avgrsx.exe
d:\program files\AVG\AVG9\avgcsrvx.exe
d:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\AVG\AVG9\avgnsx.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\wdfmgr.exe
d:\program files\AVG\AVG9\avgcsrvx.exe
d:\program files\Canon\CAL\CALMAIN.exe
d:\windows\system32\wscntfy.exe
d:\progra~1\MICROS~3\BLUETO~1\BTSTAC~1.EXE
d:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2010-03-03 20:57:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-03 19:56

Před spuštěním: Volných bajtů: 32 950 788 096
Po spuštění: Volných bajtů: 32 809 893 888

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\="Microsoft Windows"

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 0370A33695B8B851C9D4B6B8561D3018

[Caroprd111]

Tohle otestujte na http://www.virustotal.com/cs/
d:\windows\explorer.exe

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem vložte.)



Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

[PajaZ]

Mohu již pustit FW a AV?

[Caroprd111]

Ano.

[PajaZ]

Takze zatim tohle.

Rozšiřující informace
File size: 974848 bytes
MD5...: 4d32d7ffc2f583fe21ef0a4f99eabb12
SHA1..: 7ade92e98d2fc437280047d50f7633de55b3d4ea
SHA256: 10ba0fbddb0e3a6b275a7d5075ebf8b31af892ddb9b08f728ce67fb8f3147b5b
ssdeep: 24576:lzEuAwj2fNuIg2+cV6smSvwA1omjgS6n:lzvKfNuIg2+cMiwA2mjgSE
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1e24e
timedatestamp.....: 0x41107ece (Wed Aug 04 06:14:38 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44689 0x44800 6.38 b527a0acaf87251d79f0236e90308ccc
.data 0x46000 0x1d90 0x1800 1.29 d0b87d8ce5a34731be197efb73b5d7bf
.rsrc 0x48000 0xa4353 0xa4400 6.58 317c8f60881589b64494f6a35608ec4c
.reloc 0xed000 0x36dc 0x3800 6.75 ee49ce3a409d6d28c1d63eabd34499b3

( 13 imports )
> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, RegisterWaitForSingleObject, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, DelayLoadFailureHook, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, GetFileAttributesExW, MulDiv, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount
> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetTextColor, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, StrCmpNW, -, -
> SHELL32.dll: -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, SHGetSpecialFolderLocation, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
> OLEAUT32.dll: -, -
> BROWSEUI.dll: -, -, -, -
> SHDOCVW.dll: -, -, -
> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Microsoft(R) Windows (R) 2000 Operating System
description..: Pr_zkumn_k Windows
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

[Caroprd111]

To jsou jen rozšiřující informace, vložte sem odkaz na výsledky.

[PajaZ]

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.03 -
AhnLab-V3 5.0.0.2 2010.03.03 -
AntiVir 8.2.1.180 2010.03.03 -
Antiy-AVL 2.0.3.7 2010.03.03 -
Authentium 5.2.0.5 2010.03.03 -
Avast 4.8.1351.0 2010.03.03 -
Avast5 5.0.332.0 2010.03.03 -
AVG 9.0.0.730 2010.03.03 -
BitDefender 7.2 2010.03.03 -
CAT-QuickHeal 10.00 2010.03.03 -
ClamAV 0.96.0.0-git 2010.03.03 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.03 -
eSafe 7.0.17.0 2010.03.03 -
eTrust-Vet 35.2.7337 2010.03.03 -
F-Prot 4.5.1.85 2010.03.03 -
F-Secure 9.0.15370.0 2010.03.03 -
Fortinet 4.0.14.0 2010.02.28 -
GData 19 2010.03.03 -
Ikarus T3.1.1.80.0 2010.03.03 -
Jiangmin 13.0.900 2010.03.03 -
K7AntiVirus 7.10.989 2010.03.03 -
Kaspersky 7.0.0.125 2010.03.03 -
McAfee 5909 2010.03.03 -
McAfee+Artemis 5909 2010.03.03 -
McAfee-GW-Edition 6.8.5 2010.03.03 -
Microsoft 1.5502 2010.03.03 -
NOD32 4913 2010.03.03 -
Norman 6.04.08 2010.03.03 -
nProtect 2009.1.8.0 2010.03.03 -
Panda 10.0.2.2 2010.03.02 -
PCTools 7.0.3.5 2010.03.03 -
Rising 22.37.02.04 2010.03.03 -
Sophos 4.51.0 2010.03.03 -
Sunbelt 5741 2010.03.03 -
Symantec 20091.2.0.41 2010.03.03 -
TheHacker 6.5.1.7.218 2010.03.03 -
TrendMicro 9.120.0.1004 2010.03.03 -
VBA32 3.12.12.2 2010.03.02 -
ViRobot 2010.3.3.2210 2010.03.03 -
VirusBuster 5.0.27.0 2010.03.03 -

[Caroprd111]

OK, teď další kroky.

[PajaZ]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll si3112r.sys
kernel: MBR read successfully
user & kernel MBR OK

[Caroprd111]

Jak to vypadá s PC

[PajaZ]

Ted v poradku vytizeni malé Ale predtim jsem také chvilku, mel vše v poradku, kéž by to tak zustalo.
Co jsem tam měl za potvory? Nebo jeste neco mam?