Pomale připojení(aktualizaze antiviru nelze provést)

[venny84]

Pomale připojení(aktualizaze antiviru nelze provést)
Dobrý den mám problem s připojením už 2dny ale poskitovatelem to nebude ještě čekám na odpověď.
Tahá to jen 30Kbs a i PC je zpomalené myslel jsem že to bylo poslední aktualizací a tak sem ji sundal ale stale
je to špatne zkoušel jsem už nekolik antivirů ale nic (až na Adw ten nasel něco).
Jelikož hraji Dark Orbit a to je broswerová hra tak potrebuji flash player a stim mam problemy už 14dní a teď uplně video se seka a zvuk poskakuje.

[Rudy]

Zdravím!
Dejte log RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 .

[venny84]

Logfile of random's system information tool 1.09 (written by random/random)
Run by default at 2012-11-17 19:23:18
Systém Microsoft Windows XP Professional Service Pack 3
System drive D: has 12 GB (27%) free of 43 GB
Total RAM: 1014 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:23:35, on 17.11.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\AVAST Software\Avast\AvastSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\jre7\bin\jqs.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\PROGRA~1\LAUNCH~1\LManager.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\AVAST Software\Avast\avastUI.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\Real\RealPlayer\update\realsched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\igfxext.exe
D:\DOCUME~1\default\LOCALS~1\Temp\RtkBtMnt.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Documents and Settings\default\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\default\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\default\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\default\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\default\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\default\Plocha\Odvirovávaní\RSIT.exe
D:\Program Files\Real\RealPlayer\RealPlay.exe
D:\Program Files\trend micro\default.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.lavasoft.com/?source ... 50A53DCA06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [LManager] D:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPStart] D:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast] "D:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\default\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Free YouTube Download - D:\Documents and Settings\default\Data aplikací\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - D:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 6931 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
D:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
D:\WINDOWS\tasks\Adobe Flash Player Updater.job
D:\WINDOWS\tasks\avast! Emergency Update.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-725345543-839522115-1003Core.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-725345543-839522115-1003UA.job
D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-606747145-725345543-839522115-1003.job
D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-725345543-839522115-1003.job

=========Mozilla firefox=========

ProfilePath - D:\Documents and Settings\default\Data aplikací\Mozilla\Firefox\Profiles\07ptqcva.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.startup.homepage" - "http://safesearchr.lavasoft.com/?source ... 50A53DCA06"
prefs.js - "keyword.URL" - "http://isearch.avg.com/search?cid=%7B44 ... &sap=ku&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=D:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.110 Plugin
"Path"=D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=D:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=D:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=D:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=D:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14]
"Description"=RealJukebox Netscape Plugin
"Path"=D:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=D:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=D:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739]
"Description"=RealPlayer Version Plugin
"Path"=D:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14]
"Description"=RealPlayer Download Plugin
"Path"=D:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=D:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=D:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.2]
"Description"=VLC Multimedia Plugin
"Path"=D:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

D:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

D:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

D:\Program Files\Mozilla Firefox\searchplugins\
adawaretb.xml
avg-secure-search.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

D:\Documents and Settings\default\Data aplikací\Mozilla\Firefox\Profiles\07ptqcva.default\extensions\
jid1-yZwVFzbsyfMrqQ@jetpack
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - D:\Program Files\Java\jre7\bin\ssv.dll [2012-09-24 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-24 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{99079a25-328f-4bd4-be04-00955acaa0a7}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LManager"=D:\PROGRA~1\LAUNCH~1\LManager.exe [2007-06-27 752136]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SynTPStart"=D:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"Adobe ARM"=D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"IgfxTray"=D:\WINDOWS\system32\igfxtray.exe [2007-08-24 135168]
"HotKeysCmds"=D:\WINDOWS\system32\hkcmd.exe [2007-08-24 159744]
"Persistence"=D:\WINDOWS\system32\igfxpers.exe [2007-08-24 131072]
"avast"=D:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]
"TkBellExe"=D:\Program Files\Real\RealPlayer\update\realsched.exe [2012-11-16 296096]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=D:\Documents [2012-09-26 21044]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
D:\Program Files\Messenger\msmsgs.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nexus Radio]
D:\Program Files\Nexus Radio\Nexus Radio.exe [2010-06-03 4699136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
D:\Program Files\PowerISO\PWRISOVM.EXE [2008-11-02 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe [2012-02-29 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge]
D:\program files\relevantknowledge\rlvknlg.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^default^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.3.lnk]
D:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-12-13 1198592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"HonorAutorunSetting"=1
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"HonorAutorunSetting"=1
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\HRY\Best of Games\bulanci.exe"="C:\HRY\Best of Games\bulanci.exe:*:Disabled:bulanci"
"D:\WINDOWS\system32\dplaysvr.exe"="D:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:\games\Age of empire II\Age of Empires II - The Conquerors\empires2.exe"="C:\games\Age of empire II\Age of Empires II - The Conquerors\empires2.exe:*:Enabled:Age of Empires II"
"D:\Documents and Settings\default\Dokumenty\Downloads\FreecivPortable\App\Freeciv\freeciv-server.exe"="D:\Documents and Settings\default\Dokumenty\Downloads\FreecivPortable\App\Freeciv\freeciv-server.exe:*:Enabled:freeciv-server"
"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Program Files\3DO\Army Men RTS\amrts.exe"="D:\Program Files\3DO\Army Men RTS\amrts.exe:*:Enabled:Army Men RTS"
"C:\HRY\Dune 2000\DUNE2000.DAT"="C:\HRY\Dune 2000\DUNE2000.DAT:*:Enabled:Dune2000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=D:\WINDOWS\System32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=D:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=myokent.dll
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"vidc.tscc"=D:\PROGRA~1\MpcStar\Codecs\tscc\tsccvid.dll
"msacm.vorbis"=vorbis.acm
"MSACM.MSNAUDIO"=msnaudio.acm
"VIDC.ZMBV"=zmbv.dll

======List of files/folders created in the last 1 month======

2012-11-17 19:23:18 ----D---- D:\rsit
2012-11-17 19:23:18 ----D---- D:\Program Files\trend micro
2012-11-17 19:04:23 ----D---- D:\WINDOWS\LastGood
2012-11-17 18:59:54 ----A---- D:\WINDOWS\imsins.BAK
2012-11-16 16:18:50 ----A---- D:\WINDOWS\system32\ntoskrnl.exe
2012-11-16 16:18:50 ----A---- D:\WINDOWS\system32\ntkrnlpa.exe
2012-11-16 15:53:30 ----A---- D:\WINDOWS\system32\win32k.sys
2012-11-16 15:40:51 ----D---- D:\Program Files\Common Files\xing shared
2012-11-16 15:40:34 ----A---- D:\WINDOWS\system32\rmoc3260.dll
2012-11-16 15:40:21 ----A---- D:\WINDOWS\system32\pndx5032.dll
2012-11-16 15:40:21 ----A---- D:\WINDOWS\system32\pndx5016.dll
2012-11-16 15:40:11 ----D---- D:\Program Files\Real
2012-11-16 15:37:24 ----D---- D:\Documents and Settings\default\Data aplikací\Real
2012-11-15 21:07:05 ----D---- D:\Program Files\Emsisoft HiJackFree
2012-11-15 20:43:05 ----D---- D:\Documents and Settings\All Users\Data aplikací\Real
2012-11-15 20:20:00 ----D---- D:\Documents and Settings\default\Data aplikací\LavasoftStatistics
2012-11-15 20:08:11 ----D---- D:\Documents and Settings\default\Data aplikací\blekko
2012-11-12 23:59:10 ----D---- D:\Documents and Settings\default\Data aplikací\WinRAR
2012-11-12 23:58:46 ----D---- D:\Program Files\WinRAR
2012-11-12 23:58:03 ----D---- D:\Program Files\WinRAR 3.80 FINAL CZ,SK,EN
2012-11-12 21:07:19 ----D---- D:\Program Files\WinZip
2012-11-12 19:35:02 ----D---- D:\Documents and Settings\All Users\Data aplikací\Sophos
2012-10-28 18:36:15 ----D---- D:\Documents and Settings\default\Data aplikací\Audacity
2012-10-28 18:35:12 ----D---- D:\Program Files\Audacity
2012-10-28 14:32:07 ----A---- D:\WINDOWS\Robota.INI
2012-10-28 13:18:06 ----D---- D:\Documents and Settings\default\Data aplikací\Intelli-studio
2012-10-28 13:17:22 ----D---- D:\Program Files\SAMSUNG
2012-10-27 11:42:10 ----D---- D:\Program Files\MAGIX
2012-10-27 11:38:12 ----D---- D:\Documents and Settings\All Users\Data aplikací\MAGIX
2012-10-27 11:37:50 ----D---- D:\Program Files\Common Files\MAGIX Services
2012-10-27 10:54:58 ----D---- D:\Documents and Settings\default\Data aplikací\MAGIX
2012-10-24 15:46:39 ----D---- D:\Program Files\Oldgames
2012-10-22 18:24:21 ----D---- D:\Program Files\D-Fend Reloaded
2012-10-21 20:47:40 ----D---- D:\Program Files\DOSBox-0.74
2012-10-21 18:25:33 ----A---- D:\WINDOWS\system32\rp_stats.dat
2012-10-21 18:25:33 ----A---- D:\WINDOWS\system32\rp_rules.dat
2012-10-20 20:02:55 ----A---- D:\WINDOWS\system32\TempWmicBatchFile.bat
2012-10-20 20:02:35 ----A---- D:\WINDOWS\system32\WindowsAccessBridge.dll
2012-10-20 20:02:35 ----A---- D:\WINDOWS\system32\javaw.exe
2012-10-20 20:02:34 ----A---- D:\WINDOWS\system32\java.exe
2012-10-20 01:51:44 ----D---- D:\Program Files\TryMedia

======List of files/folders modified in the last 1 month======

2012-11-17 19:23:24 ----D---- D:\WINDOWS\Prefetch
2012-11-17 19:23:18 ----D---- D:\Program Files
2012-11-17 19:17:52 ----D---- D:\WINDOWS\Temp
2012-11-17 19:04:57 ----HD---- D:\WINDOWS\inf
2012-11-17 19:04:55 ----HD---- D:\WINDOWS\$hf_mig$
2012-11-17 19:04:55 ----D---- D:\WINDOWS
2012-11-17 19:04:22 ----D---- D:\WINDOWS\system32\CatRoot2
2012-11-17 19:03:17 ----SD---- D:\WINDOWS\Tasks
2012-11-17 19:02:34 ----D---- D:\WINDOWS\system32
2012-11-17 19:01:30 ----A---- D:\WINDOWS\SchedLgU.Txt
2012-11-17 19:01:10 ----RSHDC---- D:\WINDOWS\system32\dllcache
2012-11-17 18:59:39 ----SHD---- D:\WINDOWS\Installer
2012-11-17 18:59:39 ----HD---- D:\Config.Msi
2012-11-17 18:49:48 ----D---- D:\WINDOWS\system32\drivers
2012-11-17 17:16:20 ----D---- D:\Documents and Settings\default\Data aplikací\Winamp
2012-11-17 17:16:20 ----D---- D:\Documents and Settings\default\Data aplikací\uTorrent
2012-11-17 17:16:11 ----D---- D:\WINDOWS\Debug
2012-11-17 11:49:19 ----D---- D:\Program Files\Ad-Aware Antivirus
2012-11-17 11:45:07 ----D---- D:\Documents and Settings\default\Data aplikací\Ad-Aware Antivirus
2012-11-17 11:02:03 ----D---- D:\My Recorded Files
2012-11-16 20:13:19 ----A---- D:\WINDOWS\system.ini
2012-11-16 16:46:23 ----RSD---- D:\WINDOWS\assembly
2012-11-16 16:36:14 ----D---- D:\WINDOWS\Microsoft.NET
2012-11-16 16:31:56 ----D---- D:\WINDOWS\WinSxS
2012-11-16 16:31:49 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2012-11-16 15:40:51 ----D---- D:\Program Files\Common Files
2012-11-16 15:40:16 ----A---- D:\WINDOWS\system32\msvcr71.dll
2012-11-16 15:40:16 ----A---- D:\WINDOWS\system32\msvcp71.dll
2012-11-16 10:02:32 ----D---- D:\Program Files\Mozilla Firefox
2012-11-13 15:56:16 ----A---- D:\WINDOWS\win.ini
2012-11-12 21:08:11 ----D---- D:\Documents and Settings\All Users\Data aplikací\WinZip
2012-11-11 17:01:34 ----D---- D:\Documents and Settings\All Users\Data aplikací\Adobe
2012-11-11 16:58:42 ----A---- D:\WINDOWS\system32\FlashPlayerApp.exe
2012-11-11 16:42:22 ----D---- D:\Documents and Settings\default\Data aplikací\vlc
2012-11-10 09:54:59 ----D---- D:\WINDOWS\AppPatch
2012-11-08 18:32:28 ----D---- D:\Program Files\Opera
2012-11-03 07:41:59 ----HDC---- D:\WINDOWS\$NtUninstallKB952954$
2012-11-01 16:54:23 ----D---- D:\Program Files\Mozilla Maintenance Service
2012-10-27 11:47:58 ----RSD---- D:\WINDOWS\Fonts
2012-10-27 11:40:05 ----D---- D:\WINDOWS\Help
2012-10-23 15:12:38 ----D---- D:\Program Files\Windows Media Player
2012-10-23 00:58:32 ----A---- D:\audio.txt
2012-10-21 20:23:33 ----D---- D:\Documents and Settings\All Users\Data aplikací\Lavasoft
2012-10-21 20:23:29 ----DC---- D:\WINDOWS\system32\DRVSTORE
2012-10-21 08:26:13 ----D---- D:\Program Files\Nexus Radio
2012-10-20 20:02:34 ----D---- D:\Program Files\Java
2012-10-20 02:15:17 ----D---- D:\Program Files\VstPlugins
2012-10-20 02:15:03 ----D---- D:\Program Files\softendo.com
2012-10-19 20:51:44 ----D---- D:\Program Files\CCleaner

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; D:\WINDOWS\system32\drivers\Aavmker4.sys [2012-08-21 25256]
R1 AswRdr;aswRdr; D:\WINDOWS\system32\drivers\AswRdr.sys [2012-08-21 35928]
R1 aswSnx;aswSnx; D:\WINDOWS\system32\drivers\aswSnx.sys [2012-08-21 729752]
R1 aswSP;aswSP; D:\WINDOWS\system32\drivers\aswSP.sys [2012-08-21 355632]
R1 aswTdi;avast! Network Shield Support; D:\WINDOWS\system32\drivers\aswTdi.sys [2012-08-21 54232]
R1 DritekPortIO;Dritek General Port I/O; \??\D:\PROGRA~1\LAUNCH~1\DPortIO.sys []
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\D:\Program Files\HWiNFO32\HWiNFO32.SYS []
R1 intelppm;Řadič procesoru Intel; D:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SCDEmu;SCDEmu; D:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; D:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswFsBlk;aswFsBlk; D:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-08-21 21256]
R2 aswMon2;aswMon2; D:\WINDOWS\system32\drivers\aswMon2.sys [2012-08-21 97608]
R2 mdmxsdk;mdmxsdk; D:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 AR5211;Atheros Wireless Network Adapter Service; D:\WINDOWS\System32\DRIVERS\ar5211.sys [2007-05-02 546976]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; D:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-06-19 156160]
R3 btaudio;Bluetooth Audio Device; D:\WINDOWS\system32\drivers\btaudio.sys [2007-05-17 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; D:\WINDOWS\system32\DRIVERS\btport.sys [2007-05-17 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; D:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-05-17 876384]
R3 DKbFltr;Dritek Keyboard Filter Driver; D:\WINDOWS\System32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 EMSCR;EMSCR; D:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2008-03-28 66432]
R3 ESDCR;ESDCR; D:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2008-03-28 46080]
R3 ESMCR;ESMCR; D:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2008-03-28 81152]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; D:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; D:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-04-26 988032]
R3 HSFHWAZL;HSFHWAZL; D:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-04-26 210816]
R3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-10 4419584]
R3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 sdbus;sdbus; D:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SynTP;Synaptics TouchPad Driver; D:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-07 215904]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; D:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-04-26 731136]
S0 Partizan;Partizan; D:\WINDOWS\system32\drivers\Partizan.sys []
S1 SBRE;SBRE; \??\D:\WINDOWS\system32\drivers\SBREdrv.sys []

[Rudy]

Ještě porposím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[venny84]

ComboFix 12-11-16.02 - default 18.11.2012 5:12.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.673 [GMT 1:00]
Spuštěný z: d:\documents and settings\default\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\default\Dokumenty\TMPE1.tmp
d:\documents and settings\default\WINDOWS
d:\program files\xp-AntiSpy
d:\program files\xp-AntiSpy\Uninstall.exe
d:\program files\xp-AntiSpy\xp-AntiSpy.exe
d:\program files\xp-AntiSpy\xp-AntiSpy.chm
d:\program files\xp-AntiSpy\xp-AntiSpy.url
d:\windows\msmqinst.log
d:\windows\system32\Cache
d:\windows\system32\Cache\272512937d9e61a4.fb
d:\windows\system32\Cache\287204568329e189.fb
d:\windows\system32\Cache\28bc8f716fd76a47.fb
d:\windows\system32\Cache\2c53092c95605355.fb
d:\windows\system32\Cache\31a0997e9a5b5eb3.fb
d:\windows\system32\Cache\32c84fe32bb74d60.fb
d:\windows\system32\Cache\3917078cb68ec657.fb
d:\windows\system32\Cache\590ba23ce359fd0c.fb
d:\windows\system32\Cache\610289e025a3ee9a.fb
d:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
d:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
d:\windows\system32\Cache\6d03dad1035885d3.fb
d:\windows\system32\Cache\a8556537add6dfc5.fb
d:\windows\system32\Cache\ad10a52aff5e038d.fb
d:\windows\system32\Cache\c1fa887b03019701.fb
d:\windows\system32\Cache\c38a11586457b2d5.fb
d:\windows\system32\Cache\c4d28dca2e7648be.fb
d:\windows\system32\Cache\d201ef9910cd39de.fb
d:\windows\system32\Cache\d2e94710a5708128.fb
d:\windows\system32\Cache\d79b9dfe81484ec4.fb
d:\windows\system32\Cache\f998975c9cc711ee.fb
d:\windows\system32\SET3AA.tmp
d:\windows\system32\SET3AF.tmp
d:\windows\system32\SET3FE.tmp
d:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-18 do 2012-11-18 )))))))))))))))))))))))))))))))
.
.
2012-11-17 18:23 . 2012-11-17 18:23 -------- d-----w- D:\rsit
2012-11-17 18:23 . 2012-11-17 18:23 -------- d-----w- d:\program files\trend micro
2012-11-16 15:18 . 2012-08-23 06:27 2195072 ----a-w- d:\windows\system32\ntoskrnl.exe
2012-11-16 15:18 . 2012-08-23 06:27 2071808 ----a-w- d:\windows\system32\ntkrnlpa.exe
2012-11-16 14:53 . 2012-10-22 19:57 1866368 ----a-w- d:\windows\system32\win32k.sys
2012-11-16 14:40 . 2012-11-16 14:40 -------- d-----w- d:\program files\Common Files\xing shared
2012-11-16 14:40 . 2012-11-16 14:40 -------- d-----w- d:\program files\Real
2012-11-15 20:07 . 2012-11-15 20:07 -------- d-----w- d:\program files\Emsisoft HiJackFree
2012-11-15 19:20 . 2012-11-15 19:20 -------- d-----w- d:\documents and settings\default\Data aplikací\LavasoftStatistics
2012-11-15 19:08 . 2012-11-15 19:08 -------- d-----w- d:\documents and settings\default\Data aplikací\blekko
2012-11-12 22:58 . 2008-10-15 10:37 -------- d-----w- d:\program files\WinRAR 3.80 FINAL CZ,SK,EN
2012-11-12 20:07 . 2012-11-12 20:11 -------- d-----w- d:\documents and settings\default\Local Settings\Data aplikací\WinZip
2012-11-12 18:35 . 2012-11-12 18:35 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Sophos
2012-10-28 17:46 . 2012-10-28 17:46 73696 ----a-w- d:\program files\Mozilla Firefox\breakpadinjector.dll
2012-10-28 17:36 . 2012-10-28 21:33 -------- d-----w- d:\documents and settings\default\Data aplikací\Audacity
2012-10-28 17:35 . 2012-10-28 17:35 -------- d-----w- d:\program files\Audacity
2012-10-28 12:18 . 2012-10-28 12:21 -------- d-----w- d:\documents and settings\default\Data aplikací\Intelli-studio
2012-10-28 12:17 . 2012-10-28 12:17 -------- d-----w- d:\program files\SAMSUNG
2012-10-27 10:42 . 2012-10-31 18:06 -------- d-----w- d:\program files\MAGIX
2012-10-27 10:38 . 2012-11-13 14:56 -------- d-----w- d:\documents and settings\All Users\Data aplikací\MAGIX
2012-10-27 10:37 . 2012-10-27 10:44 -------- d-----w- d:\program files\Common Files\MAGIX Services
2012-10-27 09:54 . 2012-11-13 14:56 -------- d-----w- d:\documents and settings\default\Data aplikací\MAGIX
2012-10-24 14:46 . 2012-10-24 14:46 -------- d-----w- d:\program files\Oldgames
2012-10-22 17:24 . 2012-10-22 17:26 -------- d-----w- d:\documents and settings\default\D-Fend Reloaded
2012-10-22 17:24 . 2012-10-22 17:24 -------- d-----w- d:\program files\D-Fend Reloaded
2012-10-21 19:47 . 2012-10-21 19:47 -------- d-----w- d:\program files\DOSBox-0.74
2012-10-20 19:02 . 2012-10-20 19:03 2 ----a-w- d:\windows\system32\TempWmicBatchFile.bat
2012-10-20 19:02 . 2012-09-24 21:16 93672 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
2012-10-20 00:51 . 2012-10-20 00:51 -------- d-----w- d:\program files\TryMedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 14:40 . 2012-03-06 17:33 348160 ----a-w- d:\windows\system32\msvcr71.dll
2012-11-16 14:40 . 2003-03-19 05:14 499712 ----a-w- d:\windows\system32\msvcp71.dll
2012-11-11 15:58 . 2012-08-06 18:48 73656 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-11 15:58 . 2012-08-06 18:48 697272 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2012-10-02 18:04 . 2001-10-25 12:00 58368 ----a-w- d:\windows\system32\synceng.dll
2012-10-01 17:01 . 2012-02-29 00:47 737280 ----a-w- d:\windows\iun6002.exe
2012-09-19 17:10 . 2012-06-12 13:34 821736 ----a-w- d:\windows\system32\npDeployJava1.dll
2012-09-19 17:10 . 2012-02-27 20:25 746984 ----a-w- d:\windows\system32\deployJava1.dll
2012-08-28 15:18 . 2012-02-27 17:43 916992 ----a-w- d:\windows\system32\wininet.dll
2012-08-28 15:18 . 2012-02-27 17:44 43520 ----a-w- d:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2012-02-27 17:44 1469440 ----a-w- d:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2012-02-27 18:04 385024 ----a-w- d:\windows\system32\html.iec
2012-08-24 13:53 . 2001-10-25 12:00 177664 ----a-w- d:\windows\system32\wintrust.dll
2012-08-21 09:13 . 2012-08-28 21:13 355632 ----a-w- d:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-08-28 21:13 729752 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-08-28 21:13 54232 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-08-28 21:13 35928 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-08-28 21:13 97608 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-08-28 21:13 89624 ----a-w- d:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-08-28 21:13 21256 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-08-28 21:13 25256 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-08-28 21:12 41224 ----a-w- d:\windows\avastSS.scr
2012-08-21 09:12 . 2012-08-28 21:12 227648 ----a-w- d:\windows\system32\aswBoot.exe
2012-10-28 17:46 . 2012-08-26 18:46 266720 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- d:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="d:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"SynTPStart"="d:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2007-08-24 135168]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2007-08-24 159744]
"Persistence"="d:\windows\system32\igfxpers.exe" [2007-08-24 131072]
"avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"TkBellExe"="d:\program files\Real\RealPlayer\update\realsched.exe" [2012-11-16 296096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=myokent.dll
.
[HKLM\~\startupfolder\D:^Documents and Settings^default^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.3.lnk]
path=d:\documents and settings\default\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk
backup=d:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nexus Radio]
2010-06-03 20:05 4699136 ----a-w- d:\program files\Nexus Radio\Nexus Radio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38 167936 ----a-w- d:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-02-28 23:37 413696 ----a-w- d:\program files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Desktop Hunter Startup"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\HRY\\Best of Games\\bulanci.exe"=
"d:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\games\\Age of empire II\\Age of Empires II - The Conquerors\\empires2.exe"=
"d:\\Documents and Settings\\default\\Dokumenty\\Downloads\\FreecivPortable\\App\\Freeciv\\freeciv-server.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"c:\\HRY\\Dune 2000\\DUNE2000.DAT"=
.
R1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [28.8.2012 22:13 729752]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [28.8.2012 22:13 355632]
R1 HWiNFO32;HWiNFO32 Kernel Driver;d:\program files\HWiNFO32\HWiNFO32.SYS [3.10.2012 19:50 19064]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [28.8.2012 22:13 21256]
S1 SBRE;SBRE;\??\d:\windows\system32\drivers\SBREdrv.sys --> d:\windows\system32\drivers\SBREdrv.sys [?]
S3 cpuz134;cpuz134;\??\d:\docume~1\default\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> d:\docume~1\default\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [26.4.2011 12:54 2702848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-18 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-06 15:58]
.
2012-11-18 d:\windows\Tasks\avast! Emergency Update.job
- d:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-28 09:12]
.
2012-11-18 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-04-24 19:37]
.
2012-11-18 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-04-24 19:37]
.
2012-11-18 d:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-725345543-839522115-1003.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 13:27]
.
2012-11-18 d:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-725345543-839522115-1003.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 13:27]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=46FB1AF9A277F6BD1532D450A53DCA06
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - d:\documents and settings\default\Data aplikací\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Send to &Bluetooth Device... - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - d:\documents and settings\default\Data aplikací\Mozilla\Firefox\Profiles\07ptqcva.default\
FF - prefs.js: browser.search.selectedEngine - blekko
FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=46FB1AF9A277F6BD1532D450A53DCA06
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B443689c0-3c4f-4aea-97d7-e69c7dc8f34c%7D&mid=d2e1917ccc2847d0a1fad15560c96d78-8b97af8b2353f10546bb9be8efb3d2258dfeed3c&ds=AVG&v=11.1.0.12&lang=cs&pr=fr&d=2012-07-30%2009%3A44%3A19&sap=ku&q=
FF - ExtSQL: 2012-11-15 20:08; {87934c42-161d-45bc-8cef-ef18abe2a30c}; d:\documents and settings\default\Data aplikací\Mozilla\Firefox\Profiles\07ptqcva.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: 2012-11-15 20:08; jid1-yZwVFzbsyfMrqQ@jetpack; d:\documents and settings\default\Data aplikací\Mozilla\Firefox\Profiles\07ptqcva.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-MSMSGS - d:\program files\Messenger\msmsgs.exe
MSConfigStartUp-RelevantKnowledge - d:\program files\relevantknowledge\rlvknlg.exe
MSConfigStartUp-SUPERAntiSpyware - d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
AddRemove-xp-AntiSpy - d:\program files\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-18 05:20
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1076)
d:\windows\system32\myokent.dll
.
- - - - - - - > 'lsass.exe'(1204)
d:\windows\system32\myokent.dll
.
Celkový čas: 2012-11-18 05:23:10
ComboFix-quarantined-files.txt 2012-11-18 04:23
.
Před spuštěním: Volných bajtů: 11 951 968 256
Po spuštění: Volných bajtů: 12 141 514 752
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 619655212EB30FF2D15E68884BE8D542

[venny84]

Při zpuštění toho Combofixu mi to psalo že rezidentní štíty jsou zapnuty
(AVG Free Antivirus) ten mám už dloho odinstalovanej.

[Rudy]

U evidentně vypnutých štítů a odinstalovaných AV hlášku ignorujte.

[venny84]

No začínam zjišťovat že to je asi routerem,spravce mi psal že je vše ok.Teď jde jen oto jestli je špatný router nebo síťovka
v NTB. Momenntalně jsem připojeny přes LAN a je to super.
Ale vaše pomoc byle super počitač teď šlape jak hodínky po tom Combofixu.
Moc děkuji.

[Rudy]

Nemáte zač!