Prosím o kontrolu logu - velmi pomalý start PC

[ovecka]

Ahoj,

RogueKiller V10.1.2.0 [Jan 6 2015] by Adlice Software
mail :
Feedback :
Webová stránka :
Blog :

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno : Normální režim
Uživatel : User1 [Práva správce]
Mód : Prohledat -- Datum : 01/14/2015 22:21:26

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nenahrán [0xc000026c]) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤

============================================
RKreport_SCN_01062015_184739.log - RKreport_SCN_01062015_184757.log




ComboFix 15-01-08.01 - User1 14.01.2015 22:55:18.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.312 [GMT 1:00]
Spuštěný z: c:\documents and settings\User1\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\User1\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\MP Scheduled Scan.job"
"c:\windows\TEMP\_avast_\unp158988381.tmp 299179 bytes"
"c:\windows\TEMP\_avast_\unp6296997.tmp"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-14 do 2015-01-14 )))))))))))))))))))))))))))))))
.
.
2015-01-07 18:20 . 2015-01-07 17:44 24064 ----a-w- c:\windows\zoek-delete.exe
2015-01-07 17:44 . 2015-01-07 18:13 -------- d-----w- C:\zoek_backup
2015-01-06 17:46 . 2015-01-14 21:21 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-06 17:46 . 2015-01-06 17:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2015-01-06 17:28 . 2015-01-06 17:28 -------- d-----w- c:\windows\ERUNT
2015-01-05 20:26 . 2015-01-06 17:16 -------- d-----w- C:\AdwCleaner
2015-01-02 19:42 . 2015-01-02 19:42 -------- d-----w- c:\program files\VS Revo Group
2015-01-02 16:40 . 2015-01-02 16:41 244264 ----a-w- c:\program files\Mozilla Firefox\Firefox Setup Stub 34.0.5.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-13 20:37 . 2012-04-04 20:14 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-13 20:37 . 2011-09-24 20:44 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-11 19:16 . 2010-06-26 19:25 60416 ----a-w- c:\windows\ALCFDRTM.VER
2015-01-06 03:36 . 2010-05-06 19:20 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-11-26 15:28 . 2011-08-05 21:38 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-26 15:27 . 2010-05-06 18:36 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-15 08:24 . 2014-04-26 20:55 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-15 08:24 . 2013-03-03 21:55 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-15 08:24 . 2013-03-03 21:55 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-15 08:24 . 2013-03-03 21:55 70384 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-11-15 08:24 . 2010-05-06 18:36 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-11-15 08:24 . 2010-05-06 18:36 55240 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-11-15 08:24 . 2014-11-15 08:24 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-15 08:24 . 2014-11-15 08:24 43152 ----a-w- c:\windows\avastSS.scr
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-15 08:23 723976 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]
"alcohol.exe Autorun"="c:\program files\Alcohol Soft\Alcohol 52\alcohol.exe" [2010-02-20 1750880]
"PicPick Start"="c:\program files\PicPick\picpick.exe" [2010-04-23 3720704]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" [2013-01-10 231784]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-12-12 5489944]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22067296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-26 77824]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" [2013-01-10 55656]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2012-02-02 96128]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2011-08-30 223104]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2015-01-10 5227112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-6 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3.3.2013 22:55 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3.3.2013 22:55 206248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.5.2010 20:36 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [5.8.2011 22:38 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [6.5.2010 19:36 423784]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [26.4.2014 21:55 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [3.3.2013 22:55 70384]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8.5.2013 7:25 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [8.5.2013 7:25 8576]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [12.9.2013 22:17 21648]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\drivers\rimvndis.sys [7.5.2014 11:41 12800]
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:37]
.
2015-01-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-15 08:23]
.
2015-01-10 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-04-26 23:28]
.
2015-01-14 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-04-26 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\User1\Data aplikací\Mozilla\Firefox\Profiles\2v8c0fru.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =302398&p=
FF - ExtSQL: !HIDDEN! 2010-05-07 15:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-14 23:08
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2964)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2015-01-14 23:15:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-01-14 22:15
ComboFix2.txt 2015-01-13 21:40
ComboFix3.txt 2015-01-11 21:30
ComboFix4.txt 2015-01-10 17:02
.
Před spuštěním: 3 314 843 648
Po spuštění: 3 378 147 328
.
- - End Of File - - 7F23C522E584A9E0B8D65B623D872F36
413FC2A0C716421B3158746D63736515



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:20:08, on 14.1.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Olympus\ib\olycamdetect.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TotalCmd\TOTALCMD.EXE
D:\StaĹľeno z Internetu\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [OV2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" /OS
O4 - HKLM\..\Run: [Olympus ib] "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [alcohol.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 52\alcohol.exe /startup
O4 - HKCU\..\Run: [PicPick Start] C:\Program Files\PicPick\picpick.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [OV2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" -NoStart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (file missing)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 6579 bytes

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


Co problémy?

[ovecka]

Ahoj,

RogueKiller V10.1.2.0 [Jan 6 2015] by Adlice Software
mail :
Feedback :
Webová stránka :
Blog :

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno : Normální režim
Uživatel : User1 [Práva správce]
Mód : Prohledat -- Datum : 01/14/2015 22:21:26

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nenahrán [0xc000026c]) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤

============================================
RKreport_SCN_01062015_184739.log - RKreport_SCN_01062015_184757.log




ComboFix 15-01-08.01 - User1 14.01.2015 22:55:18.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.312 [GMT 1:00]
Spuštěný z: c:\documents and settings\User1\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\User1\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\MP Scheduled Scan.job"
"c:\windows\TEMP\_avast_\unp158988381.tmp 299179 bytes"
"c:\windows\TEMP\_avast_\unp6296997.tmp"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-14 do 2015-01-14 )))))))))))))))))))))))))))))))
.
.
2015-01-07 18:20 . 2015-01-07 17:44 24064 ----a-w- c:\windows\zoek-delete.exe
2015-01-07 17:44 . 2015-01-07 18:13 -------- d-----w- C:\zoek_backup
2015-01-06 17:46 . 2015-01-14 21:21 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-06 17:46 . 2015-01-06 17:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2015-01-06 17:28 . 2015-01-06 17:28 -------- d-----w- c:\windows\ERUNT
2015-01-05 20:26 . 2015-01-06 17:16 -------- d-----w- C:\AdwCleaner
2015-01-02 19:42 . 2015-01-02 19:42 -------- d-----w- c:\program files\VS Revo Group
2015-01-02 16:40 . 2015-01-02 16:41 244264 ----a-w- c:\program files\Mozilla Firefox\Firefox Setup Stub 34.0.5.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-13 20:37 . 2012-04-04 20:14 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-13 20:37 . 2011-09-24 20:44 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-11 19:16 . 2010-06-26 19:25 60416 ----a-w- c:\windows\ALCFDRTM.VER
2015-01-06 03:36 . 2010-05-06 19:20 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-11-26 15:28 . 2011-08-05 21:38 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-26 15:27 . 2010-05-06 18:36 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-15 08:24 . 2014-04-26 20:55 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-15 08:24 . 2013-03-03 21:55 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-15 08:24 . 2013-03-03 21:55 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-15 08:24 . 2013-03-03 21:55 70384 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-11-15 08:24 . 2010-05-06 18:36 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-11-15 08:24 . 2010-05-06 18:36 55240 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-11-15 08:24 . 2014-11-15 08:24 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-15 08:24 . 2014-11-15 08:24 43152 ----a-w- c:\windows\avastSS.scr
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-15 08:23 723976 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]
"alcohol.exe Autorun"="c:\program files\Alcohol Soft\Alcohol 52\alcohol.exe" [2010-02-20 1750880]
"PicPick Start"="c:\program files\PicPick\picpick.exe" [2010-04-23 3720704]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" [2013-01-10 231784]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-12-12 5489944]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22067296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-26 77824]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" [2013-01-10 55656]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2012-02-02 96128]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2011-08-30 223104]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2015-01-10 5227112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-6 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3.3.2013 22:55 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3.3.2013 22:55 206248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.5.2010 20:36 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [5.8.2011 22:38 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [6.5.2010 19:36 423784]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [26.4.2014 21:55 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [3.3.2013 22:55 70384]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8.5.2013 7:25 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [8.5.2013 7:25 8576]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [12.9.2013 22:17 21648]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\drivers\rimvndis.sys [7.5.2014 11:41 12800]
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:37]
.
2015-01-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-15 08:23]
.
2015-01-10 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-04-26 23:28]
.
2015-01-14 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-04-26 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\User1\Data aplikací\Mozilla\Firefox\Profiles\2v8c0fru.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =302398&p=
FF - ExtSQL: !HIDDEN! 2010-05-07 15:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-14 23:08
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2964)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2015-01-14 23:15:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-01-14 22:15
ComboFix2.txt 2015-01-13 21:40
ComboFix3.txt 2015-01-11 21:30
ComboFix4.txt 2015-01-10 17:02
.
Před spuštěním: 3 314 843 648
Po spuštění: 3 378 147 328
.
- - End Of File - - 7F23C522E584A9E0B8D65B623D872F36
413FC2A0C716421B3158746D63736515



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:20:08, on 14.1.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Olympus\ib\olycamdetect.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TotalCmd\TOTALCMD.EXE
D:\StaĹľeno z Internetu\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [OV2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" /OS
O4 - HKLM\..\Run: [Olympus ib] "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [alcohol.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 52\alcohol.exe /startup
O4 - HKCU\..\Run: [PicPick Start] C:\Program Files\PicPick\picpick.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [OV2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" -NoStart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (file missing)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 6579 bytes

[Orcus]

Co problémy?

[ovecka]

Ahoj,

RogueKiller V10.1.2.0 [Jan 6 2015] by Adlice Software
mail :
Feedback :
Webová stránka :
Blog :

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno : Normální režim
Uživatel : User1 [Práva správce]
Mód : Prohledat -- Datum : 01/14/2015 22:21:26

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nenahrán [0xc000026c]) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤

============================================
RKreport_SCN_01062015_184739.log - RKreport_SCN_01062015_184757.log




ComboFix 15-01-08.01 - User1 14.01.2015 22:55:18.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.312 [GMT 1:00]
Spuštěný z: c:\documents and settings\User1\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\User1\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\MP Scheduled Scan.job"
"c:\windows\TEMP\_avast_\unp158988381.tmp 299179 bytes"
"c:\windows\TEMP\_avast_\unp6296997.tmp"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-14 do 2015-01-14 )))))))))))))))))))))))))))))))
.
.
2015-01-07 18:20 . 2015-01-07 17:44 24064 ----a-w- c:\windows\zoek-delete.exe
2015-01-07 17:44 . 2015-01-07 18:13 -------- d-----w- C:\zoek_backup
2015-01-06 17:46 . 2015-01-14 21:21 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-06 17:46 . 2015-01-06 17:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2015-01-06 17:28 . 2015-01-06 17:28 -------- d-----w- c:\windows\ERUNT
2015-01-05 20:26 . 2015-01-06 17:16 -------- d-----w- C:\AdwCleaner
2015-01-02 19:42 . 2015-01-02 19:42 -------- d-----w- c:\program files\VS Revo Group
2015-01-02 16:40 . 2015-01-02 16:41 244264 ----a-w- c:\program files\Mozilla Firefox\Firefox Setup Stub 34.0.5.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-13 20:37 . 2012-04-04 20:14 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-13 20:37 . 2011-09-24 20:44 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-11 19:16 . 2010-06-26 19:25 60416 ----a-w- c:\windows\ALCFDRTM.VER
2015-01-06 03:36 . 2010-05-06 19:20 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-11-26 15:28 . 2011-08-05 21:38 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-26 15:27 . 2010-05-06 18:36 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-15 08:24 . 2014-04-26 20:55 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-15 08:24 . 2013-03-03 21:55 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-15 08:24 . 2013-03-03 21:55 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-15 08:24 . 2013-03-03 21:55 70384 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-11-15 08:24 . 2010-05-06 18:36 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-11-15 08:24 . 2010-05-06 18:36 55240 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-11-15 08:24 . 2014-11-15 08:24 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-15 08:24 . 2014-11-15 08:24 43152 ----a-w- c:\windows\avastSS.scr
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-15 08:23 723976 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]
"alcohol.exe Autorun"="c:\program files\Alcohol Soft\Alcohol 52\alcohol.exe" [2010-02-20 1750880]
"PicPick Start"="c:\program files\PicPick\picpick.exe" [2010-04-23 3720704]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" [2013-01-10 231784]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-12-12 5489944]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22067296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-26 77824]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" [2013-01-10 55656]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2012-02-02 96128]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2011-08-30 223104]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2015-01-10 5227112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-6 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3.3.2013 22:55 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3.3.2013 22:55 206248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.5.2010 20:36 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [5.8.2011 22:38 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [6.5.2010 19:36 423784]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [26.4.2014 21:55 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [3.3.2013 22:55 70384]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8.5.2013 7:25 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [8.5.2013 7:25 8576]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [12.9.2013 22:17 21648]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\drivers\rimvndis.sys [7.5.2014 11:41 12800]
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:37]
.
2015-01-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-15 08:23]
.
2015-01-10 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-04-26 23:28]
.
2015-01-14 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-04-26 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\User1\Data aplikací\Mozilla\Firefox\Profiles\2v8c0fru.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =302398&p=
FF - ExtSQL: !HIDDEN! 2010-05-07 15:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-14 23:08
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2964)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2015-01-14 23:15:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-01-14 22:15
ComboFix2.txt 2015-01-13 21:40
ComboFix3.txt 2015-01-11 21:30
ComboFix4.txt 2015-01-10 17:02
.
Před spuštěním: 3 314 843 648
Po spuštění: 3 378 147 328
.
- - End Of File - - 7F23C522E584A9E0B8D65B623D872F36
413FC2A0C716421B3158746D63736515

[ovecka]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:20:08, on 14.1.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Olympus\ib\olycamdetect.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TotalCmd\TOTALCMD.EXE
D:\StaĹľeno z Internetu\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [OV2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" /OS
O4 - HKLM\..\Run: [Olympus ib] "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [alcohol.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 52\alcohol.exe /startup
O4 - HKCU\..\Run: [PicPick Start] C:\Program Files\PicPick\picpick.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [OV2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" -NoStart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (file missing)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 6579 bytes

[jaro3]

Dáváš sem ty logy už po 2x...

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (file missing)

Ptáme se , zda mmáš ještě ty problémy s PC.