Prosím o kontrolu-něco je špatně.

[Aolorn]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:07, on 19. 2. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Miranda\Miranda IM\miranda32.exe
C:\Documents and Settings\Jakub\Nabídka Start\Programy\Po spuštění\sgalert.exe
C:\Program Files\Xfire\xfire.exe
C:\Dockl\Složky\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dufpy.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Startup: miranda32.exe.lnk = C:\Program Files\Miranda\Miranda IM\miranda32.exe
O4 - Startup: MSINET.OCX
O4 - Startup: sgalert.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jakub\Nabídka Start\Programy\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AODService - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate1c9922431152b9e) (gupdate1c9922431152b9e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10535 bytes

Včera se mi PC vrátilo ze servisu a samozřejmě není všechno v pořádku. Sice už to jde zapnout což je potěšující zpráva ale po každém startu mi vyletí chybová hláška regsvr32 nemohl provést operaci load library(v adrese operace to napíše samé čtverce). Neporadí mi někdo jak to pořešit?

[Reklama]

[Aolorn]

Mohl by se na to někdo mrknout? prosím.

[jaro3]

Bych jim to tam nejradši odnesl zpátky do servisu...
Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

A nejspíš bude chyba v registraci knihoven.
Stáhni si Dial-a-fix
Policies: Otevře přehled všech použitých omezení nastavených v registru, například na použití editoru registru, správce úloh atd.
Klikni na kladívko-další možnosti:
SFC scan - Spustí nástroj pro kontrolu systémových souborů (případná potřeba instalačního media Windows).
Klik dát zatržítko a potom na Go.

[Aolorn]

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1784
Windows 5.1.2600 Service Pack 2

21. 2. 2009 13:36:05
mbam-log-2009-02-21 (13-35-58).txt

Typ skenu: Rychlý sken
Objektu skenováno: 72705
Uplynulý cas: 2 minute(s), 54 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nodlogin (Trojan.Agent) -> No action taken.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe (Trojan.Agent) -> No action taken.
tohle říká anti malware.

Dal jsem ten SFC scan, pichnul tam CDčko s widlema, cosi to kontrolovalo a pak to zmizlo a vrátilo se to na výběr těch různých scanů.je to OK? Přecejenom jsme zvyklej na to že když něc otakovýh odělám tak mi to něco napíše

[jaro3]

Je to O.K., žádná hláška není u Dial-a-fix..
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.
Poté odinstaluj NOD32 a pořiď si free antivir (Avira,Avast).
Pak sem vlož nový log z HJT.

[Aolorn]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:11, on 21. 2. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Miranda\Miranda IM\miranda32.exe
C:\Documents and Settings\Jakub\Nabídka Start\Programy\Po spuštění\sgalert.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dockl\Složky\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dufpy.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Startup: miranda32.exe.lnk = C:\Program Files\Miranda\Miranda IM\miranda32.exe
O4 - Startup: MSINET.OCX
O4 - Startup: sgalert.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jakub\Nabídka Start\Programy\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AODService - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Služba Google Update (gupdate1c9922431152b9e) (gupdate1c9922431152b9e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10607 bytes

Tohle říká HJT
MbAM už nenašel nic podezřelýho, ale té chybové hlášce to evidentně vůbec nevadí.

[jaro3]

Vypni rez. ochranu u Avastu +deaktivuj Kerio.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Aolorn]

ComboFix 09-02-19.01 - Jakub 2009-02-21 15:47:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.2046.1320 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jakub\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090220-0] *On-access scanning disabled* (Updated)
FW: Sunbelt Kerio Personal Firewall *disabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\d3d8caps.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-21 do 2009-02-21 )))))))))))))))))))))))))))))))
.

2009-02-21 15:14 . 2009-02-21 15:14 <DIR> d-------- c:\program files\Alwil Software
2009-02-21 14:04 . 2001-08-17 21:28 771,581 --a--c--- c:\windows\system32\dllcache\winacisa.sys
2009-02-21 14:03 . 2001-08-17 21:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys
2009-02-21 14:02 . 2001-10-24 12:25 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-02-21 14:01 . 2001-10-24 12:24 172,768 --a--c--- c:\windows\system32\dllcache\t2r4disp.dll
2009-02-21 14:00 . 2001-10-24 11:43 285,792 --a--c--- c:\windows\system32\dllcache\stlnata.sys
2009-02-21 13:59 . 2004-08-03 22:41 404,990 --a--c--- c:\windows\system32\dllcache\slntamr.sys
2009-02-21 13:58 . 2001-10-24 12:24 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-02-21 13:57 . 2001-10-24 11:58 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-02-21 13:56 . 2004-08-17 15:49 363,520 --a--c--- c:\windows\system32\dllcache\psisdecd.dll
2009-02-21 13:55 . 2001-08-17 22:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-02-21 13:54 . 2001-08-17 20:50 198,144 --a--c--- c:\windows\system32\dllcache\nv3.sys
2009-02-21 13:53 . 2004-08-17 15:49 1,737,856 --a--c--- c:\windows\system32\dllcache\mtxparhd.dll
2009-02-21 13:52 . 2001-08-17 21:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-02-21 13:51 . 2001-10-24 12:24 242,688 --a--c--- c:\windows\system32\dllcache\kdsusd.dll
2009-02-21 13:50 . 2004-08-17 15:49 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2009-02-21 13:49 . 2004-08-03 22:41 1,041,536 --a--c--- c:\windows\system32\dllcache\hsfdpsp2.sys
2009-02-21 13:48 . 2001-10-24 12:24 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-02-21 13:47 . 2001-10-24 11:52 629,952 --a--c--- c:\windows\system32\dllcache\eqn.sys
2009-02-21 13:46 . 2001-08-17 20:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-02-21 13:45 . 2001-10-24 11:52 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-02-21 13:44 . 2004-08-17 15:49 1,888,992 --a--c--- c:\windows\system32\dllcache\ati3duag.dll
2009-02-21 13:43 . 2001-08-17 21:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-02-21 13:31 . 2009-02-21 13:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-21 13:31 . 2009-02-21 13:31 <DIR> d-------- c:\documents and settings\Jakub\Data aplikací\Malwarebytes
2009-02-21 13:31 . 2009-02-21 13:31 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-21 13:31 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-21 13:31 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-19 20:11 . 2009-02-20 16:14 <DIR> d-------- c:\program files\Scorpions WinCheater
2009-02-19 20:06 . 2009-02-19 20:06 <DIR> d-------- c:\program files\Tilted Mill
2009-02-19 00:53 . 2009-02-19 01:05 <DIR> d-------- c:\program files\Google
2009-02-19 00:53 . 2009-02-21 15:01 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Google Updater
2009-02-18 22:49 . 2009-02-18 22:49 <DIR> d-------- c:\windows\ulead.dat
2009-02-18 22:49 . 2009-02-18 22:49 89 --a------ c:\windows\ULead32.ini
2009-02-17 15:10 . 2009-02-17 15:10 <DIR> d-------- c:\documents and settings\Táta\Data aplikací\IObit
2009-02-17 13:23 . 2009-02-17 13:23 268 --ah----- C:\sqmdata19.sqm
2009-02-17 13:23 . 2009-02-17 13:23 244 --ah----- C:\sqmnoopt19.sqm
2009-02-17 12:59 . 2009-02-17 12:59 268 --ah----- C:\sqmdata18.sqm
2009-02-17 12:59 . 2009-02-17 12:59 244 --ah----- C:\sqmnoopt18.sqm
2009-02-12 08:57 . 2009-02-12 08:57 268 --ah----- C:\sqmdata17.sqm
2009-02-12 08:57 . 2009-02-12 08:57 244 --ah----- C:\sqmnoopt17.sqm
2009-02-12 08:52 . 2009-02-12 08:52 268 --ah----- C:\sqmdata16.sqm
2009-02-12 08:52 . 2009-02-12 08:52 244 --ah----- C:\sqmnoopt16.sqm
2009-02-11 13:45 . 2009-02-11 13:45 268 --ah----- C:\sqmdata15.sqm
2009-02-11 13:45 . 2009-02-11 13:45 244 --ah----- C:\sqmnoopt15.sqm
2009-02-11 09:14 . 2009-02-11 09:14 268 --ah----- C:\sqmdata14.sqm
2009-02-11 09:14 . 2009-02-11 09:14 244 --ah----- C:\sqmnoopt14.sqm
2009-02-11 01:13 . 2009-02-11 01:13 42,320 --a------ c:\windows\system32\xfcodec.dll
2009-01-31 00:58 . 2009-01-31 00:58 268 --ah----- C:\sqmdata13.sqm
2009-01-31 00:58 . 2009-01-31 00:58 244 --ah----- C:\sqmnoopt13.sqm
2009-01-29 15:25 . 2009-01-29 15:51 <DIR> d-------- c:\program files\IObit
2009-01-29 15:25 . 2009-01-29 15:51 <DIR> d-------- c:\documents and settings\Jakub\Data aplikací\IObit
2009-01-27 17:10 . 2009-01-27 17:10 916,499 --a------ c:\windows\content.csv
2009-01-23 23:07 . 2009-01-23 23:07 <DIR> d-------- c:\program files\Common Files\Futuremark Shared
2009-01-23 23:06 . 2009-01-23 23:06 <DIR> d-------- c:\windows\Sun
2009-01-23 23:04 . 2009-01-23 23:04 <DIR> d-------- c:\program files\Java
2009-01-23 23:04 . 2009-01-23 23:04 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-23 23:04 . 2009-01-23 23:04 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-21 19:11 . 2009-01-21 19:11 <DIR> d-------- c:\program files\QIP

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 14:42 404,901 ----a-w c:\windows\system32\drivers\fwdrv.err
2009-02-20 13:52 --------- d-----w c:\documents and settings\Jakub\Data aplikací\Xfire
2009-02-20 13:01 --------- d-----w c:\program files\Xfire
2009-02-19 19:02 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-19 19:02 --------- d-----w c:\program files\Bethesda Softworks
2009-02-19 18:50 --------- d-----w c:\program files\Electronic Arts
2009-02-19 15:57 --------- d-----w c:\program files\Ubisoft
2009-02-19 15:57 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-19 15:55 --------- d-----w c:\program files\Zaklínač
2009-02-19 01:06 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-01-31 09:32 --------- d-----w c:\program files\Common Files\stardock
2009-01-30 11:05 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-30 09:49 --------- d-----w c:\documents and settings\Jakub\Data aplikací\uTorrent
2009-01-30 09:29 --------- d-----w c:\program files\Bit Che
2009-01-27 16:24 413,696 ----a-w c:\windows\system32\wrap_oal.dll
2009-01-27 16:24 110,592 ----a-w c:\windows\system32\OpenAL32.dll
2009-01-24 15:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-24 15:33 --------- d-----w c:\program files\AGEIA Technologies
2009-01-19 18:36 --------- d-----w c:\program files\Common Files\CyberLink
2009-01-19 18:35 --------- d-----w c:\program files\CyberLink
2009-01-19 18:34 29,480 ----a-w c:\windows\system32\msxml3a.dll
2009-01-19 18:06 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-01-07 10:28 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-01-05 15:25 --------- d-----w c:\documents and settings\Táta\Data aplikací\Logitech
2009-01-01 19:35 --------- d-----w c:\documents and settings\Táta\Data aplikací\Nero
2009-01-01 19:35 --------- d-----w c:\documents and settings\Táta\Data aplikací\DisplayTune
2008-12-31 09:16 632 ----a-w C:\1.reg
2008-12-31 09:16 21,690 ----a-w C:\avexport.bat
2008-12-26 14:35 --------- d-----w c:\program files\Common Files\Adobe
2008-12-25 21:44 --------- d-----w c:\documents and settings\Jakub\Data aplikací\IMVU
2008-12-23 18:46 --------- d-----w c:\program files\RegCleaner
2008-12-23 18:27 --------- d-----w c:\program files\CCleaner
2008-12-23 10:13 --------- d-----w c:\program files\Miranda
2008-12-23 08:12 --------- d-----w c:\program files\Trend Micro
2008-12-21 13:12 --------- d-----w c:\program files\Jets'n'Guns
2008-12-10 08:45 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-12-04 08:28 24,344 ----a-w c:\windows\system32\PhysXDevice.dll
2008-11-26 07:55 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-11-25 07:38 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe
1999-07-07 00:00 6 --sh--r c:\windows\@@desktop.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]
"DT LGE"="c:\program files\Portrait Displays\forteManager\DTHtml.exe" [2007-06-12 291328]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2009-01-14 1986384]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 c:\windows\RTHDCPL.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]

c:\documents and settings\Jakub\Nabˇdka Start\Programy\Po spuçtŘnˇ\
miranda32.exe.lnk - c:\program files\Miranda\Miranda IM\miranda32.exe [2008-09-06 639045]
MSINET.OCX [2009-01-29 132880]
sgalert.exe [2009-01-29 61440]
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-02-11 3008336]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-16 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-16 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-21 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-02-20 71088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-21 20560]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-03-02 69120]
S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist --> c:\program files\AMD\OverDrive\AODAssist [?]
S2 gupdate1c9922431152b9e;Služba Google Update (gupdate1c9922431152b9e);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-19 133104]
S3 cpuz130;cpuz130;\??\c:\docume~1\Jakub\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Jakub\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2008-08-17 23600]
.
Obsah adresáře 'Naplánované úlohy'

2009-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-19 00:53]

2009-02-21 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-19 00:54]

2009-01-29 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-01-14 13:15]

2009-01-29 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\ [2009-01-29 15:51]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.dufpy.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jakub\Nabídka Start\Programy\IMVU\Run IMVU.lnk
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Jakub\Data aplikací\Mozilla\Firefox\Profiles\xk8g42k3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Jakub\Data aplikací\Mozilla\Firefox\Profiles\xk8g42k3.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- NASTAVENÍ FIREFOXU ----
c:\dockl\Slo§ky\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 15:51:43
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AODService]
"ImagePath"="c:\program files\AMD\OverDrive\AODAssist"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Celkový čas: 2009-02-21 15:54:33
ComboFix-quarantined-files.txt 2009-02-21 14:54:29

Před spuštěním: Volných bajtů: 285 090 373 632
Po spuštění: Volných bajtů: 285,101,146,112

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
252 --- E O F --- 2009-02-19 01:09:05

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
C:\sqmdata18.sqm
C:\sqmnoopt18.sqm
C:\sqmdata17.sqm
C:\sqmnoopt17.sqm
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\sqmdata15.sqm
C:\sqmnoopt15.sqm
C:\sqmdata14.sqm
C:\sqmnoopt14.sqm
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\1.reg
C:\avexport.bat
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\program files\Apple Software Update\SoftwareUpdate.exe


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Aolorn]

ComboFix 09-02-19.01 - Jakub 2009-02-21 17:31:42.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.2046.1211 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jakub\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jakub\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090220-0] *On-access scanning disabled* (Updated)
FW: Sunbelt Kerio Personal Firewall *enabled*
* Vytvořen nový Bod Obnovení

FILE ::
C:\1.reg
C:\avexport.bat
c:\program files\Apple Software Update\SoftwareUpdate.exe
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
c:\windows\Tasks\AppleSoftwareUpdate.job
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1.reg
C:\avexport.bat
c:\program files\Apple Software Update\SoftwareUpdate.exe
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
c:\windows\Tasks\AppleSoftwareUpdate.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-21 do 2009-02-21 )))))))))))))))))))))))))))))))
.

2009-02-21 15:14 . 2009-02-21 15:14 <DIR> d-------- c:\program files\Alwil Software
2009-02-21 14:04 . 2001-08-17 21:28 771,581 --a--c--- c:\windows\system32\dllcache\winacisa.sys
2009-02-21 14:03 . 2001-08-17 21:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys
2009-02-21 14:02 . 2001-10-24 12:25 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-02-21 14:01 . 2001-10-24 12:24 172,768 --a--c--- c:\windows\system32\dllcache\t2r4disp.dll
2009-02-21 14:00 . 2001-10-24 11:43 285,792 --a--c--- c:\windows\system32\dllcache\stlnata.sys
2009-02-21 13:59 . 2004-08-03 22:41 404,990 --a--c--- c:\windows\system32\dllcache\slntamr.sys
2009-02-21 13:58 . 2001-10-24 12:24 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-02-21 13:57 . 2001-10-24 11:58 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-02-21 13:56 . 2004-08-17 15:49 363,520 --a--c--- c:\windows\system32\dllcache\psisdecd.dll
2009-02-21 13:55 . 2001-08-17 22:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-02-21 13:54 . 2001-08-17 20:50 198,144 --a--c--- c:\windows\system32\dllcache\nv3.sys
2009-02-21 13:53 . 2004-08-17 15:49 1,737,856 --a--c--- c:\windows\system32\dllcache\mtxparhd.dll
2009-02-21 13:52 . 2001-08-17 21:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-02-21 13:51 . 2001-10-24 12:24 242,688 --a--c--- c:\windows\system32\dllcache\kdsusd.dll
2009-02-21 13:50 . 2004-08-17 15:49 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2009-02-21 13:49 . 2004-08-03 22:41 1,041,536 --a--c--- c:\windows\system32\dllcache\hsfdpsp2.sys
2009-02-21 13:48 . 2001-10-24 12:24 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-02-21 13:47 . 2001-10-24 11:52 629,952 --a--c--- c:\windows\system32\dllcache\eqn.sys
2009-02-21 13:46 . 2001-08-17 20:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-02-21 13:45 . 2001-10-24 11:52 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-02-21 13:44 . 2004-08-17 15:49 1,888,992 --a--c--- c:\windows\system32\dllcache\ati3duag.dll
2009-02-21 13:43 . 2001-08-17 21:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-02-21 13:31 . 2009-02-21 13:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-21 13:31 . 2009-02-21 13:31 <DIR> d-------- c:\documents and settings\Jakub\Data aplikací\Malwarebytes
2009-02-21 13:31 . 2009-02-21 13:31 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-21 13:31 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-21 13:31 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-19 20:11 . 2009-02-20 16:14 <DIR> d-------- c:\program files\Scorpions WinCheater
2009-02-19 20:06 . 2009-02-19 20:06 <DIR> d-------- c:\program files\Tilted Mill
2009-02-19 00:53 . 2009-02-19 01:05 <DIR> d-------- c:\program files\Google
2009-02-19 00:53 . 2009-02-21 15:01 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Google Updater
2009-02-18 22:49 . 2009-02-18 22:49 <DIR> d-------- c:\windows\ulead.dat
2009-02-18 22:49 . 2009-02-18 22:49 89 --a------ c:\windows\ULead32.ini
2009-02-17 15:10 . 2009-02-17 15:10 <DIR> d-------- c:\documents and settings\Táta\Data aplikací\IObit
2009-02-11 01:13 . 2009-02-11 01:13 42,320 --a------ c:\windows\system32\xfcodec.dll
2009-01-29 15:25 . 2009-01-29 15:51 <DIR> d-------- c:\program files\IObit
2009-01-29 15:25 . 2009-01-29 15:51 <DIR> d-------- c:\documents and settings\Jakub\Data aplikací\IObit
2009-01-27 17:10 . 2009-01-27 17:10 916,499 --a------ c:\windows\content.csv
2009-01-23 23:07 . 2009-01-23 23:07 <DIR> d-------- c:\program files\Common Files\Futuremark Shared
2009-01-23 23:06 . 2009-01-23 23:06 <DIR> d-------- c:\windows\Sun
2009-01-23 23:04 . 2009-01-23 23:04 <DIR> d-------- c:\program files\Java
2009-01-23 23:04 . 2009-01-23 23:04 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-23 23:04 . 2009-01-23 23:04 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-21 19:11 . 2009-01-21 19:11 <DIR> d-------- c:\program files\QIP

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 16:39 --------- d-----w c:\documents and settings\Jakub\Data aplikací\Xfire
2009-02-21 16:31 --------- d-----w c:\program files\Apple Software Update
2009-02-21 15:27 406,340 ----a-w c:\windows\system32\drivers\fwdrv.err
2009-02-20 13:01 --------- d-----w c:\program files\Xfire
2009-02-19 19:02 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-19 19:02 --------- d-----w c:\program files\Bethesda Softworks
2009-02-19 18:50 --------- d-----w c:\program files\Electronic Arts
2009-02-19 15:57 --------- d-----w c:\program files\Ubisoft
2009-02-19 15:57 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-19 15:55 --------- d-----w c:\program files\Zaklínač
2009-02-19 01:06 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-01-31 09:32 --------- d-----w c:\program files\Common Files\stardock
2009-01-30 11:05 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-30 09:49 --------- d-----w c:\documents and settings\Jakub\Data aplikací\uTorrent
2009-01-30 09:29 --------- d-----w c:\program files\Bit Che
2009-01-27 16:24 413,696 ----a-w c:\windows\system32\wrap_oal.dll
2009-01-27 16:24 110,592 ----a-w c:\windows\system32\OpenAL32.dll
2009-01-24 15:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-24 15:33 --------- d-----w c:\program files\AGEIA Technologies
2009-01-19 18:36 --------- d-----w c:\program files\Common Files\CyberLink
2009-01-19 18:35 --------- d-----w c:\program files\CyberLink
2009-01-19 18:34 29,480 ----a-w c:\windows\system32\msxml3a.dll
2009-01-19 18:06 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-01-07 10:28 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-01-05 15:25 --------- d-----w c:\documents and settings\Táta\Data aplikací\Logitech
2009-01-01 19:35 --------- d-----w c:\documents and settings\Táta\Data aplikací\Nero
2009-01-01 19:35 --------- d-----w c:\documents and settings\Táta\Data aplikací\DisplayTune
2008-12-26 14:35 --------- d-----w c:\program files\Common Files\Adobe
2008-12-25 21:44 --------- d-----w c:\documents and settings\Jakub\Data aplikací\IMVU
2008-12-23 18:46 --------- d-----w c:\program files\RegCleaner
2008-12-23 18:27 --------- d-----w c:\program files\CCleaner
2008-12-23 10:13 --------- d-----w c:\program files\Miranda
2008-12-23 08:12 --------- d-----w c:\program files\Trend Micro
2008-12-21 13:12 --------- d-----w c:\program files\Jets'n'Guns
2008-12-10 08:45 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-12-04 08:28 24,344 ----a-w c:\windows\system32\PhysXDevice.dll
2008-11-26 07:55 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-11-25 07:38 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe
1999-07-07 00:00 6 --sh--r c:\windows\@@desktop.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-21_15.52.44,46 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-11 07:34:45 77,886 ----a-w c:\windows\system32\perfc005.dat
+ 2009-02-21 16:36:24 77,886 ----a-w c:\windows\system32\perfc005.dat
- 2009-02-11 07:34:45 67,356 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-21 16:36:24 67,356 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-11 07:34:45 427,610 ----a-w c:\windows\system32\perfh005.dat
+ 2009-02-21 16:36:24 427,610 ----a-w c:\windows\system32\perfh005.dat
- 2009-02-11 07:34:45 430,632 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-21 16:36:24 430,632 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-21 16:37:52 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1e4.dat
+ 2009-02-21 16:37:56 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_28c.dat
+ 2009-02-21 16:37:46 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6c4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]
"DT LGE"="c:\program files\Portrait Displays\forteManager\DTHtml.exe" [2007-06-12 291328]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2009-01-14 1986384]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 c:\windows\RTHDCPL.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]

c:\documents and settings\Jakub\Nabˇdka Start\Programy\Po spuçtŘnˇ\
miranda32.exe.lnk - c:\program files\Miranda\Miranda IM\miranda32.exe [2008-09-06 639045]
MSINET.OCX [2009-01-29 132880]
sgalert.exe [2009-01-29 61440]
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-02-11 3008336]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-16 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-16 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-21 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-02-20 71088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-21 20560]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-03-02 69120]
S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist --> c:\program files\AMD\OverDrive\AODAssist [?]
S2 gupdate1c9922431152b9e;Služba Google Update (gupdate1c9922431152b9e);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-19 133104]
S3 cpuz130;cpuz130;\??\c:\docume~1\Jakub\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Jakub\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2008-08-17 23600]
.
Obsah adresáře 'Naplánované úlohy'

2009-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-19 00:53]

2009-02-21 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-19 00:54]

2009-01-29 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-01-14 13:15]

2009-01-29 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\ [2009-01-29 15:51]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.dufpy.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jakub\Nabídka Start\Programy\IMVU\Run IMVU.lnk
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Jakub\Data aplikací\Mozilla\Firefox\Profiles\xk8g42k3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Jakub\Data aplikací\Mozilla\Firefox\Profiles\xk8g42k3.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- NASTAVENÍ FIREFOXU ----
c:\dockl\Slo§ky\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 17:39:46
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AODService]
"ImagePath"="c:\program files\AMD\OverDrive\AODAssist"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1956)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Celkový čas: 2009-02-21 17:43:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-02-21 16:43:16
ComboFix2.txt 2009-02-21 14:54:37

Před spuštěním: Volných bajtů: 285 089 792 000
Po spuštění: Volných bajtů: 285,070,340,096

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
310 --- E O F --- 2009-02-19 01:09:05

a teď HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45, on 21. 2. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Miranda\Miranda IM\miranda32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Winamp\winamp.exe
C:\Dockl\Složky\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dufpy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Startup: miranda32.exe.lnk = C:\Program Files\Miranda\Miranda IM\miranda32.exe
O4 - Startup: MSINET.OCX
O4 - Startup: sgalert.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jakub\Nabídka Start\Programy\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AODService - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Služba Google Update (gupdate1c9922431152b9e) (gupdate1c9922431152b9e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10975 bytes

uff.Nutno ale dodat že po tom co mi tam prováděl ComboFix, tak jak se to restartovalo před vytvořením logu.Ta chybová hláška vyletěla zas

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.

Pak zkus znovu použít Dial-a-fix, nebo opravnou konzoli, logy jsou již čisté.

[Aolorn]

CCleaner OK,T Cleaner OK, ATF cleaner OK, zase jsem to projel tou kontrolou dial-a-fixu jak předtím,relognu se do widlí a co se stalo? Vyletělo okýnko s upozoeněním To už je trochu moc.. Strašně ti díky za pomoct, ale máš ještě nějaké nápady čím to vyřešit?