Problém s internetem - kontrola logu Vyřešeno

[Martimos]

Ahoj, zhruba od začátku Září mám problémy s internetem. Často padá a jeho rychlost je celkem nestabilní. Než to budu řešit s poskytovatelem, rád bych se ujistil, jestli v tom nemá prsty nějaká havěť v PC, proto bych rád požádal nějakou laskavou duši o zkouknutí logu. Předem děkuji. (Internet mám ADSL od 02).

HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:55, on 24.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\ashWebSv.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} (ICASign Class) - https://ib24.csob.cz/Comp/IcaSignerCZ.cab
O16 - DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} (CSOBEnroll Class) - https://ib24.csob.cz/comp/CSOBEnroll.dll
O16 - DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} (ICApki Class) - http://download.ica.cz/icapki.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4121181187
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 5405 bytes


Před vytvořením HJT logu jsem dělal Úplný skem programem Malwarebytes Anti-Malware, který nic nenašel.

[Reklama]

[Damned]

Stáhni si RSIT, klikni na "Continue" a nech ho provést sken.
Za chvíli se vygeneruje log se jménem log.txt (pokud nebude log vygenerován, najdeš jej v C:\rsit\log.txt); jeho obsah mi sem zkopíruj.
Zkopíruj sem (nebo přilož) i druhý log s názvem info.txt

[Martimos]

log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by PC at 2009-09-24 18:03:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 167 GB (72%) free of 230 GB
Total RAM: 1023 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:41, on 24.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\ashWebSv.exe
C:\Documents and Settings\PC\Plocha\Martin\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\PC.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} (ICASign Class) - https://ib24.csob.cz/Comp/IcaSignerCZ.cab
O16 - DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} (CSOBEnroll Class) - https://ib24.csob.cz/comp/CSOBEnroll.dll
O16 - DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} (ICApki Class) - http://download.ica.cz/icapki.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4121181187
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 5398 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-05 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-05 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"avast!"=C:\PROGRA~1\Avast\ashDisp.exe [2009-08-17 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-21 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Total Commander\TOTALCMD.EXE"="C:\Program Files\Total Commander\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe"="C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe:*:Disabled:Adobe After Effects CS3"
"C:\Program Files\Vietcong\vietcong.exe"="C:\Program Files\Vietcong\vietcong.exe:*:Enabled:vietcong"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-09-24 18:03:33 ----D---- C:\rsit
2009-09-22 19:10:36 ----D---- C:\Program Files\K-Lite Codec Pack
2009-09-22 19:10:36 ----D---- C:\Documents and Settings\PC\Data aplikací\Real
2009-09-20 18:02:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\NOS
2009-09-19 07:45:53 ----D---- C:\Documents and Settings\PC\Data aplikací\2K Sports
2009-09-19 07:34:52 ----D---- C:\Program Files\Major League Baseball 2K9
2009-09-13 08:24:41 ----D---- C:\Documents and Settings\PC\Data aplikací\BITS
2009-09-05 18:05:32 ----D---- C:\Documents and Settings\PC\Data aplikací\teamspeak2
2009-09-05 18:05:06 ----D---- C:\Program Files\Teamspeak
2009-09-05 11:45:09 ----D---- C:\Program Files\Vietcong

======List of files/folders modified in the last 1 months======

2009-09-24 18:03:35 ----D---- C:\WINDOWS\Prefetch
2009-09-24 18:01:45 ----D---- C:\Program Files\Mozilla Firefox
2009-09-24 15:49:40 ----D---- C:\WINDOWS\Temp
2009-09-24 15:49:32 ----D---- C:\WINDOWS
2009-09-23 22:51:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-23 15:57:45 ----D---- C:\Program Files\Wise Registry Cleaner
2009-09-23 15:54:48 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-23 15:52:23 ----D---- C:\Program Files\Advanced SystemCare
2009-09-22 19:14:20 ----D---- C:\Program Files
2009-09-22 19:10:58 ----D---- C:\WINDOWS\system32\config
2009-09-22 19:10:50 ----D---- C:\WINDOWS\system32\wbem
2009-09-22 19:10:49 ----D---- C:\WINDOWS\Registration
2009-09-22 19:10:39 ----D---- C:\WINDOWS\system32
2009-09-20 18:28:30 ----SHD---- C:\WINDOWS\Installer
2009-09-20 18:28:29 ----SHD---- C:\Config.Msi
2009-09-18 15:00:25 ----D---- C:\Program Files\Poker
2009-09-18 11:54:02 ----D---- C:\Program Files\Avast
2009-09-12 16:44:01 ----D---- C:\Program Files\Common Files
2009-09-12 11:02:52 ----D---- C:\Program Files\QIP
2009-09-11 17:25:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-11 17:25:36 ----D---- C:\WINDOWS\system32\drivers
2009-09-10 19:00:13 ----D---- C:\WINDOWS\Debug
2009-09-09 19:34:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-09 19:34:36 ----HD---- C:\WINDOWS\inf
2009-09-09 19:34:30 ----D---- C:\WINDOWS\ie8updates
2009-09-09 19:34:29 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-31 18:18:03 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-28 23:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-25 17:55:17 ----A---- C:\WINDOWS\WINCMD.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2006-12-16 8704]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]
R2 ASPI32;ASPI32; C:\WINDOWS\System32\drivers\aspi32.sys [2007-09-17 16512]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-21 2843136]
R3 GEMPC430;GEMPLUS GemPC430 USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\grclass.sys [2001-10-24 82432]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 ag1rqetp;ag1rqetp; C:\WINDOWS\system32\drivers\ag1rqetp.sys []
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2006-05-09 13824]
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2006-12-16 13824]
S3 catchme;catchme; \??\C:\DOCUME~1\PC\LOCALS~1\Temp\catchme.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-08-26 10345]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-09-21 21120]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2009-04-15 47360]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023k.sys [2002-08-12 11136]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Avast\aswUpdSv.exe [2009-08-17 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-21 512000]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast\ashServ.exe [2009-08-17 138680]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-13 28933976]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-13 240416]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast\ashWebSv.exe [2009-08-17 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-12-20 593920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-04-28 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-10-21 79360]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Avast\ashMaiSv.exe [2009-08-17 254040]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-25 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-05 152984]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2007-02-13 45272]
S3 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-09-04 1295616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S4 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR []

-----------------EOF-----------------

[Martimos]

info.txt

info.txt logfile of random's system information tool 1.06 2009-09-24 18:03:45

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Adobe After Effects CS3 Presets-->MsiExec.exe /I{4B215C29-1A3E-4736-92AA-10C83FA56EB9}
Adobe After Effects CS3-->C:\Program Files\Common Files\Adobe\Installers\b7dd24a87e82dcf8af8876fd727b7cf\Setup.exe
Adobe After Effects CS3-->MsiExec.exe /I{8AF3FB06-BDA3-42A3-995C-308812D2F094}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 7.0.5 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A70500000002}
Adobe Setup-->MsiExec.exe /I{2C294A0B-DF22-4023-B168-8C7645B10019}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advanced SystemCare 3-->"C:\Program Files\Advanced SystemCare\unins000.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Ashampoo Burning Studio 6 FREE-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 6 FREE\unins000.exe"
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
AutoCAD 2007 - Český-->MsiExec.exe /I{5783F2D7-5001-0405-0002-0060B0CE6BBA}
Autodesk Inventor Professional 2008-->MsiExec.exe /I{7F4DD591-1200-0409-0000-7107D70F3DB4}
avast! Antivirus-->C:\Program Files\Avast\aswRunDll.exe "C:\Program Files\Avast\Setup\setiface.dll",RunSetup
bwin Poker (remove only)-->"C:\Program Files\Poker\uninstall.exe"
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1033
Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon Camera Window DVC for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}
Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon S520-->C:\WINDOWS\system32\CNMCP3M.EXE -@C:\WINDOWS\IsUn0405.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S520 Installer\Inst\DeIsL1.isu" -pCanon S520-c"C:\BJPrinter\CNMWINDOWS\Canon S520 Installer\Inst\bjinst.dll
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ComfortChip-->"C:\Program Files\ComfortChip\unins000.exe"
Gemplus Smart Card Reader Tools-->C:\Program Files\Gemplus\ReaderTools\Installer\setup.exe /u
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
K-Lite Mega Codec Pack 4.7.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kouzelné dárky-->C:\Program Files\Kouzelné dárky\Uninstall.exe
Major League Baseball 2K9-->"C:\WINDOWS\Major League Baseball 2K9\uninstall.exe" "/U:C:\Program Files\Major League Baseball 2K9\Uninstall\uninstall.xml"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{A2C9CD1B-2551-3AED-B244-6698FB929FA6}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{546C143E-68DC-314D-97BC-1E454E3BA429}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetup.dll,DoNTUninst
Numericon-->C:\Program Files\Numericon\Uninstall.exe
O&O Defrag Professional Edition-->MsiExec.exe /I{E6CB18CD-04EF-4C6A-A5F3-5F49E7332895}
Oprava Hotfix systému Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\SETUP.EXE -runfromtemp -l0x0005 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x5 -removeonly
Se Zajdou za poznáním - Školka 1-->C:\Program Files\The Learning Company\Se Zajdou za poznáním - Školka 1\uninstall.exe
Se Zajdou za poznáním - Školka 2-->C:\Program Files\The Learning Company\Se Zajdou za poznáním - Školka 2\uninstall.exe
Softarová utilita ATI - Odinstalovat-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Sony Vegas 7.0-->MsiExec.exe /X{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak\unins000.exe"
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
Total Commander (Remove or Repair)-->C:\Program Files\Total Commander\tcuninst.exe
Trapcode Form-->C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\trapcodeform.log
Trapcode Particular-->C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\trapcodeparticular.log
Trapcode Shine-->C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\trapcodeShine.log
Trapcode Starglow-->C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\trapcodeStarglow.log
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Office 2007 (KB934528)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
Vietcong & Vietcong: Fist Alpha-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\Vietcong\Uninstall\setup.exe" -l0x5
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Wise Registry Cleaner 4 Free 4.82-->"C:\Program Files\Wise Registry Cleaner\unins000.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
ZyXEL USB ADSL Modem/Router -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BE3BF62-D432-4D47-A712-CD4DF91CABFB}\Setup.exe" -l0x9

=====HijackThis Backups=====

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE [2009-02-17]
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [2009-02-17]
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2009-02-17]
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.cz/OnlineScanner.cab [2009-02-17]
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing) [2009-02-17]
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing) [2009-02-18]
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm [2009-03-11]
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm [2009-03-11]
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm [2009-03-11]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll [2009-03-25]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-03-27]
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [2009-04-10]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [2009-04-10]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-04-10]
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 [2009-04-10]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-04-22]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2009-05-20]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-05-24]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-05-24]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-05-24]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-05-24]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-05-26]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-05-26]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-05-27]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-05-27]
O20 - AppInit_DLLs: [2009-05-27]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-05-29]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-05-29]
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r [2009-05-29]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-05-30]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-05-30]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-05-30]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-05-30]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-06-02]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-06-02]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2009-06-04]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-06-04]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-06-04]
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2009-06-06]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-06-07]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-06-07]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2009-06-14]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-06-14]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-06-14]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2009-06-20]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-06-20]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-06-20]
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [2009-06-20]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-06-24]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-06-24]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-07-13]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2009-07-13]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-07-13]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-07-14]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-07-14]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-07-27]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-07-27]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2009-07-27]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2009-07-31]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-07-31]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-07-31]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-08-03]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-08-03]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-08-04]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-08-04]
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [2009-08-06]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-08-06]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-08-06]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-08-20]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-08-20]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2009-08-20]

======Security center information======

AV: avast! antivirus 4.8.1351 [VPS 090923-0]

======System event log======

Computer Name: PC-A9AA425F3041
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Kompatibilita pro rychlé přepínání uživatelů úspěšně odeslán.

Record Number: 54929
Source Name: Service Control Manager
Time Written: 20090819072827.000000+120
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: PC-A9AA425F3041
Event Code: 7036
Message: Stav služby Terminálová služba byl změněn na: Spuštěno

Record Number: 54928
Source Name: Service Control Manager
Time Written: 20090819072827.000000+120
Event Type: Informace
User:

Computer Name: PC-A9AA425F3041
Event Code: 7000
Message: Služba General Purpose USB Driver (adildr.sys) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.


Record Number: 54927
Source Name: Service Control Manager
Time Written: 20090819072824.000000+120
Event Type: Chyba
User:

Computer Name: PC-A9AA425F3041
Event Code: 6005
Message: Služba Event Log byla spuštěna.

Record Number: 54926
Source Name: EventLog
Time Written: 20090819072805.000000+120
Event Type: Informace
User:

Computer Name: PC-A9AA425F3041
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 54925
Source Name: EventLog
Time Written: 20090819072805.000000+120
Event Type: Informace
User:

=====Application event log=====

Computer Name: PC-A9AA425F3041
Event Code: 3408
Message: Recovery is complete. This is an informational message only. No user action is required.

Record Number: 25983
Source Name: MSSQL$AUTODESKVAULT
Time Written: 20090821091805.000000+120
Event Type: Informace
User:

Computer Name: PC-A9AA425F3041
Event Code: 17137
Message: Starting up database 'tempdb'.

Record Number: 25982
Source Name: MSSQL$AUTODESKVAULT
Time Written: 20090821091805.000000+120
Event Type: Informace
User:

Computer Name: PC-A9AA425F3041
Event Code: 17126
Message: SQL Server is now ready for client connections. This is an informational message; no user action is required.

Record Number: 25981
Source Name: MSSQL$AUTODESKVAULT
Time Written: 20090821091805.000000+120
Event Type: Informace
User:

Computer Name: PC-A9AA425F3041
Event Code: 17199
Message: Dedicated administrator connection support was not started because it is not available on this edition of SQL Server. This is an informational message only. No user action is required.

Record Number: 25980
Source Name: MSSQL$AUTODESKVAULT
Time Written: 20090821091805.000000+120
Event Type: Informace
User:

Computer Name: PC-A9AA425F3041
Event Code: 26048
Message: Server local connection provider is ready to accept connection on [ \\.\pipe\MSSQL$AUTODESKVAULT\sql\query ].

Record Number: 25979
Source Name: MSSQL$AUTODESKVAULT
Time Written: 20090821091805.000000+120
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"OMP_NUM_THREADS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

[Damned]

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

C:\WINDOWS\system32\drivers\ag1rqetp.sys
****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]



Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory , najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání hodnoty do registru. Schval.
*****************************************************************************************************************************************
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Martimos]

Tak vše provedeno.

Tady je výsledek z VirusTotalu: http://www.virustotal.com/cs/analisis/b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9-1253810542

ComboFix:

ComboFix 09-09-23.02 - PC 24.09.2009 18:52.8.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.684 [GMT 2:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090923-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\94495e.msp
c:\windows\Installer\944963.msp
c:\windows\Installer\944968.msp
c:\windows\Installer\e09da5.msi

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-24 do 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-24 16:03 . 2009-09-24 16:03 -------- d-----w- C:\rsit
2009-09-22 17:10 . 2009-09-22 17:10 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-22 17:10 . 2009-09-22 17:10 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-09-19 05:34 . 2009-09-23 16:39 -------- d-----w- c:\program files\Major League Baseball 2K9
2009-09-09 17:28 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-05 16:05 . 2009-09-12 14:50 -------- d-----w- c:\program files\Teamspeak
2009-09-05 09:45 . 2009-09-18 15:29 -------- d-----w- c:\program files\Vietcong

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 13:57 . 2009-05-23 18:05 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-09-23 13:52 . 2009-07-13 14:14 -------- d-----w- c:\program files\Advanced SystemCare
2009-09-18 13:00 . 2009-04-12 09:57 -------- d-----w- c:\program files\Poker
2009-09-18 09:54 . 2008-03-19 13:34 -------- d-----w- c:\program files\Avast
2009-09-12 09:02 . 2009-03-16 18:08 -------- d-----w- c:\program files\QIP
2009-09-11 15:25 . 2009-03-01 16:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 12:54 . 2009-03-01 16:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-03-01 16:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-31 16:18 . 2008-02-27 13:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-26 09:47 . 2008-10-28 16:27 10345 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-08-17 16:10 . 2008-03-19 13:34 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-03-19 13:34 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-03-19 13:34 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-01 13:14 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-01 13:14 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-03-19 13:34 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-03-19 13:34 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-03-19 13:34 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-03-19 13:34 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:01 . 2004-08-17 13:49 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:04 . 2004-08-17 13:49 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-17 13:49 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2004-08-17 13:49 915456 ----a-w- c:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avast!"="c:\progra~1\Avast\ashDisp.exe" [2009-08-17 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Total Commander\\TOTALCMD.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"c:\\Program Files\\Vietcong\\vietcong.exe"=

R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [14.4.2009 17:35 39440]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2008 15:14 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2008 15:14 20560]
R3 GEMPC430;GEMPLUS GemPC430 USB Smart Card Reader;c:\windows\system32\drivers\grclass.sys [21.3.2008 21:59 82432]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [9.5.2006 18:27 13824]
S3 NCHSSVAD;SoundTap Recorder;c:\windows\system32\drivers\nchssvad.sys [21.9.2008 14:10 21120]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.idnes.cz/
uInternet Settings,ProxyOverride = *.local
DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} - hxxps://ib24.csob.cz/Comp/IcaSignerCZ.cab
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://ib24.csob.cz/comp/CSOBEnroll.dll
DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} - hxxp://download.ica.cz/icapki.cab
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\b5mcnbn1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pc-help.cz/
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 18:56
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="FB98FDB7BA8CF785D9E274B4E92661928BA388EC0247C39877DB979D424EAD69A2FC41914F366AFD36656A145E1D632D48F210732B5E6B78839B6E934131BE6614A0751016E6E76B67CB0BED6CAD66E7BE3EA1DF93E6AE2F91CB1A19EA90F522356D7B2E3DB5CDDAE9C0F605677D92E822913960D1BAA399FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC7933A6171C11EC38DE3DE1A3344B8F39F21A68308373F12AD3DBF7F38BE9D5E058E56ED97FB52E6F837895520AD80AE7EDF1776D17560A6F7C93786C7C3F2C6CEB614B7A715A62B4B28AB4E3CED67B582CE393EA260A5BF70FF0CAA0A24583AAC301E95642B86DF2F6D8B29BD9E22FCA8D6C674EE396F6B2DC2A6D35AB8CD25BBA533B324085C9DE566B977F347A4383E62DAFFD39E3BE15A519F3137E0760C5A00C47196B5DC42E4EED015B1D04A94A016ABE2740BE6C17213B8468320BCAB3B70129587A407F1BCEB09DBE86C72BE91B0EF83AC8D98A367833D726145281F1382D1184D59170E43C2733FA98F2E0B2E3A3D6E9D64AF97249C63D8024FAC9D14BB041EF9C97624DEC69192A2C933AF8015DE6B022896CD0A5DE17F1178A3DA911CC91379FFEF01CAEB43C2550A07A110D8EC9499574EBDA158A5B36D56347539DE9EC3863D58F1BC1661D8CC771B7DA92B1B5B351CCD39B8F7C14CFFAD1292C759153942391049959834EC10941DBB314E173B3A73953A484086004D90478169574D633CA08E66A9C357AED3EB2270086625F53A2C0EC0AD5A8725AF58C9D76EBE3203EFD74A663A845DB7AC5C82CA6D2176C5C7AD17BE459FC10A08762D337DC5669238FF585DE8DA5C297B3EB519455879EE021BE28D1584592E8FA5EAEC43E6882138B1219BC4FE715B7CCE8D1B760628E33393B737112E86A0870BF11125BD84E86AD2EC9DFE446CA928C703C0537F76B6E9A6132E838F01816BDA9B395F309C3376996D72D3B1CEE24A116F273953DF5EBD0AF0BDFEF0CB3716A2123C6B881EFA1627AD2903367A22A6D52ACFE254B82CB9A867A83D40A653B33124225D4EB708972EDA179A04E9A280782F428895EFAF36CAA4F8473E2EBD788C943B0DE1878F327E6FD5849181E65B9E52AF056D85D8CEC47AD974E301B708FFAB1F0E8F7D02C4341F5A4EBB0896D03A17F62153DB900F8680EF45BAF5872A03BE76EF4A452403BBC69D9B6A74E0E96BE7A07C33635009F00BBD985431D8F478616B6F8D5EE0138FD90F64EB06F5C59A7F66FD1900B7F2363D606A970783C453A445B62EB28051989F3FC4B2406ADE62FA3AE253C86B7FCCB53BF9A620D328E9949F28E6B16A8EDCD717339FEBD1F8E87835C96CE89A4D656F6CE1DE490ED4CC951965078"
"OODEFRAG11.00.00.01WORKSTATION"="44F42D268D7A43144D45BF0A9B03856DDCEAEFCDB1085BF1FBB7E808BF1906A5DEDD4B3F01AF12EF1BA873926677889541CE8F87CC236AC5375100D288537D2EEB6A0DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933FEBC9E127BECC74CA2D97226D213B5553CEB6330261098FB987CC17BE4885417335E118C1631F8D2E8D48847EBCE9FB99D95D050AA0510D3135567D7C109B2D9472116B9721E90B9E9817CE211E85AEA5B772215C9131193C345A1707F342C7CB00459CDB1985D54CD8D37727BCFDB479E360D011C0CC4DF5B53F6D110520ABFCB95D1073E006CA0382DC07E301411A8F6C9490B5FD49991735DEF800BBED81BD5B5F893A8C18B52B3652605595BA71FD47D931B75E9C0B384149BF22C666D37F21CCD9824E44E4D2A137576C0DD176F0DF1AD1264D7AD08ECFB8B94CFCEDCF02C52552D0A7F8B2FED6342B7DAE9158E5919DA3F57C11B82EFEC54C4FB108059EAB512DD543D60C53158A52339E01EABD63D63EA99DC05CCB294905554D177B80078922AA3E029918E4B390497B7F2A287F795CD1F75AD41C074DC8EA65723859E1F6307BB3D0A4B80E59E9B50F71809503A41957DE79AF20960DB2B5FF12BEE5C85175B063B6B5CE9A5F8A0E6BD5426FB473BE56D271324DB02B259930877D6B6D7C4040C56F6E40DDEEE3AFEBBB474B5B6DBD3CE3AA4CEF0540BBC799638D00D980851009F1C3513B7AD85DFB70A258FF400E821BAA11F63AA93EC6BACDE28A11DFD86B43A0FD488AB63157988E71B80C288248CD69FF4AF277CF4E8EC21D91C8E4A5BA0DFC57F5D08C4EB5B9D25ECDFB15AF65AD075663AC4FB52148FF91888EC137D62DBFAA066718985B9F7DF67ECA95D47767EC23AC74FCBF934DD2646D508038B380F2FDEDBDC6C4CEE2BF68948E87EEEF54B67ED0466A951B4B8A9015706C89986EC258CD916AC2376621086F57C2EBC0D358832FB80D6B3A3934913C461972FD3FE63B7613B8F5E72DA114761CAE1F395CE0FE9A3679971B4758F00B966264A4E61369C57C0DCC6A6E4A765570911C60E3CA8B0D035BACC3E79CA7BB4B82E59C4422B2E026B5E1A7CE54431894439E2973B4750BD5C89FC3C4E0D7099CCEEC12C6817148FD7650981D71A2E0C5B5A64F8171E4A0920552BCBB82D7C31ECAAD91AAA1128907344B765472215D904F9DD1B332853349B75F8B08EC3702437A86E4C767278F781D341FC56984FCE4421558D852154A6B943F8D23BB0D1041DB23FA14B5C4820976FB043B97C7EAD78DA4500998BE7AABB1CB03C3E94DAC36318819F3D308D44237687D3B912F49B50399BC90C2CE16E37E19C9A2CD678B9262C5B6CF496F204DFCC3CEDB5633A21504FB865108B430513FAAB43"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-09-24 18:57
ComboFix-quarantined-files.txt 2009-09-24 16:57

Před spuštěním: Volných bajtů: 175 110 402 048
Po spuštění: Volných bajtů: 175 083 212 800

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
151 --- E O F --- 2009-08-26 06:24

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
C:\WINDOWS\system32\drivers\ag1rqetp.sys
C:\DOCUME~1\PC\LOCALS~1\Temp\catchme.sys

Driver::
ag1rqetp;ag1rqetp
ag1rqetp
catchme;catchme
catchme

Rootkit::
C:\WINDOWS\system32\drivers\ag1rqetp.sys




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[Martimos]

ComboFix 09-09-23.02 - PC 24.09.2009 19:21.9.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.585 [GMT 2:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\PC\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090923-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\docume~1\PC\LOCALS~1\Temp\catchme.sys"
"c:\windows\system32\drivers\ag1rqetp.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CATCHME
-------\Service_ag1rqetp
-------\Service_catchme


((((((((((((((((((((((((( Soubory vytvořené od 2009-08-24 do 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-24 16:03 . 2009-09-24 16:03 -------- d-----w- C:\rsit
2009-09-22 17:10 . 2009-09-22 17:10 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-22 17:10 . 2009-09-22 17:10 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-09-19 05:34 . 2009-09-23 16:39 -------- d-----w- c:\program files\Major League Baseball 2K9
2009-09-09 17:28 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-05 16:05 . 2009-09-12 14:50 -------- d-----w- c:\program files\Teamspeak
2009-09-05 09:45 . 2009-09-18 15:29 -------- d-----w- c:\program files\Vietcong

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 13:57 . 2009-05-23 18:05 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-09-23 13:52 . 2009-07-13 14:14 -------- d-----w- c:\program files\Advanced SystemCare
2009-09-18 13:00 . 2009-04-12 09:57 -------- d-----w- c:\program files\Poker
2009-09-18 09:54 . 2008-03-19 13:34 -------- d-----w- c:\program files\Avast
2009-09-12 09:02 . 2009-03-16 18:08 -------- d-----w- c:\program files\QIP
2009-09-11 15:25 . 2009-03-01 16:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 12:54 . 2009-03-01 16:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-03-01 16:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-31 16:18 . 2008-02-27 13:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-26 09:47 . 2008-10-28 16:27 10345 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-08-17 16:10 . 2008-03-19 13:34 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-03-19 13:34 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-03-19 13:34 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-01 13:14 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-01 13:14 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-03-19 13:34 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-03-19 13:34 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-03-19 13:34 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-03-19 13:34 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:01 . 2004-08-17 13:49 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:04 . 2004-08-17 13:49 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-17 13:49 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2004-08-17 13:49 915456 ------w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-24_16.56.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-24 17:26 . 2009-09-24 17:26 16384 c:\windows\Temp\Perflib_Perfdata_5f0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avast!"="c:\progra~1\Avast\ashDisp.exe" [2009-08-17 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Total Commander\\TOTALCMD.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"c:\\Program Files\\Vietcong\\vietcong.exe"=

R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [14.4.2009 17:35 39440]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2008 15:14 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2008 15:14 20560]
R3 GEMPC430;GEMPLUS GemPC430 USB Smart Card Reader;c:\windows\system32\drivers\grclass.sys [21.3.2008 21:59 82432]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [9.5.2006 18:27 13824]
S3 NCHSSVAD;SoundTap Recorder;c:\windows\system32\drivers\nchssvad.sys [21.9.2008 14:10 21120]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.idnes.cz/
uInternet Settings,ProxyOverride = *.local
DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} - hxxps://ib24.csob.cz/Comp/IcaSignerCZ.cab
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://ib24.csob.cz/comp/CSOBEnroll.dll
DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} - hxxp://download.ica.cz/icapki.cab
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\b5mcnbn1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pc-help.cz/
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 19:26
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="FB98FDB7BA8CF785D9E274B4E92661928BA388EC0247C39877DB979D424EAD69A2FC41914F366AFD36656A145E1D632D48F210732B5E6B78839B6E934131BE6614A0751016E6E76B67CB0BED6CAD66E7BE3EA1DF93E6AE2F91CB1A19EA90F522356D7B2E3DB5CDDAE9C0F605677D92E822913960D1BAA399FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC7933A6171C11EC38DE3DE1A3344B8F39F21A68308373F12AD3DBF7F38BE9D5E058E56ED97FB52E6F837895520AD80AE7EDF1776D17560A6F7C93786C7C3F2C6CEB614B7A715A62B4B28AB4E3CED67B582CE393EA260A5BF70FF0CAA0A24583AAC301E95642B86DF2F6D8B29BD9E22FCA8D6C674EE396F6B2DC2A6D35AB8CD25BBA533B324085C9DE566B977F347A4383E62DAFFD39E3BE15A519F3137E0760C5A00C47196B5DC42E4EED015B1D04A94A016ABE2740BE6C17213B8468320BCAB3B70129587A407F1BCEB09DBE86C72BE91B0EF83AC8D98A367833D726145281F1382D1184D59170E43C2733FA98F2E0B2E3A3D6E9D64AF97249C63D8024FAC9D14BB041EF9C97624DEC69192A2C933AF8015DE6B022896CD0A5DE17F1178A3DA911CC91379FFEF01CAEB43C2550A07A110D8EC9499574EBDA158A5B36D56347539DE9EC3863D58F1BC1661D8CC771B7DA92B1B5B351CCD39B8F7C14CFFAD1292C759153942391049959834EC10941DBB314E173B3A73953A484086004D90478169574D633CA08E66A9C357AED3EB2270086625F53A2C0EC0AD5A8725AF58C9D76EBE3203EFD74A663A845DB7AC5C82CA6D2176C5C7AD17BE459FC10A08762D337DC5669238FF585DE8DA5C297B3EB519455879EE021BE28D1584592E8FA5EAEC43E6882138B1219BC4FE715B7CCE8D1B760628E33393B737112E86A0870BF11125BD84E86AD2EC9DFE446CA928C703C0537F76B6E9A6132E838F01816BDA9B395F309C3376996D72D3B1CEE24A116F273953DF5EBD0AF0BDFEF0CB3716A2123C6B881EFA1627AD2903367A22A6D52ACFE254B82CB9A867A83D40A653B33124225D4EB708972EDA179A04E9A280782F428895EFAF36CAA4F8473E2EBD788C943B0DE1878F327E6FD5849181E65B9E52AF056D85D8CEC47AD974E301B708FFAB1F0E8F7D02C4341F5A4EBB0896D03A17F62153DB900F8680EF45BAF5872A03BE76EF4A452403BBC69D9B6A74E0E96BE7A07C33635009F00BBD985431D8F478616B6F8D5EE0138FD90F64EB06F5C59A7F66FD1900B7F2363D606A970783C453A445B62EB28051989F3FC4B2406ADE62FA3AE253C86B7FCCB53BF9A620D328E9949F28E6B16A8EDCD717339FEBD1F8E87835C96CE89A4D656F6CE1DE490ED4CC951965078"
"OODEFRAG11.00.00.01WORKSTATION"="44F42D268D7A43144D45BF0A9B03856DDCEAEFCDB1085BF1FBB7E808BF1906A5DEDD4B3F01AF12EF1BA873926677889541CE8F87CC236AC5375100D288537D2EEB6A0DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933FEBC9E127BECC74CA2D97226D213B5553CEB6330261098FB987CC17BE4885417335E118C1631F8D2E8D48847EBCE9FB99D95D050AA0510D3135567D7C109B2D9472116B9721E90B9E9817CE211E85AEA5B772215C9131193C345A1707F342C7CB00459CDB1985D54CD8D37727BCFDB479E360D011C0CC4DF5B53F6D110520ABFCB95D1073E006CA0382DC07E301411A8F6C9490B5FD49991735DEF800BBED81BD5B5F893A8C18B52B3652605595BA71FD47D931B75E9C0B384149BF22C666D37F21CCD9824E44E4D2A137576C0DD176F0DF1AD1264D7AD08ECFB8B94CFCEDCF02C52552D0A7F8B2FED6342B7DAE9158E5919DA3F57C11B82EFEC54C4FB108059EAB512DD543D60C53158A52339E01EABD63D63EA99DC05CCB294905554D177B80078922AA3E029918E4B390497B7F2A287F795CD1F75AD41C074DC8EA65723859E1F6307BB3D0A4B80E59E9B50F71809503A41957DE79AF20960DB2B5FF12BEE5C85175B063B6B5CE9A5F8A0E6BD5426FB473BE56D271324DB02B259930877D6B6D7C4040C56F6E40DDEEE3AFEBBB474B5B6DBD3CE3AA4CEF0540BBC799638D00D980851009F1C3513B7AD85DFB70A258FF400E821BAA11F63AA93EC6BACDE28A11DFD86B43A0FD488AB63157988E71B80C288248CD69FF4AF277CF4E8EC21D91C8E4A5BA0DFC57F5D08C4EB5B9D25ECDFB15AF65AD075663AC4FB52148FF91888EC137D62DBFAA066718985B9F7DF67ECA95D47767EC23AC74FCBF934DD2646D508038B380F2FDEDBDC6C4CEE2BF68948E87EEEF54B67ED0466A951B4B8A9015706C89986EC258CD916AC2376621086F57C2EBC0D358832FB80D6B3A3934913C461972FD3FE63B7613B8F5E72DA114761CAE1F395CE0FE9A3679971B4758F00B966264A4E61369C57C0DCC6A6E4A765570911C60E3CA8B0D035BACC3E79CA7BB4B82E59C4422B2E026B5E1A7CE54431894439E2973B4750BD5C89FC3C4E0D7099CCEEC12C6817148FD7650981D71A2E0C5B5A64F8171E4A0920552BCBB82D7C31ECAAD91AAA1128907344B765472215D904F9DD1B332853349B75F8B08EC3702437A86E4C767278F781D341FC56984FCE4421558D852154A6B943F8D23BB0D1041DB23FA14B5C4820976FB043B97C7EAD78DA4500998BE7AABB1CB03C3E94DAC36318819F3D308D44237687D3B912F49B50399BC90C2CE16E37E19C9A2CD678B9262C5B6CF496F204DFCC3CEDB5633A21504FB865108B430513FAAB43"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(568)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avast\aswUpdSv.exe
c:\program files\Avast\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\system32\rundll32.exe
c:\program files\Avast\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2009-09-24 19:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-24 17:29
ComboFix2.txt 2009-09-24 16:57

Před spuštěním: Volných bajtů: 175 095 705 600
Po spuštění: Volných bajtů: 174 985 789 440

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
183 --- E O F --- 2009-08-26 06:24

[Martimos]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:25, on 24.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} (ICASign Class) - https://ib24.csob.cz/Comp/IcaSignerCZ.cab
O16 - DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} (CSOBEnroll Class) - https://ib24.csob.cz/comp/CSOBEnroll.dll
O16 - DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} (ICApki Class) - http://download.ica.cz/icapki.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4121181187
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 5371 bytes



Internet zatím vypadá stabilně, ovšem chtělo by to chvíli testovat. Pokud bude problém přetrvávat, tak napíšu.

[Damned]

Já tam již problém nevidím.

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, avast! nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, avast! i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG,avast!, Aviru.)


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.

ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Kdyby něco, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se.

[Martimos]

Fajn, net zatím drží, takže paráda. Moc děkuju za pomoc.