Zpomalený notebook Vyřešeno

[Scary]

Dobrý den,
v posledních dnech se mi snížil výkon notebooku. Určitě vím, že je zapříčiněno prachem ve větráku notebooku MSI GX620X, často slyšim jak jede furt na plný výkon. Ale pro jistotu bych chtěl, aby se mi někdo koukl na log a pak bych měl ještě několik dotazů ohledně vyčištění u tohoto NB (všeude na internetu psali, ze se musi vyndat klavesnice apod. a že v zádu jsou na to označeny šrouky, ale já je tam označeny nemam)

----------------------LOG-----------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:02:04, on 16.8.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
E:\Programy\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
E:\Programy\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Programy\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\wuauclt.exe
E:\Programy\Xfire\Xfire.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
E:\Programy\Mozilla Firefox\firefox.exe
E:\Programy\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Programy\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Programy\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [avast5] "E:\Programy\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RGSC] F:\Hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\Programy\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Programy\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! Antivirus - AVAST Software - E:\Programy\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - E:\Programy\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - E:\Programy\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 6511 bytes

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

(všeude na internetu psali, ze se musi vyndat klavesnice apod. a že v zádu jsou na to označeny šrouky, ale já je tam označeny nemam)

Doporučuji zadat nové téma do sekce problémy s HW.

[Scary]

Děkuji moc za rychlou odpověd.

Fixnuto, Cleaner jsem pouzil a u toho posledního mi to nic nenašlo. Takže myslíš, že je to ok? Jinak ten druhej problém postnu do tý sekce k večeru.

´Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4436

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.8.2010 19:04:43
mbam-log-2010-08-16 (19-04-43).txt

Typ skenu: Rychlý sken
Skenované objekty: 132464
Uplynulý čas: 4 minuta(y), 56 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[jaro3]

Ještě něco zkusíme:

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

[Scary]

ComboFix 10-08-15.04 - Scary 16.08.2010 20:54:26.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3071.2206 [GMT 2:00]
Spuštěný z: c:\users\Scary\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Ijl11.dll
c:\windows\system32\vbpng1.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-16 do 2010-08-16 )))))))))))))))))))))))))))))))
.

2010-08-16 19:00 . 2010-08-16 19:00 -------- d-----w- c:\users\Scary\AppData\Local\temp
2010-08-16 19:00 . 2010-08-16 19:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-16 18:51 . 2010-08-16 18:51 -------- d-----w- C:\32788R22FWJFW
2010-08-16 16:58 . 2010-08-16 16:58 -------- d-----w- c:\users\Scary\AppData\Roaming\Malwarebytes
2010-08-16 16:58 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 16:58 . 2010-08-16 16:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 16:58 . 2010-08-16 16:58 -------- d-----w- c:\programdata\Malwarebytes
2010-08-16 16:58 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 16:54 . 2010-08-16 18:41 -------- d-----w- c:\users\Scary\AppData\Local\Adobe
2010-08-16 08:58 . 2010-08-16 08:58 388096 ----a-r- c:\users\Scary\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-16 08:58 . 2010-08-16 08:58 -------- d-----w- c:\program files\Trend Micro
2010-08-14 20:00 . 2010-08-14 20:00 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-14 17:29 . 2010-08-14 17:29 -------- d-----w- c:\program files\Common Files\Java
2010-08-02 10:05 . 2010-08-02 10:05 -------- d-----w- c:\programdata\Codemasters
2010-08-02 10:05 . 2010-08-02 10:05 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-08-02 10:05 . 2010-08-02 10:05 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-08-02 10:05 . 2010-08-02 10:05 -------- d-----w- c:\program files\OpenAL
2010-08-02 10:03 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-02 10:03 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-02 10:03 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-02 10:03 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-02 10:03 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-02 10:03 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-02 10:03 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-02 10:03 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-07-31 18:32 . 2010-07-31 18:32 -------- d-----w- c:\users\Scary\AppData\Roaming\WB Games
2010-07-31 12:08 . 2010-08-04 16:07 -------- d-----w- c:\program files\Mplayer
2010-07-31 12:04 . 1999-10-09 15:30 305152 ----a-w- c:\windows\IsUninst.exe
2010-07-28 11:16 . 2010-07-29 09:49 -------- d-----w- c:\programdata\NOS
2010-07-22 09:03 . 2010-07-28 21:22 -------- d-----w- c:\users\Scary\AppData\Roaming\mIRC
2010-07-21 11:52 . 2003-04-21 19:46 61440 ----a-w- c:\windows\system32\ASIW32N50.dll
2010-07-21 11:52 . 2002-09-10 17:35 16302 ----a-w- c:\windows\system32\ASINDIS5.sys
2010-07-21 11:52 . 2002-09-09 19:01 61440 ----a-w- c:\windows\system32\ASUSW32N50.dll
2010-07-21 11:52 . 2002-09-09 17:54 16269 ----a-w- c:\windows\system32\ASNDIS5.sys
2010-07-21 11:51 . 2010-07-21 11:51 -------- d-----w- c:\program files\ASUS

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 18:50 . 2010-01-30 13:05 -------- d-----w- c:\users\Scary\AppData\Roaming\Xfire
2010-08-16 16:54 . 2009-07-26 17:53 625914 ----a-w- c:\windows\system32\perfh005.dat
2010-08-16 16:54 . 2009-07-26 17:53 120000 ----a-w- c:\windows\system32\perfc005.dat
2010-08-16 15:51 . 2010-01-30 20:54 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-16 15:51 . 2010-01-30 18:51 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-15 21:44 . 2010-05-07 18:15 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-15 13:25 . 2010-02-06 16:05 -------- d-----w- c:\users\Scary\AppData\Roaming\vlc
2010-08-14 20:00 . 2010-01-30 13:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-14 17:28 . 2010-06-13 07:49 -------- d-----w- c:\program files\Java
2010-08-14 08:49 . 2010-01-30 20:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-04 16:14 . 2010-03-06 12:43 -------- d-----w- c:\users\Scary\AppData\Roaming\dvdcss
2010-08-04 16:11 . 2010-01-30 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-04 15:35 . 2010-01-30 10:29 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-30 09:11 . 2010-01-30 13:05 -------- d-----w- c:\programdata\Xfire
2010-07-21 08:31 . 2010-05-17 13:57 -------- d-----w- c:\program files\Common Files\Steam
2010-07-17 03:00 . 2010-06-13 07:49 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-10 20:09 . 2010-01-30 13:13 -------- d-----w- c:\users\Scary\AppData\Roaming\TS3Client
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-08 18:26 . 2010-01-31 19:00 -------- d-----w- c:\users\Scary\AppData\Roaming\teamspeak2
2010-06-28 20:57 . 2010-07-01 08:33 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-05-13 11:09 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-05-13 11:10 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-05-13 11:10 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-05-13 11:10 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-05-13 11:10 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-05-13 11:10 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-20 17:03 . 2010-06-20 17:03 50354 ----a-w- c:\users\Scary\AppData\Roaming\Facebook\uninstall.exe
2010-06-20 17:03 . 2010-06-20 17:03 -------- d-----w- c:\users\Scary\AppData\Roaming\Facebook
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\users\Scary\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-05-21 12:14 . 2010-01-30 10:55 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="f:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-13 306088]
"DAEMON Tools Lite"="e:\programy\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"GrooveMonitor"="e:\programy\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-30 8452640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 13789728]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"avast5"="e:\programy\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"NoHotStart"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-30 691696]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2009-03-25 40560]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-30 93968]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-30 66080]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

.
Obsah adresáře 'Naplánované úlohy'

2010-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 14:26]

2010-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 14:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - e:\programy\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Scary\AppData\Roaming\Mozilla\Firefox\Profiles\0ekz1ubo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\Scary\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: e:\programy\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: e:\programy\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: e:\programy\Win7codecs\rm\browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
e:\programy\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
e:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
e:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
e:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
e:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
e:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
e:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-AdobeBridge - (no file)


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-491414590-2023906998-1555482788-1000\Software\SecuROM\License information*]
"datasecu"=hex:e0,0d,fc,ed,7e,e9,b2,d7,bc,44,b0,b3,79,e7,79,99,8c,36,54,cc,28,
9b,55,1a,49,7e,ee,39,8e,d3,3f,59,1a,6d,f5,1e,fb,0a,5c,fb,c3,02,ed,4c,9d,8d,\
"rkeysecu"=hex:b2,d9,3b,84,91,20,fe,b8,bb,90,29,06,a5,96,06,df

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-08-16 21:02:17
ComboFix-quarantined-files.txt 2010-08-16 19:02

Před spuštěním: Volných bajtů: 13 633 069 056
Po spuštění: Volných bajtů: 13 454 016 512

- - End Of File - - F53DFE29F9F95695E85D119ED9D77832

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\perfh005.dat
c:\windows\system32\perfc005.dat

Folder::
C:\32788R22FWJFW

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Scary]

ComboFix 10-08-15.04 - Scary 16.08.2010 22:14:40.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3071.2167 [GMT 2:00]
Spuštěný z: c:\users\Scary\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Scary\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfh005.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\32788R22FWJFW
c:\32788r22fwjfw\EN-US\cmd.cfxxe.mui
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-16 do 2010-08-16 )))))))))))))))))))))))))))))))
.

2010-08-16 20:18 . 2010-08-16 20:19 -------- d-----w- c:\users\Scary\AppData\Local\temp
2010-08-16 20:18 . 2010-08-16 20:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-16 20:18 . 2010-08-16 20:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-16 16:58 . 2010-08-16 16:58 -------- d-----w- c:\users\Scary\AppData\Roaming\Malwarebytes
2010-08-16 16:58 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 16:58 . 2010-08-16 16:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 16:58 . 2010-08-16 16:58 -------- d-----w- c:\programdata\Malwarebytes
2010-08-16 16:58 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 16:54 . 2010-08-16 18:41 -------- d-----w- c:\users\Scary\AppData\Local\Adobe
2010-08-16 08:58 . 2010-08-16 08:58 388096 ----a-r- c:\users\Scary\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-16 08:58 . 2010-08-16 08:58 -------- d-----w- c:\program files\Trend Micro
2010-08-14 20:00 . 2010-08-14 20:00 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-14 17:29 . 2010-08-14 17:29 -------- d-----w- c:\program files\Common Files\Java
2010-08-02 10:05 . 2010-08-02 10:05 -------- d-----w- c:\programdata\Codemasters
2010-08-02 10:05 . 2010-08-02 10:05 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-08-02 10:05 . 2010-08-02 10:05 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-08-02 10:05 . 2010-08-02 10:05 -------- d-----w- c:\program files\OpenAL
2010-08-02 10:03 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-02 10:03 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-02 10:03 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-02 10:03 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-02 10:03 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-02 10:03 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-02 10:03 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-02 10:03 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-07-31 18:32 . 2010-07-31 18:32 -------- d-----w- c:\users\Scary\AppData\Roaming\WB Games
2010-07-31 12:08 . 2010-08-04 16:07 -------- d-----w- c:\program files\Mplayer
2010-07-31 12:04 . 1999-10-09 15:30 305152 ----a-w- c:\windows\IsUninst.exe
2010-07-28 11:16 . 2010-07-29 09:49 -------- d-----w- c:\programdata\NOS
2010-07-22 09:03 . 2010-07-28 21:22 -------- d-----w- c:\users\Scary\AppData\Roaming\mIRC
2010-07-21 11:52 . 2003-04-21 19:46 61440 ----a-w- c:\windows\system32\ASIW32N50.dll
2010-07-21 11:52 . 2002-09-10 17:35 16302 ----a-w- c:\windows\system32\ASINDIS5.sys
2010-07-21 11:52 . 2002-09-09 19:01 61440 ----a-w- c:\windows\system32\ASUSW32N50.dll
2010-07-21 11:52 . 2002-09-09 17:54 16269 ----a-w- c:\windows\system32\ASNDIS5.sys
2010-07-21 11:51 . 2010-07-21 11:51 -------- d-----w- c:\program files\ASUS

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 20:11 . 2010-01-30 13:05 -------- d-----w- c:\users\Scary\AppData\Roaming\Xfire
2010-08-16 19:14 . 2010-01-30 20:54 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-16 19:14 . 2010-01-30 18:51 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-15 21:44 . 2010-05-07 18:15 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-15 13:25 . 2010-02-06 16:05 -------- d-----w- c:\users\Scary\AppData\Roaming\vlc
2010-08-14 20:00 . 2010-01-30 13:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-14 17:28 . 2010-06-13 07:49 -------- d-----w- c:\program files\Java
2010-08-14 08:49 . 2010-01-30 20:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-04 16:14 . 2010-03-06 12:43 -------- d-----w- c:\users\Scary\AppData\Roaming\dvdcss
2010-08-04 16:11 . 2010-01-30 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-04 15:35 . 2010-01-30 10:29 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-30 09:11 . 2010-01-30 13:05 -------- d-----w- c:\programdata\Xfire
2010-07-21 08:31 . 2010-05-17 13:57 -------- d-----w- c:\program files\Common Files\Steam
2010-07-17 03:00 . 2010-06-13 07:49 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-10 20:09 . 2010-01-30 13:13 -------- d-----w- c:\users\Scary\AppData\Roaming\TS3Client
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-08 18:26 . 2010-01-31 19:00 -------- d-----w- c:\users\Scary\AppData\Roaming\teamspeak2
2010-06-28 20:57 . 2010-07-01 08:33 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-05-13 11:09 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-05-13 11:10 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-05-13 11:10 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-05-13 11:10 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-05-13 11:10 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-05-13 11:10 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-20 17:03 . 2010-06-20 17:03 50354 ----a-w- c:\users\Scary\AppData\Roaming\Facebook\uninstall.exe
2010-06-20 17:03 . 2010-06-20 17:03 -------- d-----w- c:\users\Scary\AppData\Roaming\Facebook
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\users\Scary\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-05-21 12:14 . 2010-01-30 10:55 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="f:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-13 306088]
"DAEMON Tools Lite"="e:\programy\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"GrooveMonitor"="e:\programy\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-30 8452640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 13789728]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"avast5"="e:\programy\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"NoHotStart"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-30 691696]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2009-03-25 40560]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-30 93968]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-30 66080]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

.
Obsah adresáře 'Naplánované úlohy'

2010-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 14:26]

2010-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 14:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - e:\programy\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Scary\AppData\Roaming\Mozilla\Firefox\Profiles\0ekz1ubo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\Scary\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: e:\programy\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: e:\programy\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: e:\programy\Win7codecs\rm\browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
e:\programy\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\programy\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
e:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
e:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
e:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
e:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
e:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
e:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-491414590-2023906998-1555482788-1000\Software\SecuROM\License information*]
"datasecu"=hex:e0,0d,fc,ed,7e,e9,b2,d7,bc,44,b0,b3,79,e7,79,99,8c,36,54,cc,28,
9b,55,1a,49,7e,ee,39,8e,d3,3f,59,1a,6d,f5,1e,fb,0a,5c,fb,c3,02,ed,4c,9d,8d,\
"rkeysecu"=hex:b2,d9,3b,84,91,20,fe,b8,bb,90,29,06,a5,96,06,df
.
Celkový čas: 2010-08-16 22:20:27
ComboFix-quarantined-files.txt 2010-08-16 20:20
ComboFix2.txt 2010-08-16 19:02

Před spuštěním: Volných bajtů: 13 498 490 880
Po spuštění: Volných bajtů: 13 445 722 112

- - End Of File - - 588C7A187B64354D50A80635E0F552C0

[Scary]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:24:47, on 16.8.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Programy\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Programy\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [avast5] "E:\Programy\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [RGSC] F:\Hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\Programy\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Programy\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! Antivirus - AVAST Software - E:\Programy\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - E:\Programy\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - E:\Programy\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 4566 bytes

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG či Avast, následně T-Cleaner smaž a zapni si AVG či Avast.


Tady můžeš dát zelenou fajfku , vyřešeno a pokračuj v sekci Problémy s HW , kde Ti jistě poradí jak vyčistit NTB od prachu.