Prosím o kontrolu logu Vyřešeno

[bereline]

Zdravím, mám jeden velký problém. Od včerejšího rána, se mi pravidelne vypíná komunikační program (MIRANDA,QIP). Další programy jsem nezkoušel. Jde o to, že všechno bylo v pohodě, celou dobu. Poté jsem byl s NB na jedné LANce a od včera, když si zapnu MIRANDU nebo QIP, se mi po několika minutách prostě vypne do offline módu a abych se znovu nahodil do režimu online, musím je nejprve kompletně vypnout a teprve pak zapnout. Než skočím online, trvá to strašně dlouho. Možná mám v NB nějakého bacila, prosím o kontrolu. Díky bereline

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:03, on 29.8.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
E:\Wolfram3D Miranda Pack\Miranda IM\miranda32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\System32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search13.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
O1 - Hosts: 78.46.50.119 L2authd.Lineage2.com
O1 - Hosts: 78.46.50.119 testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 216.107.250.194 update.nProtect.com
O1 - Hosts: 216.107.250.194 update.nProtect.net
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SketchBook Snapshot.lnk = C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - (no file)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - (no file)
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WTService - Unknown owner - C:\Windows\system32\atwtusb.exe

--
End of file - 7994 bytes

[Reklama]

[bledulka]

Ahoj,


Stahni CCleaner http://www.filehippo.com/download_cclea ... cbae6b492/
-nainstaluj (neinstaluj Yahoo toolbar)

-zvol záložku Čistič
-nechej v levém sloupečku zatrhnuté vše jak je a zmáčkni tlačítko analyzovat
-pak potvrď tlačítko Spustit Ccleaner
-tím se vyčistí počítač od dočasných soubborů, doporučuji pravidelně používat.

-vyber záložku registry
-klikni na tlačítko hledej problémy
-pak klikni na opravit vybrané problémy, potvrď, že chceš udělat zálohu a nech všechno opravit

**********************

Stahni Rsit http://images.malwareremoval.com/random/RSIT.exe
-spusť, klikni na tlačítko Continue
-po skenu na tebe vyběhne log.txt,obsah vlož zde


*********************

Stahni Mbam http://download.cnet.com/3001-8022_4-10 ... l-10804572
-nainstaluj, aktualizuj
-udělej uplný sken a vlož sem log

[bereline]

CCleaner používám pravidelně a to samé MbAM

Tady je první log z RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by RedFish at 2010-08-30 10:25:27
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 24 GB (16%) free of 152 GB
Total RAM: 3069 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:25:34, on 30.8.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\RedFish\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\RedFish.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search13.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
O1 - Hosts: 78.46.50.119 L2authd.Lineage2.com
O1 - Hosts: 78.46.50.119 testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 216.107.250.194 update.nProtect.com
O1 - Hosts: 216.107.250.194 update.nProtect.net
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SketchBook Snapshot.lnk = C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - (no file)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - (no file)
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WTService - Unknown owner - C:\Windows\system32\atwtusb.exe

--
End of file - 8158 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1311360706-466973743-1341764523-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1311360706-466973743-1341764523-1000UA.job
C:\Windows\tasks\PCConfidential.job
C:\Windows\tasks\SDMsgUpdate (TE).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-25 41368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-08 6037504]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]
"NDSTray.exe"=NDSTray.exe []
"topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632]
"Toshiba TEMPO"=C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [2008-04-24 103824]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"HDMICtrlMan"=C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [2008-04-26 716800]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2008-01-17 431456]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2007-10-31 54608]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2008-01-25 509816]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2008-03-19 716800]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2008-01-11 574864]
"SMail"=C:\Program Files\Seznam\Postak\Postak.exe [2006-05-18 450560]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-06-19 949376]
"MacrokeyManager"=C:\Windows\system32\WTMKM.exe [2009-04-22 3161760]
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2006-11-29 90112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Steam"=c:\program files\valve\steam\steam.exe [2010-08-25 1242448]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SketchBook Snapshot.lnk - C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe

C:\Users\RedFish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"E:\Combat Arms\Combat Arms\CombatArms.exe"="E:\Combat Arms\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"E:\Combat Arms\Combat Arms\Engine.exe"="E:\Combat Arms\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"E:\Combat Arms\Combat Arms EU\CombatArms.exe"="E:\Combat Arms\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"E:\Combat Arms\Combat Arms EU\Engine.exe"="E:\Combat Arms\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"E:\Combat Arms\Combat Arms\CombatArms.exe"="E:\Combat Arms\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"E:\Combat Arms\Combat Arms\Engine.exe"="E:\Combat Arms\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"E:\Combat Arms\Combat Arms EU\CombatArms.exe"="E:\Combat Arms\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"E:\Combat Arms\Combat Arms EU\Engine.exe"="E:\Combat Arms\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-08-30 10:25:27 ----D---- C:\rsit
2010-08-26 10:49:46 ----HD---- C:\ProgramData\CanonBJ
2010-08-12 22:17:35 ----A---- C:\Windows\system32\iertutil.dll
2010-08-12 22:17:34 ----A---- C:\Windows\system32\mshtml.dll
2010-08-12 22:17:33 ----A---- C:\Windows\system32\ieframe.dll
2010-08-12 22:17:32 ----A---- C:\Windows\system32\urlmon.dll
2010-08-12 22:17:31 ----A---- C:\Windows\system32\wininet.dll
2010-08-12 22:17:31 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-12 22:17:31 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-12 22:17:31 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-12 22:17:29 ----A---- C:\Windows\system32\occache.dll
2010-08-12 22:17:29 ----A---- C:\Windows\system32\mstime.dll
2010-08-12 22:17:29 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-12 22:17:29 ----A---- C:\Windows\system32\ieui.dll
2010-08-12 22:17:29 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-12 22:17:29 ----A---- C:\Windows\system32\iesetup.dll
2010-08-12 22:17:29 ----A---- C:\Windows\system32\iepeers.dll
2010-08-12 22:17:28 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-12 22:17:28 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-12 22:17:28 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-12 22:17:28 ----A---- C:\Windows\system32\iernonce.dll
2010-08-12 22:17:27 ----A---- C:\Windows\system32\iccvid.dll
2010-08-12 22:17:26 ----A---- C:\Windows\system32\schannel.dll
2010-08-12 22:17:13 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-12 22:17:12 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-12 22:17:11 ----A---- C:\Windows\system32\rtutils.dll
2010-08-12 22:17:09 ----A---- C:\Windows\system32\win32k.sys
2010-08-12 22:17:08 ----A---- C:\Windows\system32\msxml3.dll
2010-08-12 22:17:06 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-12 22:17:06 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-12 22:17:03 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-09 17:38:52 ----A---- C:\Windows\system32\msvcr90.dll
2010-08-09 17:29:05 ----D---- C:\Users\RedFish\AppData\Roaming\Miranda
2010-08-04 11:40:25 ----A---- C:\Windows\system32\shell32.dll
2010-07-31 10:59:09 ----D---- C:\FlatOut 2

======List of files/folders modified in the last 1 months======

2010-08-30 10:25:34 ----D---- C:\Program Files\Trend Micro
2010-08-30 10:25:33 ----D---- C:\Windows\temp
2010-08-30 10:25:28 ----D---- C:\Windows\Prefetch
2010-08-30 10:24:06 ----D---- C:\Windows\Debug
2010-08-30 10:24:06 ----D---- C:\Windows
2010-08-30 10:22:25 ----D---- C:\Program Files\Mozilla Firefox
2010-08-30 10:12:03 ----A---- C:\Windows\win.ini
2010-08-30 00:37:27 ----D---- C:\Users\RedFish\AppData\Roaming\vlc
2010-08-29 22:47:08 ----D---- C:\Users\RedFish\AppData\Roaming\HLSW
2010-08-29 14:12:39 ----SHD---- C:\System Volume Information
2010-08-27 21:58:24 ----D---- C:\Program Files\Garena
2010-08-27 21:19:50 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-08-26 21:41:59 ----D---- C:\Users\RedFish\AppData\Roaming\dvdcss
2010-08-26 19:02:49 ----AD---- C:\Windows\System32
2010-08-26 19:02:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-26 19:02:47 ----D---- C:\Windows\inf
2010-08-26 14:58:03 ----D---- C:\Users\RedFish\AppData\Roaming\Skype
2010-08-26 10:49:46 ----D---- C:\ProgramData
2010-08-25 19:17:12 ----D---- C:\Users\RedFish\AppData\Roaming\XnView
2010-08-19 21:04:47 ----D---- C:\Program Files\Lineage
2010-08-19 14:53:17 ----SHD---- C:\Windows\Installer
2010-08-15 02:41:00 ----D---- C:\Windows\Microsoft.NET
2010-08-15 02:40:26 ----RSD---- C:\Windows\assembly
2010-08-15 02:38:19 ----D---- C:\Windows\winsxs
2010-08-15 02:24:37 ----D---- C:\Program Files\Internet Explorer
2010-08-15 02:24:36 ----D---- C:\Windows\system32\migration
2010-08-15 02:24:33 ----D---- C:\Program Files\Movie Maker
2010-08-15 02:24:31 ----D---- C:\Windows\system32\drivers
2010-08-15 02:08:15 ----D---- C:\ProgramData\Microsoft Help
2010-08-15 02:03:43 ----D---- C:\Windows\system32\catroot
2010-08-15 02:03:41 ----D---- C:\Windows\system32\catroot2
2010-08-15 02:02:40 ----D---- C:\Program Files\Windows Mail
2010-08-14 17:33:29 ----D---- C:\Users\RedFish\AppData\Roaming\teamspeak2
2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe
2010-08-03 11:09:56 ----RD---- C:\Program Files
2010-08-02 21:40:34 ----AD---- C:\ProgramData\TEMP
2010-08-02 21:35:25 ----D---- C:\Program Files\TrackMania Nations ESWC
2010-08-02 21:33:39 ----D---- C:\ProgramData\Norton
2010-08-02 21:33:38 ----D---- C:\ProgramData\Symantec
2010-08-02 21:33:37 ----D---- C:\Windows\Tasks
2010-08-02 21:31:52 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-02 21:31:52 ----D---- C:\Program Files\Ubisoft
2010-08-02 20:38:59 ----D---- C:\Users\RedFish\AppData\Roaming\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 330264]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys [2006-12-23 77120]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys [2005-12-21 7136]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 59000]
R0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 83320]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-02-02 691696]
R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2008-07-18 279376]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]
R1 nod32drv;nod32drv; C:\Windows\system32\drivers\nod32drv.sys [2009-06-19 15424]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys [2006-12-23 80768]
R2 AMON;AMON; C:\Windows\system32\drivers\amon.sys [2009-06-19 512096]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-07-12 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-07-12 25888]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-02-15 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-04-08 3548672]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
R3 GarenaPEngine;GarenaPEngine; \??\C:\Users\RedFish\AppData\Local\Temp\KTOF067.tmp []
R3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\plugins\UI\safedrv.sys []
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-09 2095512]
R3 moufiltr;Tablet Mouse Filter Driver; C:\Windows\system32\DRIVERS\moufiltr.sys [2009-03-08 6144]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-15 118784]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2008-07-15 17960]
R3 vhidmini;Generic Virtual HID Driver; C:\Windows\system32\DRIVERS\walvhid.sys [2009-04-16 6144]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S3 avtg93m6;avtg93m6; C:\Windows\system32\drivers\avtg93m6.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-10-10 17480]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2009-04-06 4682]
S3 PsSdk40;PsSdk40; \??\C:\Windows\system32\Drivers\pssdk40.sys [2010-06-24 36928]
S3 PsSdkLBF;PsSdkLBF; \??\C:\Windows\system32\Drivers\pssdklbf.sys [2010-06-24 53312]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-04-07 667648]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-06-19 552064]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-08 75064]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 TempoMonitoringService;Notebook Performance Tuning Service ; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-07-18 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2008-01-17 431456]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WTService;WTService; C:\Windows\system32\atwtusb.exe [2009-04-22 392864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-11-29 72704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-11-01 320760]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; E:\Visual Studio 2008 Professional\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416]

-----------------EOF-----------------


log z MbAM

Malwarebytes' Anti-Malware 1.38
Verze databáze: 2348
Windows 6.0.6001 Service Pack 1

30.8.2010 12:24:15
mbam-log-2010-08-30 (12-24-15).txt

Typ skenu: Úplný sken (C:\|E:\|)
Objektu skenováno: 422444
Uplynulý cas: 1 hour(s), 49 minute(s), 8 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[bledulka]

Stáhni na plochu, ukonči všechna aktivní okna a spusť ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna :!:

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopíruj celý jeho obsah sem

[bereline]

ComboFix 10-08-28.02 - RedFish 30.08.2010 13:50:21.10.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3069.2273 [GMT 2:00]
Spuštěný z: c:\users\RedFish\Desktop\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}


.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-28 do 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-30 08:25 . 2010-08-30 08:25 -------- d-----w- C:\rsit
2010-08-09 15:38 . 2007-11-06 22:19 655872 ----a-w- c:\windows\system32\msvcr90.dll
2010-08-09 15:29 . 2010-08-09 15:29 -------- d-----w- c:\users\RedFish\AppData\Roaming\Miranda
2010-08-03 16:34 . 2010-08-15 11:04 -------- d-----w- c:\users\RedFish\AppData\Local\4A Games
2010-08-03 11:06 . 2010-08-03 11:06 -------- d-----w- c:\users\RedFish\AppData\Local\Activision

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 11:52 . 2008-01-21 06:46 657426 ----a-w- c:\windows\system32\perfh005.dat
2010-08-30 11:52 . 2008-01-21 06:46 136928 ----a-w- c:\windows\system32\perfc005.dat
2010-08-30 11:34 . 2009-07-13 14:36 -------- d-----w- c:\users\RedFish\AppData\Roaming\HLSW
2010-08-30 09:11 . 2009-12-10 12:47 -------- d-----w- c:\users\RedFish\AppData\Roaming\vlc
2010-08-30 08:25 . 2009-06-24 19:05 -------- d-----w- c:\program files\Trend Micro
2010-08-27 19:58 . 2009-10-23 10:34 -------- d-----w- c:\program files\Garena
2010-08-27 19:19 . 2009-07-08 09:14 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-27 19:19 . 2009-07-08 09:14 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-26 19:41 . 2009-12-11 14:06 -------- d-----w- c:\users\RedFish\AppData\Roaming\dvdcss
2010-08-26 12:58 . 2009-06-09 22:09 -------- d-----w- c:\users\RedFish\AppData\Roaming\Skype
2010-08-26 08:49 . 2010-08-26 08:49 -------- d--h--w- c:\programdata\CanonBJ
2010-08-25 17:17 . 2009-06-10 08:28 -------- d-----w- c:\users\RedFish\AppData\Roaming\XnView
2010-08-19 19:04 . 2009-11-22 11:42 -------- d-----w- c:\program files\Lineage
2010-08-15 00:08 . 2008-07-16 17:22 -------- d-----w- c:\programdata\Microsoft Help
2010-08-15 00:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-14 15:33 . 2009-06-12 10:30 -------- d-----w- c:\users\RedFish\AppData\Roaming\teamspeak2
2010-08-02 19:35 . 2010-02-06 19:06 -------- d-----w- c:\program files\TrackMania Nations ESWC
2010-08-02 19:33 . 2010-07-13 10:18 -------- d-----w- c:\programdata\Norton
2010-08-02 19:33 . 2010-07-13 10:18 -------- d-----w- c:\programdata\Symantec
2010-08-02 19:31 . 2010-05-31 20:19 -------- d-----w- c:\program files\Ubisoft
2010-08-02 19:31 . 2008-07-16 16:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-02 18:38 . 2009-06-10 08:29 -------- d-----w- c:\users\RedFish\AppData\Roaming\uTorrent
2010-07-25 17:54 . 2009-06-24 18:51 -------- d-----w- c:\program files\PowerArchiver
2010-07-22 09:33 . 2010-07-22 07:42 -------- d-----w- c:\program files\METRO 2033
2010-07-22 08:39 . 2008-07-16 17:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-22 08:10 . 2010-07-22 08:10 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-21 20:58 . 2010-07-21 20:58 -------- d-----w- c:\users\RedFish\AppData\Roaming\VitySoft
2010-07-21 15:02 . 2009-11-08 10:06 -------- d-----w- c:\program files\Stardock Games
2010-07-21 15:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-07-21 15:00 . 2010-06-02 17:25 -------- d-----w- c:\program files\FlatOut2
2010-07-21 11:26 . 2010-07-21 11:26 -------- d-----w- c:\users\RedFish\AppData\Roaming\LolClient
2010-07-21 09:44 . 2010-01-20 10:30 -------- d-----w- c:\programdata\PMB Files
2010-07-13 10:26 . 2010-07-13 10:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-13 10:20 . 2009-11-13 18:34 -------- d-----w- c:\program files\DivX
2010-07-13 10:19 . 2010-07-13 09:19 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-13 10:18 . 2010-07-13 09:09 -------- d-----w- c:\programdata\DivX
2010-07-13 10:18 . 2009-11-13 18:34 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-13 10:18 . 2009-11-13 18:34 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-13 10:18 . 2010-07-13 10:18 -------- d-----w- c:\programdata\NortonInstaller
2010-07-13 10:16 . 2009-11-14 16:10 -------- d-----w- c:\users\RedFish\AppData\Roaming\DivX
2010-07-13 09:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-07-13 09:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-07-13 09:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-07-13 09:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-07-13 09:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-07-13 09:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-07-13 09:28 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-07-10 16:09 . 2009-06-09 22:12 -------- d-----w- c:\users\RedFish\AppData\Roaming\skypePM
2010-07-09 08:05 . 2009-11-14 17:08 -------- d-----w- c:\users\RedFish\AppData\Roaming\runic games
2010-07-09 08:05 . 2009-11-14 17:06 -------- d-----w- c:\program files\Runic Games
2010-06-26 06:05 . 2010-08-12 20:17 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 20:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 20:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 20:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-24 09:54 . 2010-06-20 18:06 53312 ----a-w- c:\windows\system32\drivers\pssdklbf.sys
2010-06-24 09:54 . 2010-06-20 18:05 36928 ----a-w- c:\windows\system32\drivers\pssdk40.sys
2010-06-23 12:32 . 2010-04-10 11:04 1 ----a-w- c:\users\RedFish\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-21 16:22 . 2010-06-21 16:22 76591 ----a-w- C:\AutoMouseClicker.zip
2010-06-21 13:18 . 2010-08-12 20:17 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 16:43 . 2010-08-12 20:17 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 14:43 . 2010-08-12 20:17 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 14:43 . 2010-08-12 20:17 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-18 10:21 . 2008-08-11 13:16 125952 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-06-16 15:59 . 2010-08-12 20:17 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 15:31 . 2010-08-12 20:17 274432 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 15:30 . 2010-08-12 20:17 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:00 . 2010-08-12 20:17 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-08 17:00 . 2010-08-12 20:17 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-02 02:55 . 2010-07-21 10:38 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-07-21 10:38 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-07-21 10:38 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Steam"="c:\program files\valve\steam\steam.exe" [2010-08-25 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-06-19 949376]
"MacrokeyManager"="WTMKM.exe" [2009-04-22 3161760]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]

c:\users\RedFish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SketchBook Snapshot.lnk - c:\program files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe [2009-2-23 708608]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" /start
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):0e,8e,31,10,6f,22,cb,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GarenaPEngine;GarenaPEngine;c:\users\RedFish\AppData\Local\Temp\KTOF067.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\plugins\UI\safedrv.sys [x]
R3 PsSdk40;PsSdk40;c:\windows\system32\Drivers\pssdk40.sys [2010-06-24 36928]
R3 PsSdkLBF;PsSdkLBF;c:\windows\system32\Drivers\pssdklbf.sys [2010-06-24 53312]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-02 691696]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-06-19 15424]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe [2009-04-22 392864]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

.
Obsah adresáře 'Naplánované úlohy'

2010-01-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-23 22:01]

2010-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1311360706-466973743-1341764523-1000Core.job
- c:\users\RedFish\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-11 12:27]

2010-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1311360706-466973743-1341764523-1000UA.job
- c:\users\RedFish\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-11 12:27]

2009-11-27 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-11-26 16:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search13.net/
uDefault_Search_URL = hxxp://search13.net/
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737}
FF - ProfilePath - c:\users\RedFish\AppData\Roaming\Mozilla\Firefox\Profiles\n69m2b2d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\RedFish\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Miranda IM - e:\miranda im 0.8.27\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 14:01
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\users\RedFish\AppData\Local\Temp\catchme.dll 53248 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\RedFish\AppData\Local\Temp\KTOF067.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1311360706-466973743-1341764523-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:21,f5,b3,74,22,28,47,5c,bb,5c,95,40,4d,1a,dd,29,fc,f8,d9,99,b3,54,9a,
d9,f3,ed,5c,a8,a7,f4,79,a3,45,3c,58,cf,31,35,54,89,41,e8,d2,78,b7,da,dc,dd,\
"??"=hex:43,f2,5d,65,60,69,d7,a0,f9,06,04,47,bb,d5,98,cc

[HKEY_USERS\S-1-5-21-1311360706-466973743-1341764523-1000\Software\SecuROM\License information*]
"datasecu"=hex:1c,e5,a2,07,e2,1a,89,b1,e1,60,cf,6f,57,01,3c,94,49,3c,29,a5,15,
ac,c0,68,9c,ff,46,99,c5,8c,78,cf,02,87,e0,f6,e2,07,82,69,0a,84,09,82,8f,5a,\
"rkeysecu"=hex:85,a1,a4,85,58,ed,b0,d1,63,3c,ba,14,b8,23,8d,3d

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2010-08-30 14:04:43
ComboFix-quarantined-files.txt 2010-08-30 12:04

Před spuštěním: Volných bajtů: 24 896 368 640
Po spuštění: Volných bajtů: 24 847 065 088

- - End Of File - - B009ED9B863F160562F48EE190ED286E

[bledulka]

Garenu používáš?
Změnilo se něco?

[bereline]

Omlouvám se, ale až nyní jsem se dostal domů.

Garenu používám a nic se nezměnilo, pořád se to vypíná. Možná to není vir, nebo nějaká havěť, ale byla to jedna z možností. Pokud v logu nic není a vše je v pořádku, uzamknu to a pokusím se najít příčinu jinde.

[bledulka]

Zkus qip a mirandu přeinstalovat.

Combofix přesuň na plochu
-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka

Kód: Vybrat vše

File::
c:\users\RedFish\AppData\Local\Temp\catchme.dll

DDS::
uStart Page = hxxp://search13.net/
uDefault_Search_URL = hxxp://search13.net/
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/

Firefox::
FF - ProfilePath - c:\users\RedFish\AppData\Roaming\Mozilla\Firefox\Profiles\n69m2b2d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=

 


-vytvořený TXT soubor ulož jako CFScript.txt na plochu a levým myšítkem přesuň nad ikonu Combofixu, kde ho upustíš

-Po proběhnutí skenu a ukončení combofixu by se měl objevit log, vlož ho zde.

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

[bereline]

ComboFix 10-08-28.02 - RedFish 31.08.2010 12:25:12.11.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3069.1797 [GMT 2:00]
Spuštěný z: c:\users\RedFish\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\RedFish\Desktop\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}



FILE ::
"c:\users\RedFish\AppData\Local\Temp\catchme.dll"
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-28 do 2010-08-31 )))))))))))))))))))))))))))))))
.

2010-08-31 10:35 . 2010-08-31 10:35 -------- d-----w- c:\users\RedFish\AppData\Local\temp
2010-08-31 10:35 . 2010-08-31 10:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-31 10:35 . 2010-08-31 10:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-30 08:25 . 2010-08-30 08:25 -------- d-----w- C:\rsit
2010-08-09 15:38 . 2007-11-06 22:19 655872 ----a-w- c:\windows\system32\msvcr90.dll
2010-08-09 15:29 . 2010-08-09 15:29 -------- d-----w- c:\users\RedFish\AppData\Roaming\Miranda
2010-08-03 16:34 . 2010-08-15 11:04 -------- d-----w- c:\users\RedFish\AppData\Local\4A Games
2010-08-03 11:06 . 2010-08-03 11:06 -------- d-----w- c:\users\RedFish\AppData\Local\Activision

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 22:36 . 2009-12-10 12:47 -------- d-----w- c:\users\RedFish\AppData\Roaming\vlc
2010-08-30 22:33 . 2009-06-09 22:09 -------- d-----w- c:\users\RedFish\AppData\Roaming\Skype
2010-08-30 12:21 . 2009-07-13 14:36 -------- d-----w- c:\users\RedFish\AppData\Roaming\HLSW
2010-08-30 11:52 . 2008-01-21 06:46 657426 ----a-w- c:\windows\system32\perfh005.dat
2010-08-30 11:52 . 2008-01-21 06:46 136928 ----a-w- c:\windows\system32\perfc005.dat
2010-08-30 08:25 . 2009-06-24 19:05 -------- d-----w- c:\program files\Trend Micro
2010-08-27 19:58 . 2009-10-23 10:34 -------- d-----w- c:\program files\Garena
2010-08-27 19:19 . 2009-07-08 09:14 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-27 19:19 . 2009-07-08 09:14 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-26 19:41 . 2009-12-11 14:06 -------- d-----w- c:\users\RedFish\AppData\Roaming\dvdcss
2010-08-26 08:49 . 2010-08-26 08:49 -------- d--h--w- c:\programdata\CanonBJ
2010-08-25 17:17 . 2009-06-10 08:28 -------- d-----w- c:\users\RedFish\AppData\Roaming\XnView
2010-08-19 19:04 . 2009-11-22 11:42 -------- d-----w- c:\program files\Lineage
2010-08-15 00:08 . 2008-07-16 17:22 -------- d-----w- c:\programdata\Microsoft Help
2010-08-15 00:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-14 15:33 . 2009-06-12 10:30 -------- d-----w- c:\users\RedFish\AppData\Roaming\teamspeak2
2010-08-02 19:35 . 2010-02-06 19:06 -------- d-----w- c:\program files\TrackMania Nations ESWC
2010-08-02 19:33 . 2010-07-13 10:18 -------- d-----w- c:\programdata\Norton
2010-08-02 19:33 . 2010-07-13 10:18 -------- d-----w- c:\programdata\Symantec
2010-08-02 19:31 . 2010-05-31 20:19 -------- d-----w- c:\program files\Ubisoft
2010-08-02 19:31 . 2008-07-16 16:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-02 18:38 . 2009-06-10 08:29 -------- d-----w- c:\users\RedFish\AppData\Roaming\uTorrent
2010-07-25 17:54 . 2009-06-24 18:51 -------- d-----w- c:\program files\PowerArchiver
2010-07-22 09:33 . 2010-07-22 07:42 -------- d-----w- c:\program files\METRO 2033
2010-07-22 08:39 . 2008-07-16 17:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-22 08:10 . 2010-07-22 08:10 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-21 20:58 . 2010-07-21 20:58 -------- d-----w- c:\users\RedFish\AppData\Roaming\VitySoft
2010-07-21 15:02 . 2009-11-08 10:06 -------- d-----w- c:\program files\Stardock Games
2010-07-21 15:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-07-21 15:00 . 2010-06-02 17:25 -------- d-----w- c:\program files\FlatOut2
2010-07-21 11:26 . 2010-07-21 11:26 -------- d-----w- c:\users\RedFish\AppData\Roaming\LolClient
2010-07-21 09:44 . 2010-01-20 10:30 -------- d-----w- c:\programdata\PMB Files
2010-07-13 10:26 . 2010-07-13 10:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-13 10:20 . 2009-11-13 18:34 -------- d-----w- c:\program files\DivX
2010-07-13 10:19 . 2010-07-13 09:19 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-13 10:18 . 2010-07-13 09:09 -------- d-----w- c:\programdata\DivX
2010-07-13 10:18 . 2009-11-13 18:34 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-13 10:18 . 2009-11-13 18:34 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-13 10:18 . 2010-07-13 10:18 -------- d-----w- c:\programdata\NortonInstaller
2010-07-13 10:16 . 2009-11-14 16:10 -------- d-----w- c:\users\RedFish\AppData\Roaming\DivX
2010-07-13 09:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-07-13 09:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-07-13 09:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-07-13 09:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-07-13 09:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-07-13 09:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-07-13 09:28 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-07-10 16:09 . 2009-06-09 22:12 -------- d-----w- c:\users\RedFish\AppData\Roaming\skypePM
2010-07-09 08:05 . 2009-11-14 17:08 -------- d-----w- c:\users\RedFish\AppData\Roaming\runic games
2010-07-09 08:05 . 2009-11-14 17:06 -------- d-----w- c:\program files\Runic Games
2010-06-26 06:05 . 2010-08-12 20:17 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 20:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 20:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 20:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-24 09:54 . 2010-06-20 18:06 53312 ----a-w- c:\windows\system32\drivers\pssdklbf.sys
2010-06-24 09:54 . 2010-06-20 18:05 36928 ----a-w- c:\windows\system32\drivers\pssdk40.sys
2010-06-23 12:32 . 2010-04-10 11:04 1 ----a-w- c:\users\RedFish\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-21 16:22 . 2010-06-21 16:22 76591 ----a-w- C:\AutoMouseClicker.zip
2010-06-21 13:18 . 2010-08-12 20:17 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 16:43 . 2010-08-12 20:17 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 14:43 . 2010-08-12 20:17 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 14:43 . 2010-08-12 20:17 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-18 10:21 . 2008-08-11 13:16 125952 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-06-16 15:59 . 2010-08-12 20:17 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 15:31 . 2010-08-12 20:17 274432 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 15:30 . 2010-08-12 20:17 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:00 . 2010-08-12 20:17 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-08 17:00 . 2010-08-12 20:17 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-30_12.01.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-06-09 17:32 . 2010-08-26 07:51 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-09 17:32 . 2010-08-31 09:52 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-09 17:32 . 2010-08-26 07:51 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-09 17:32 . 2010-08-31 09:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-09 17:32 . 2010-08-26 07:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-09 17:32 . 2010-08-31 09:52 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-30 12:06 . 2010-08-30 12:06 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2010-08-30 11:08 . 2010-08-30 11:08 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2009-06-16 13:50 . 2010-08-31 09:42 332754 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Steam"="c:\program files\valve\steam\steam.exe" [2010-08-25 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-06-19 949376]
"MacrokeyManager"="WTMKM.exe" [2009-04-22 3161760]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]

c:\users\RedFish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SketchBook Snapshot.lnk - c:\program files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe [2009-2-23 708608]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" /start
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):0e,8e,31,10,6f,22,cb,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GarenaPEngine;GarenaPEngine;c:\users\RedFish\AppData\Local\Temp\KTOF067.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\plugins\UI\safedrv.sys [x]
R3 PsSdk40;PsSdk40;c:\windows\system32\Drivers\pssdk40.sys [2010-06-24 36928]
R3 PsSdkLBF;PsSdkLBF;c:\windows\system32\Drivers\pssdklbf.sys [2010-06-24 53312]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-02 691696]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-06-19 15424]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe [2009-04-22 392864]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

.
Obsah adresáře 'Naplánované úlohy'

2010-01-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-23 22:01]

2010-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1311360706-466973743-1341764523-1000Core.job
- c:\users\RedFish\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-11 12:27]

2010-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1311360706-466973743-1341764523-1000UA.job
- c:\users\RedFish\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-11 12:27]

2009-11-27 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-11-26 16:21]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search13.net/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737}
FF - ProfilePath - c:\users\RedFish\AppData\Roaming\Mozilla\Firefox\Profiles\n69m2b2d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\RedFish\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-31 12:35
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

[0] 0x49222022

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\RedFish\AppData\Local\Temp\KTOF067.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1311360706-466973743-1341764523-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:21,f5,b3,74,22,28,47,5c,bb,5c,95,40,4d,1a,dd,29,fc,f8,d9,99,b3,54,9a,
d9,f3,ed,5c,a8,a7,f4,79,a3,45,3c,58,cf,31,35,54,89,41,e8,d2,78,b7,da,dc,dd,\
"??"=hex:43,f2,5d,65,60,69,d7,a0,f9,06,04,47,bb,d5,98,cc

[HKEY_USERS\S-1-5-21-1311360706-466973743-1341764523-1000\Software\SecuROM\License information*]
"datasecu"=hex:1c,e5,a2,07,e2,1a,89,b1,e1,60,cf,6f,57,01,3c,94,49,3c,29,a5,15,
ac,c0,68,9c,ff,46,99,c5,8c,78,cf,02,87,e0,f6,e2,07,82,69,0a,84,09,82,8f,5a,\
"rkeysecu"=hex:85,a1,a4,85,58,ed,b0,d1,63,3c,ba,14,b8,23,8d,3d

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2010-08-31 12:40:09
ComboFix-quarantined-files.txt 2010-08-31 10:40
ComboFix2.txt 2010-08-30 12:04

Před spuštěním: Volných bajtů: 24 000 126 976
Po spuštění: Volných bajtů: 23 985 389 568

- - End Of File - - 54C87D61C60B4EAAA713630949994852

[bledulka]

Odinstaluj combofix přes
Start >> Spustit zkopíruj do okénka:
ComboFix /Uninstall

stiskni Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


Stáhni T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusť,pro potvrzení volby mačkej klávesu A, Enter
-po použití prográmek vymaž.Pozor,antiviry ho mohou falešně označit za vir




Stahni Rsit http://images.malwareremoval.com/random/RSIT.exe
-spusť, klikni na tlačítko Continue
-po skenu na tebe vyběhne log.txt,obsah vlož zde

[bereline]

Logfile of random's system information tool 1.08 (written by random/random)
Run by RedFish at 2010-08-31 14:10:07
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 23 GB (15%) free of 152 GB
Total RAM: 3069 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:10:45, on 31.8.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\RedFish\Desktop\RSIT.exe
C:\Program Files\trend micro\RedFish.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
O1 - Hosts: 78.46.50.119 L2authd.Lineage2.com
O1 - Hosts: 78.46.50.119 testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 216.107.250.194 update.nProtect.com
O1 - Hosts: 216.107.250.194 update.nProtect.net
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SketchBook Snapshot.lnk = C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - (no file)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - (no file)
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WTService - Unknown owner - C:\Windows\system32\atwtusb.exe

--
End of file - 7803 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1311360706-466973743-1341764523-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1311360706-466973743-1341764523-1000UA.job
C:\Windows\tasks\SDMsgUpdate (TE).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-25 41368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-08 6037504]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]
"NDSTray.exe"=NDSTray.exe []
"topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632]
"Toshiba TEMPO"=C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [2008-04-24 103824]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"HDMICtrlMan"=C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [2008-04-26 716800]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2008-01-17 431456]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2007-10-31 54608]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2008-01-25 509816]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2008-03-19 716800]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2008-01-11 574864]
"SMail"=C:\Program Files\Seznam\Postak\Postak.exe [2006-05-18 450560]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-06-19 949376]
"MacrokeyManager"=C:\Windows\system32\WTMKM.exe [2009-04-22 3161760]
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2006-11-29 90112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Steam"=c:\program files\valve\steam\steam.exe [2010-08-25 1242448]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SketchBook Snapshot.lnk - C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe

C:\Users\RedFish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"E:\Combat Arms\Combat Arms\CombatArms.exe"="E:\Combat Arms\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"E:\Combat Arms\Combat Arms\Engine.exe"="E:\Combat Arms\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"E:\Combat Arms\Combat Arms EU\CombatArms.exe"="E:\Combat Arms\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"E:\Combat Arms\Combat Arms EU\Engine.exe"="E:\Combat Arms\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"E:\Combat Arms\Combat Arms\CombatArms.exe"="E:\Combat Arms\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"E:\Combat Arms\Combat Arms\Engine.exe"="E:\Combat Arms\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"E:\Combat Arms\Combat Arms EU\CombatArms.exe"="E:\Combat Arms\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"E:\Combat Arms\Combat Arms EU\Engine.exe"="E:\Combat Arms\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-08-31 14:10:07 ----D---- C:\rsit
2010-08-31 12:40:11 ----D---- C:\Windows\temp
2010-08-31 12:39:19 ----SHD---- C:\$RECYCLE.BIN
2010-08-26 10:49:46 ----HD---- C:\ProgramData\CanonBJ
2010-08-12 22:17:35 ----A---- C:\Windows\system32\iertutil.dll
2010-08-12 22:17:34 ----A---- C:\Windows\system32\mshtml.dll
2010-08-12 22:17:33 ----A---- C:\Windows\system32\ieframe.dll
2010-08-12 22:17:32 ----A---- C:\Windows\system32\urlmon.dll
2010-08-12 22:17:31 ----A---- C:\Windows\system32\wininet.dll
2010-08-12 22:17:31 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-12 22:17:31 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-12 22:17:31 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-12 22:17:29 ----A---- C:\Windows\system32\occache.dll
2010-08-12 22:17:29 ----A---- C:\Windows\system32\mstime.dll
2010-08-12 22:17:29 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-12 22:17:29 ----A---- C:\Windows\system32\ieui.dll
2010-08-12 22:17:29 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-12 22:17:29 ----A---- C:\Windows\system32\iesetup.dll
2010-08-12 22:17:29 ----A---- C:\Windows\system32\iepeers.dll
2010-08-12 22:17:28 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-12 22:17:28 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-12 22:17:28 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-12 22:17:28 ----A---- C:\Windows\system32\iernonce.dll
2010-08-12 22:17:27 ----A---- C:\Windows\system32\iccvid.dll
2010-08-12 22:17:26 ----A---- C:\Windows\system32\schannel.dll
2010-08-12 22:17:13 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-12 22:17:12 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-12 22:17:11 ----A---- C:\Windows\system32\rtutils.dll
2010-08-12 22:17:09 ----A---- C:\Windows\system32\win32k.sys
2010-08-12 22:17:08 ----A---- C:\Windows\system32\msxml3.dll
2010-08-12 22:17:06 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-12 22:17:06 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-12 22:17:03 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-09 17:38:52 ----A---- C:\Windows\system32\msvcr90.dll
2010-08-09 17:29:05 ----D---- C:\Users\RedFish\AppData\Roaming\Miranda
2010-08-04 11:40:25 ----A---- C:\Windows\system32\shell32.dll

======List of files/folders modified in the last 1 months======

2010-08-31 14:10:45 ----D---- C:\Program Files\Trend Micro
2010-08-31 14:07:39 ----D---- C:\Program Files\Mozilla Firefox
2010-08-31 14:07:32 ----D---- C:\Windows
2010-08-31 14:06:01 ----D---- C:\Windows\Prefetch
2010-08-31 12:48:57 ----AD---- C:\Windows\System32
2010-08-31 12:48:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-31 12:48:55 ----D---- C:\Windows\inf
2010-08-31 12:42:38 ----A---- C:\Windows\win.ini
2010-08-31 12:35:54 ----A---- C:\Windows\system.ini
2010-08-31 12:30:35 ----D---- C:\Windows\system32\drivers
2010-08-31 12:30:35 ----D---- C:\Windows\AppPatch
2010-08-31 12:30:33 ----D---- C:\Program Files\Common Files
2010-08-31 11:55:21 ----SHD---- C:\System Volume Information
2010-08-31 00:36:25 ----D---- C:\Users\RedFish\AppData\Roaming\vlc
2010-08-31 00:33:08 ----D---- C:\Users\RedFish\AppData\Roaming\Skype
2010-08-30 14:21:16 ----D---- C:\Users\RedFish\AppData\Roaming\HLSW
2010-08-30 14:06:59 ----SHD---- C:\Windows\Installer
2010-08-30 14:03:58 ----D---- C:\Windows\Tasks
2010-08-30 13:43:20 ----SD---- C:\ProgramData\Microsoft
2010-08-30 10:24:06 ----D---- C:\Windows\Debug
2010-08-27 21:58:24 ----D---- C:\Program Files\Garena
2010-08-27 21:19:50 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-08-26 21:41:59 ----D---- C:\Users\RedFish\AppData\Roaming\dvdcss
2010-08-26 10:49:46 ----D---- C:\ProgramData
2010-08-25 19:17:12 ----D---- C:\Users\RedFish\AppData\Roaming\XnView
2010-08-19 21:04:47 ----D---- C:\Program Files\Lineage
2010-08-15 02:41:00 ----D---- C:\Windows\Microsoft.NET
2010-08-15 02:40:26 ----RSD---- C:\Windows\assembly
2010-08-15 02:38:19 ----D---- C:\Windows\winsxs
2010-08-15 02:24:37 ----D---- C:\Program Files\Internet Explorer
2010-08-15 02:24:36 ----D---- C:\Windows\system32\migration
2010-08-15 02:24:33 ----D---- C:\Program Files\Movie Maker
2010-08-15 02:08:15 ----D---- C:\ProgramData\Microsoft Help
2010-08-15 02:03:43 ----D---- C:\Windows\system32\catroot
2010-08-15 02:03:41 ----D---- C:\Windows\system32\catroot2
2010-08-15 02:02:40 ----D---- C:\Program Files\Windows Mail
2010-08-14 17:33:29 ----D---- C:\Users\RedFish\AppData\Roaming\teamspeak2
2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe
2010-08-03 11:09:56 ----RD---- C:\Program Files
2010-08-02 21:40:34 ----AD---- C:\ProgramData\TEMP
2010-08-02 21:35:25 ----D---- C:\Program Files\TrackMania Nations ESWC
2010-08-02 21:33:39 ----D---- C:\ProgramData\Norton
2010-08-02 21:33:38 ----D---- C:\ProgramData\Symantec
2010-08-02 21:31:52 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-02 21:31:52 ----D---- C:\Program Files\Ubisoft
2010-08-02 20:38:59 ----D---- C:\Users\RedFish\AppData\Roaming\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 330264]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys [2006-12-23 77120]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys [2005-12-21 7136]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 59000]
R0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 83320]
R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2008-07-18 279376]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]
R1 nod32drv;nod32drv; C:\Windows\system32\drivers\nod32drv.sys [2009-06-19 15424]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys [2006-12-23 80768]
R2 AMON;AMON; C:\Windows\system32\drivers\amon.sys [2009-06-19 512096]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-07-12 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-07-12 25888]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-02-15 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-04-08 3548672]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-09 2095512]
R3 moufiltr;Tablet Mouse Filter Driver; C:\Windows\system32\DRIVERS\moufiltr.sys [2009-03-08 6144]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-15 118784]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2008-07-15 17960]
R3 vhidmini;Generic Virtual HID Driver; C:\Windows\system32\DRIVERS\walvhid.sys [2009-04-16 6144]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-02-02 691696]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\RedFish\AppData\Local\Temp\KTOF067.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\plugins\UI\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-10-10 17480]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2009-04-06 4682]
S3 PsSdk40;PsSdk40; \??\C:\Windows\system32\Drivers\pssdk40.sys [2010-06-24 36928]
S3 PsSdkLBF;PsSdkLBF; \??\C:\Windows\system32\Drivers\pssdklbf.sys [2010-06-24 53312]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-04-07 667648]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-06-19 552064]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-08 75064]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 TempoMonitoringService;Notebook Performance Tuning Service ; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-07-18 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2008-01-17 431456]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WTService;WTService; C:\Windows\system32\atwtusb.exe [2009-04-22 392864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-11-29 72704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-11-01 320760]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; E:\Visual Studio 2008 Professional\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416]

-----------------EOF-----------------

[bledulka]

Spustíš program HJT
-klikni na tlačítko Do a system scan and save a logfile
-Vyběhne tabulka, na začátku každého řádku je čtvereček.
-U řádku , který jsem označila, dáš do čtverečku
fajfku

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - (no file)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - (no file)
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab


-nakonec zmáčkneš tlačítko Fix checked



Stáhni StartUpLite http://www.malwarebytes.org/StartUpLite.exe
- vypíše seznam zbytečně spouštěných programů po startu,
- znač který chceš zastavit, zaškrtni u něj Disable a klikni na Continue




Otevři si Poznámkový blok a zkopíruj do něj text

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-

-ulož jako smazani.reg, typ: všechny soubory
-klikni na uložit, pak na soubor standardně 2X klikni a potvrď dialogové okno.



Jak to vypadá?