backdoor inboot

[olcit]

Prosím o pomoc. Mám vir v PC.
Projedu to vždycky programem MWAV a najde a odstraní to nějakej trojan backdoor (inboot).Po restartu pc se automaticky spustí MWAV(což dřív nedělal) a najde ho znovu. Taky mě nejdou nainstalovat aktualizace. Už jsem nevěděl kudy kam, tak jsem použil combo fix ale je to stejný.
ComboFix 11-08-12.01 - DANČA 12.08.2011 19:29:25.4.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1589 [GMT 2:00]
Spuštěný z: c:\users\DANČA\Desktop\ff.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- Předchozí spuštění --
.
Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\userinit.exe
.
--------
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-12 do 2011-08-12 )))))))))))))))))))))))))))))))
.
.
2011-08-12 17:34 . 2011-08-12 17:34 -------- d-----w- c:\users\DANČA\AppData\Local\temp
2011-08-12 17:34 . 2011-08-12 17:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-12 17:34 . 2011-08-12 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-10 06:37 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 06:37 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 06:37 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 06:35 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 06:35 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 06:34 . 2011-06-17 20:13 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 06:34 . 2011-06-17 13:31 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-08-09 06:10 . 2011-07-20 07:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D88E7DFC-DD16-4B6D-B877-02EDE7EEB87A}\mpengine.dll
2011-08-08 12:25 . 2011-08-08 12:25 -------- d-----w- c:\program files\Microsoft Silverlight
2011-07-29 06:48 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-29 06:48 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-29 06:48 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-29 06:48 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-29 06:48 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-29 06:48 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-29 06:47 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-29 06:47 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-29 06:47 . 2011-07-29 06:47 -------- d-----w- c:\programdata\AVAST Software
2011-07-29 06:47 . 2011-07-29 06:47 -------- d-----w- c:\program files\AVAST Software
2011-07-23 03:50 . 2011-07-23 03:50 -------- d-----w- c:\program files\Yamicsoft
2011-07-22 22:09 . 2011-07-22 22:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-22 14:26 . 2011-07-22 14:26 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-07-21 12:25 . 2011-07-21 12:25 -------- d---a-w- c:\windows\zts2.exe
2011-07-21 12:25 . 2011-07-21 12:25 -------- d---a-w- c:\windows\system32\vcmgcd32.dll
2011-07-21 12:25 . 2011-07-21 12:25 -------- d---a-w- c:\windows\system32\systems.txt
2011-07-21 12:25 . 2011-07-21 12:25 -------- d---a-w- c:\windows\system32\iifgfgf.dll
2011-07-21 12:25 . 2011-07-21 12:25 -------- d---a-w- c:\windows\rundll16.exe
2011-07-21 12:25 . 2011-07-21 12:25 -------- d---a-w- c:\windows\rundl132.dll
2011-07-21 12:25 . 2011-07-21 12:25 -------- d---a-w- c:\windows\logo1_.exe
2011-07-21 07:56 . 2011-07-21 07:56 -------- d-----w- c:\windows\PCHEALTH
2011-07-21 07:54 . 2011-07-21 07:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-07-21 07:52 . 2011-07-21 07:52 -------- d-----w- C:\MSOCache
2011-07-21 07:31 . 2011-07-21 11:56 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-07-21 07:03 . 2011-07-21 07:13 -------- d-----w- C:\tralala
2011-07-20 12:28 . 2011-07-20 12:28 -------- d-----w- c:\users\DANČA\AppData\Roaming\OpenOffice.org
2011-07-20 12:25 . 2011-07-21 06:56 -------- d-----w- c:\program files\OpenOffice.org 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 11:42 . 2011-08-08 11:42 22 ----a-w- c:\windows\REGBK03.ZIP
2011-07-21 06:53 . 2011-07-21 06:53 22 ----a-w- c:\windows\REGBK02.ZIP
2011-06-02 13:34 . 2011-07-13 06:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 17:14 . 2009-11-03 19:26 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"BisonAPP"="c:\windows\BisonCam\BisonAPP.exe" [2007-05-17 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^DANČA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-05-25 10:17 159744 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FIC HotKey]
2007-07-13 12:38 561152 ----a-w- c:\program files\Hotkey Utility\tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2007-12-10 13:55 323584 ------w- c:\windows\PixArt\Pac207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetFxUpdate_v1.1.4322]
2004-08-10 15:20 106496 ----a-w- c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-07-18 23:31 8466432 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-07-18 23:31 81920 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-07-18 23:31 86016 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2007-12-10 13:55 323584 ------w- c:\windows\PixArt\Pac207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerManager]
2007-05-16 09:42 29696 ----a-w- c:\program files\Power Manager\PM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-04-10 14:01 4431872 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Silent Mode]
2007-06-27 07:56 253952 ----a-w- c:\program files\Light Sensor Utility\Sensor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-19 21504]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2007-05-07 218624]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-08 c:\windows\Tasks\WebReg Deskjet F2100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 19:27]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google...
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{3C9192E4-4D4D-4DB7-81FD-D72B65E8B7F8}: NameServer = 10.17.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-12 19:34
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,8f,97,6a,70,c6,13,4c,ab,25,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,8f,97,6a,70,c6,13,4c,ab,25,d4,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-08-12 19:37:08
ComboFix-quarantined-files.txt 2011-08-12 17:37
.
Před spuštěním: Volných bajtů: 54 738 341 888
Po spuštění: Volných bajtů: 54 460 366 848
.
- - End Of File - - 872518785529F38762EF9A8AE95627FB
.
.
......................a ještě přikládám log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by DANČA at 2011-08-12 20:46:57
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 50 GB (53%) free of 94 GB
Total RAM: 2046 MB (61% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\WebReg Deskjet F2100 series.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Program Files\Internet Explorer\qipsearchbar.dll [2009-07-09 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PAC207_Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"BisonAPP"=C:\Windows\BisonCam\BisonAPP.exe [2007-05-17 49152]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mwavscan"=C:\Users\DANČA\AppData\Local\temp\mexe.com [2008-01-31 485440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2007-05-25 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FIC HotKey]
C:\Program Files\Hotkey Utility\tray.exe [2007-07-13 561152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\Windows\PixArt\PAC207\Monitor.exe [2007-12-10 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetFxUpdate_v1.1.4322]
C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [2004-08-10 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2007-07-19 8466432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2007-07-19 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2007-07-19 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
C:\Windows\PixArt\PAC207\Monitor.exe [2007-12-10 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerManager]
C:\Program Files\Power Manager\PM.exe [2007-05-16 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-04-10 4431872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Silent Mode]
C:\Program Files\Light Sensor Utility\Sensor.exe [2007-06-27 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\\Phone\Skype.exe [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^DANČA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2009-10-01 87552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.IV41"=IR41_32.AX
"msacm.ac3filter"=ac3filter.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-08-12 20:46:57 ----D---- C:\rsit
2011-08-12 20:46:57 ----D---- C:\Program Files\trend micro
2011-08-12 19:38:44 ----D---- C:\Windows\temp
2011-08-12 19:38:37 ----ASH---- C:\hiberfil.sys
2011-08-12 19:36:43 ----D---- C:\$RECYCLE.BIN
2011-08-11 13:54:55 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-11 13:54:53 ----A---- C:\Windows\system32\iertutil.dll
2011-08-11 13:54:52 ----A---- C:\Windows\system32\jscript.dll
2011-08-11 13:54:52 ----A---- C:\Windows\system32\ieui.dll
2011-08-11 13:54:51 ----A---- C:\Windows\system32\wininet.dll
2011-08-11 13:54:51 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-11 13:54:51 ----A---- C:\Windows\system32\jscript9.dll
2011-08-11 13:54:50 ----A---- C:\Windows\system32\urlmon.dll
2011-08-11 13:54:50 ----A---- C:\Windows\system32\url.dll
2011-08-11 13:54:49 ----A---- C:\Windows\system32\ieframe.dll
2011-08-11 13:54:47 ----A---- C:\Windows\system32\mshtml.dll
2011-08-10 08:37:02 ----A---- C:\Windows\system32\winsrv.dll
2011-08-10 08:37:02 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-10 08:36:18 ----A---- C:\Windows\system32\xmllite.dll
2011-08-10 08:35:46 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-08-10 08:35:45 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-10 08:34:26 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2011-08-10 08:34:26 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-08 14:25:41 ----D---- C:\Program Files\Microsoft Silverlight
2011-07-29 08:48:04 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-07-29 08:48:04 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-07-29 08:48:03 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-07-29 08:48:03 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-07-29 08:48:02 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-07-29 08:48:02 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-07-29 08:47:19 ----A---- C:\Windows\avastSS.scr
2011-07-29 08:47:18 ----A---- C:\Windows\system32\aswBoot.exe
2011-07-29 08:47:05 ----D---- C:\ProgramData\AVAST Software
2011-07-29 08:47:05 ----D---- C:\Program Files\AVAST Software
2011-07-23 07:04:41 ----HD---- C:\Autorun.inf
2011-07-23 06:19:23 ----A---- C:\Windows\ODBCINST.INI
2011-07-23 05:50:54 ----D---- C:\Program Files\Yamicsoft
2011-07-23 00:09:42 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2011-07-22 16:26:25 ----SHD---- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-07-21 14:25:45 ----AD---- C:\Windows\zts2.exe
2011-07-21 14:25:45 ----AD---- C:\Windows\system32\vcmgcd32.dll
2011-07-21 14:25:45 ----AD---- C:\Windows\system32\systems.txt
2011-07-21 14:25:45 ----AD---- C:\Windows\system32\iifgfgf.dll
2011-07-21 14:25:45 ----AD---- C:\Windows\rundll16.exe
2011-07-21 14:25:45 ----AD---- C:\Windows\rundl132.dll
2011-07-21 14:25:45 ----AD---- C:\Windows\logo1_.exe
2011-07-21 09:57:35 ----D---- C:\Program Files\Microsoft Visual Studio
2011-07-21 09:57:35 ----D---- C:\Program Files\Common Files\DESIGNER
2011-07-21 09:56:46 ----D---- C:\Windows\PCHEALTH
2011-07-21 09:54:34 ----D---- C:\Program Files\Microsoft Visual Studio 8
2011-07-21 09:53:37 ----D---- C:\Program Files\Microsoft Office
2011-07-21 09:52:47 ----D---- C:\MSOCache
2011-07-21 09:31:52 ----D---- C:\Program Files\Emsisoft Anti-Malware
2011-07-21 08:23:51 ----A---- C:\Windows\system32\msls31.dll
2011-07-21 08:23:50 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-07-21 08:23:50 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-07-21 08:23:50 ----A---- C:\Windows\system32\msrating.dll
2011-07-21 08:23:50 ----A---- C:\Windows\system32\mshtmler.dll
2011-07-21 08:23:50 ----A---- C:\Windows\system32\iesysprep.dll
2011-07-21 08:23:49 ----A---- C:\Windows\system32\dxtrans.dll
2011-07-21 08:23:49 ----A---- C:\Windows\system32\dxtmsft.dll
2011-07-21 08:23:48 ----A---- C:\Windows\system32\webcheck.dll
2011-07-21 08:23:48 ----A---- C:\Windows\system32\licmgr10.dll
2011-07-21 08:23:48 ----A---- C:\Windows\system32\inseng.dll
2011-07-21 08:23:48 ----A---- C:\Windows\system32\iesetup.dll
2011-07-21 08:23:48 ----A---- C:\Windows\system32\iernonce.dll
2011-07-21 08:23:48 ----A---- C:\Windows\system32\iedkcs32.dll
2011-07-21 08:23:48 ----A---- C:\Windows\system32\ieapfltr.dll
2011-07-21 08:23:48 ----A---- C:\Windows\system32\ieapfltr.dat
2011-07-21 08:23:48 ----A---- C:\Windows\system32\ie4uinit.exe
2011-07-21 08:23:48 ----A---- C:\Windows\system32\icardie.dll
2011-07-21 08:23:47 ----A---- C:\Windows\system32\wextract.exe
2011-07-21 08:23:47 ----A---- C:\Windows\system32\vbscript.dll
2011-07-21 08:23:47 ----A---- C:\Windows\system32\msfeeds.dll
2011-07-21 08:23:47 ----A---- C:\Windows\system32\iexpress.exe
2011-07-21 08:23:46 ----A---- C:\Windows\system32\pngfilt.dll
2011-07-21 08:23:46 ----A---- C:\Windows\system32\occache.dll
2011-07-21 08:23:46 ----A---- C:\Windows\system32\mshta.exe
2011-07-21 08:23:46 ----A---- C:\Windows\system32\imgutil.dll
2011-07-21 08:23:46 ----A---- C:\Windows\system32\ieUnatt.exe
2011-07-21 08:23:46 ----A---- C:\Windows\system32\iepeers.dll
2011-07-21 08:23:46 ----A---- C:\Windows\system32\ieakui.dll
2011-07-21 08:23:46 ----A---- C:\Windows\system32\ieaksie.dll
2011-07-21 08:23:46 ----A---- C:\Windows\system32\advpack.dll
2011-07-21 08:23:46 ----A---- C:\Windows\system32\admparse.dll
2011-07-21 08:23:45 ----A---- C:\Windows\system32\msfeedssync.exe
2011-07-21 08:23:45 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-07-21 08:23:45 ----A---- C:\Windows\system32\ieakeng.dll
2011-07-21 08:23:45 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-07-20 14:28:02 ----D---- C:\Users\DANČA\AppData\Roaming\OpenOffice.org
2011-07-20 14:25:35 ----D---- C:\Program Files\OpenOffice.org 3
2011-07-13 08:12:07 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2011-07-13 08:12:07 ----A---- C:\Windows\system32\drivers\bthport.sys
2011-07-13 08:12:05 ----A---- C:\Windows\system32\win32k.sys
2011-07-13 08:10:27 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 08:10:26 ----A---- C:\Windows\system32\csrsrv.dll

======List of files/folders modified in the last 1 month======

2011-08-12 20:46:57 ----D---- C:\Program Files
2011-08-12 20:39:27 ----D---- C:\Windows\System32
2011-08-12 20:39:27 ----D---- C:\Windows\inf
2011-08-12 20:39:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-12 20:17:59 ----D---- C:\Windows
2011-08-12 19:40:49 ----D---- C:\Windows\Debug
2011-08-12 19:37:11 ----D---- C:\Windows\system32\drivers
2011-08-12 19:37:11 ----D---- C:\Qoobox
2011-08-12 19:34:57 ----A---- C:\Windows\system.ini
2011-08-12 19:32:55 ----D---- C:\Windows\AppPatch
2011-08-12 19:32:54 ----D---- C:\Program Files\Common Files
2011-08-12 19:13:28 ----D---- C:\Windows\ERDNT
2011-08-12 19:13:26 ----D---- C:\Windows\system32\drivers\etc
2011-08-12 18:53:09 ----D---- C:\Windows\Prefetch
2011-08-12 18:52:18 ----SHD---- C:\System Volume Information
2011-08-12 18:19:58 ----D---- C:\Windows\winsxs
2011-08-12 18:05:40 ----SHD---- C:\Windows\Installer
2011-08-12 18:05:39 ----RSD---- C:\Windows\assembly
2011-08-12 18:05:39 ----D---- C:\Config.Msi
2011-08-11 14:37:44 ----D---- C:\Windows\system32\catroot
2011-08-11 14:34:51 ----D---- C:\Windows\system32\migration
2011-08-11 14:34:51 ----D---- C:\Program Files\Windows Mail
2011-08-11 14:34:51 ----D---- C:\Program Files\Internet Explorer
2011-08-11 13:57:13 ----D---- C:\ProgramData\Microsoft Help
2011-08-11 13:52:47 ----A---- C:\Windows\system32\mrt.exe
2011-08-11 13:50:11 ----D---- C:\Windows\system32\catroot2
2011-08-10 09:07:57 ----D---- C:\Users\DANČA\AppData\Roaming\Skype
2011-08-10 08:33:14 ----D---- C:\Users\DANČA\AppData\Roaming\skypePM
2011-08-08 13:37:05 ----D---- C:\Windows\system32\Tasks
2011-08-08 11:10:48 ----D---- C:\Windows\Tasks
2011-07-29 08:49:57 ----HD---- C:\Windows\system32\GroupPolicy
2011-07-29 08:47:05 ----D---- C:\ProgramData
2011-07-25 08:28:35 ----D---- C:\Windows\rescache
2011-07-25 08:12:43 ----D---- C:\Program Files\CONEXANT
2011-07-23 07:06:10 ----SD---- C:\Users\DANČA\AppData\Roaming\Microsoft
2011-07-23 05:57:24 ----D---- C:\Program Files\WinRAR
2011-07-23 05:57:23 ----D---- C:\FirstSteps
2011-07-23 05:33:47 ----D---- C:\ProgramData\TuneUp Software
2011-07-22 16:27:05 ----D---- C:\Users\DANČA\AppData\Roaming\TuneUp Software
2011-07-22 14:13:57 ----D---- C:\Program Files\Common Files\microsoft shared
2011-07-22 14:13:20 ----D---- C:\Program Files\Microsoft Works
2011-07-22 14:11:23 ----A---- C:\Windows\win.ini
2011-07-22 14:11:22 ----D---- C:\Program Files\Common Files\System
2011-07-21 09:58:18 ----D---- C:\Program Files\MSBuild
2011-07-21 09:57:31 ----D---- C:\Windows\ShellNew
2011-07-21 09:57:00 ----RSD---- C:\Windows\Fonts
2011-07-21 09:56:46 ----SD---- C:\ProgramData\Microsoft
2011-07-21 09:56:46 ----D---- C:\Program Files\Microsoft.NET
2011-07-21 08:25:20 ----D---- C:\Windows\system32\cs-CZ
2011-07-21 08:25:19 ----RD---- C:\Windows\Offline Web Pages
2011-07-21 08:25:19 ----D---- C:\Windows\system32\wbem
2011-07-21 08:25:19 ----D---- C:\Windows\system32\en-US
2011-07-21 08:25:19 ----D---- C:\Windows\PolicyDefinitions
2011-07-21 08:25:18 ----SD---- C:\Windows\Downloaded Program Files
2011-07-21 08:24:05 ----D---- C:\Windows\Logs
2011-07-20 15:36:35 ----D---- C:\Program Files\Microsoft Games
2011-07-14 11:47:26 ----D---- C:\Windows\system32\WDI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2007-07-03 114208]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 WINIO;WINIO; \??\C:\Windows\system32\WinIo.sys [2007-01-04 9336]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2008-11-04 8704]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-05-15 157696]
R3 GearAspiWDM;GEARAspiWDM; C:\Windows\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-10-15 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-10-15 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-07-19 7599776]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-06-22 47616]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver; C:\Windows\system32\DRIVERS\sis163u.sys [2007-05-07 218624]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-10-15 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S0 JGOGO;JMicron Hot-Plug Driver; C:\Windows\system32\drivers\jgogo.sys [2006-02-07 6912]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 Cam5603D;Bison WebCam; C:\Windows\System32\Drivers\BisonCam.sys [2007-08-24 783272]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2006-05-11 247808]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-04-03 47872]
S4 nvatabus;nvatabus; C:\Windows\system32\drivers\nvatabus.sys [2006-07-14 105088]
S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-03-31 100992]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-03-15 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

[Rudy]

CF jednu položku obnovil ze zálohy. Zbytek logu vypadá čistý. Zkuste ještě sken MBR: http://www2.gmer.net/mbr/mbr.exe . Utilita vytvoří krátký log, který sem zkopírujte.

[olcit]

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD16 rev.04.0 -> Harddisk0\DR0 -> \Device\00000056

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

[Rudy]

Log vypadá OK. Ta hláška MWAV (nalezen v souborovém systému) bez cesty k souboru znamená poze neškodné zbytky po dříve vyléčené infekci. MWAV toto bude hlásit do doby, dokud jeho plnou verzí neprovedete smazání. Ve skutečnosti je PC čistý, ten zbytek je naprosto neaktivní.

[olcit]

Tak jsem to projel novou verzí MWAV a zase to ukazuje stejný objekt + ještě něco navíc. Nechápu, že to dělá jen teď na tomhle pc? Nikdy se mi to nestávalo. MWAV vždy co našel, tak vyčistil definitivně!

[Rudy]

1. Objekt, ke kterému MWAV neukazuje cestu, je pouze neškodný zbytek po dříve vyléčené infekci.
2. Soubor C:\windows\nircmd.exe otestujte online naq www.virustotal.com . Výsledek oznamte.

[olcit]

Tak jsem se o to pokusil. Želbohu stránka je anglicky(což neovládám). Nenašel jsem žádný log na kopírování, proto
jsem jen oskenoval monitor.

[olcit]

detail:

[Rudy]

Stáhněte a spusťte Avenger: http://www.viry.cz/forum/viewtopic.php?f=11&t=19832 se skriptem:

Files to delete:
C:\windows\nircmd.exe

[olcit]

Moc děkuji. Jdu na to!

[Rudy]

Není zač!