Prosím o kontrolu logu, PC je pomalý, "chroustá" disk

[Ebola1]

Dobrý den, prosím o kotrolu logu z RSIT, počítač se chvílemi zpomaluje, a velmi často dlouho chroustá disk, aniž bych něco dělal.
info.txt logfile of random's system information tool 1.09 2012-07-22 08:32:26

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 32-->C:\PROGRA~1\ACDSee32\UNWISE.EXE C:\PROGRA~1\ACDSee32\INSTALL.LOG
Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -maintain plugin
Aktualizace systému Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2621440)-->"C:\WINDOWS\$NtUninstallKB2621440$\spuninst\spuninst.exe"
AMD APP SDK Runtime-->MsiExec.exe /I{A25FF1C0-80B6-4B8B-A551-DC525697A408}
AMD AVIVO Codecs-->MsiExec.exe /I{06DEA11D-F2EE-8A31-C0B6-D731019130C1}
AMD USB Filter Driver-->MsiExec.exe /X{DCB51FBC-68AD-42FF-8426-199F1FE2C4F5}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
AVG 2012-->"C:\Program Files\AVG\AVG2012\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2012-->MsiExec.exe /I{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}
AVG 2012-->MsiExec.exe /I{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}
Catalyst Control Center - Branding-->MsiExec.exe /I{023C9E50-C216-4E7A-A8A5-3457DE58106C}
Catalyst Control Center - Branding-->MsiExec.exe /I{19A492A0-888F-44A0-9B21-D91700763F62}
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
Free Easy Burner V 4.1-->"C:\Program Files\Free Easy Burner\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\20.0.1132.57\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Java(TM) 7 Update 4-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217004FF}
JavaFX 2.1.0-->MsiExec.exe /X{1111706F-666A-4037-7777-210328764D10}
Macrium Reflect Free Edition-->MsiExec.exe /I{11BCA065-239F-4C0A-B147-3595D66DA6A7}
Mafia II-->"C:\Program Files\Steam\steam.exe" steam://uninstall/50130
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Minecraft PC Gamer Demo version 1.5-->"C:\Program Files\Minecraft PC Gamer Demo\unins000.exe"
Mozilla Firefox 9.0.1 (x86 cs)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Premium-->MsiExec.exe /I{7A66C7E3-5212-1A19-70A7-1F0FBA691029}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x5 -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StepMania (remove only)-->"C:\Program Files\StepMania\uninstall.exe"
The Sims™ 3 Domácí mazlíčci-->"C:\Program Files\InstallShield Installation Information\{C12631C6-804D-4B32-B0DD-8A496462F106}\Sims3EP05Setup.exe" -runfromtemp -l0x0005 -removeonly
The Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0005 -removeonly
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
VLC media player 1.1.11-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WinRAR 4.11 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe
Worms Reloaded-->"C:\Program Files\Steam\steam.exe" steam://uninstall/22600

======Security center information======

AV: AVG Internet Security 2012

======System event log======

Computer Name: LMMT-PC
Event Code: 15007
Message: Rezervace pro obor názvů identifikovaný prefixem adresy URL http://*:2869/ byla úspěšně přidána.

Record Number: 5
Source Name: HTTP
Time Written: 20120120183839.000000+060
Event Type: Informace
User:

Computer Name: LMMT-PC
Event Code: 6011
Message: Název tohoto počítače v systémech DNS a NetBIOS byl změněn z MACHINENAME na LMMT-PC.

Record Number: 4
Source Name: EventLog
Time Written: 20120120183506.000000+060
Event Type: Informace
User:

Computer Name: MACHINENAME
Event Code: 2
Message: Během prověřování, zda \Device\Serial0 je skutečně sériový port, byl zjištěn zásobník typu FIFO. Bude použit tento zásobník.

Record Number: 3
Source Name: Serial
Time Written: 20120120104635.000000+060
Event Type: Informace
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: Služba Event Log byla spuštěna.

Record Number: 2
Source Name: EventLog
Time Written: 20120120104615.000000+060
Event Type: Informace
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20120120104615.000000+060
Event Type: Informace
User:

=====Application event log=====

Computer Name: LMMT-PC
Event Code: 1000
Message: Čítače výkonu pro službu ContentIndex (ContentIndex) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 5
Source Name: LoadPerf
Time Written: 20120120183637.000000+060
Event Type: Informace
User:

Computer Name: LMMT-PC
Event Code: 1000
Message: Čítače výkonu pro službu TermService (Terminálová služba) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 4
Source Name: LoadPerf
Time Written: 20120120183636.000000+060
Event Type: Informace
User:

Computer Name: LMMT-PC
Event Code: 1000
Message: Čítače výkonu pro službu RemoteAccess (Směrování a vzdálený přístup) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 3
Source Name: LoadPerf
Time Written: 20120120183540.000000+060
Event Type: Informace
User:

Computer Name: LMMT-PC
Event Code: 1000
Message: Čítače výkonu pro službu PSched (PSched) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 2
Source Name: LoadPerf
Time Written: 20120120183516.000000+060
Event Type: Informace
User:

Computer Name: LMMT-PC
Event Code: 1000
Message: Čítače výkonu pro službu RSVP (QoS RSVP) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 1
Source Name: LoadPerf
Time Written: 20120120183515.000000+060
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\AMD APP\bin\x86;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 5 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0502
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"AMDAPPSDKROOT"=C:\Program Files\AMD APP\

-----------------EOF-----------------

[Rudy]

Zdravím!
Potřebuji vidět druhý log RSIT. Tento mi celkem nic nepoví. Děkuji.

[Ebola1]

Pardon, nějak jsem se do toho zamotal, omlouvám se.

Logfile of random's system information tool 1.09 (written by random/random)
Run by TomAdmin at 2012-07-22 08:32:17
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 207 GB (87%) free of 238 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:32:25, on 22.7.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\TomAdmin\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\TomAdmin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe

--
End of file - 5015 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\TomAdmin\Data aplikací\Mozilla\Firefox\Profiles\vov3t9fy.default

"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.4.1]
"Description"=
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-11-11 1378144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04 157576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-06-25 98304]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-07-20 18670592]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-01-24 2416480]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-04-11 3672384]
"Steam"=C:\Program Files\Steam\Steam.exe [2012-05-31 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-07-28 188416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012"
"C:\Program Files\AVG\AVG2012\avgemcx.exe"="C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\SteamApps\common\mafia ii\pc\Mafia2.exe"="C:\Program Files\Steam\SteamApps\common\mafia ii\pc\Mafia2.exe:*:Enabled:Mafia II"
"C:\Program Files\Steam\SteamApps\common\worms reloaded\WormsReloaded.exe"="C:\Program Files\Steam\SteamApps\common\worms reloaded\WormsReloaded.exe:*:Enabled:Worms Reloaded"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll

======List of files/folders created in the last 3 months======

2012-07-22 08:32:18 ----D---- C:\Program Files\trend micro
2012-07-22 08:32:17 ----D---- C:\rsit
2012-07-22 08:18:51 ----A---- C:\Program Files\GUM6F.tmp
2012-07-22 08:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2621440$
2012-07-22 08:07:51 ----A---- C:\WINDOWS\system32\drivers\Dot4Prt.sys
2012-07-22 08:07:29 ----A---- C:\WINDOWS\system32\drivers\Dot4usb.sys
2012-07-22 08:07:27 ----A---- C:\WINDOWS\system32\drivers\Dot4.sys
2012-06-01 09:00:31 ----N---- C:\WINDOWS\system32\spmsg.dll
2012-06-01 09:00:31 ----D---- C:\WINDOWS\system32\PreInstall
2012-06-01 09:00:31 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2012-06-01 09:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2012-06-01 09:00:29 ----HD---- C:\WINDOWS\$hf_mig$
2012-06-01 07:05:18 ----D---- C:\WINDOWS\SxsCaPendDel
2012-05-31 21:49:18 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-05-31 18:17:28 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2012-05-31 15:01:01 ----D---- C:\Program Files\Steam
2012-05-31 15:00:03 ----A---- C:\WINDOWS\system32\drivers\dtsoftbus01.sys
2012-05-31 14:02:08 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2012-05-31 13:19:25 ----ASH---- C:\hiberfil.sys
2012-05-31 11:24:52 ----D---- C:\Program Files\StepMania
2012-05-31 11:24:05 ----A---- C:\WINDOWS\system32\GIF89.DLL
2012-05-31 11:24:04 ----D---- C:\Program Files\Free Easy Burner
2012-05-31 11:24:04 ----D---- C:\Documents and Settings\TomAdmin\Data aplikací\FreeBurner
2012-05-31 11:24:04 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2012-05-31 11:24:04 ----A---- C:\WINDOWS\system32\VB6FR.DLL
2012-05-31 11:24:04 ----A---- C:\WINDOWS\system32\SSubTmr6.dll
2012-05-31 11:24:04 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
2012-05-31 11:24:04 ----A---- C:\WINDOWS\system32\lame_enc.dll
2012-05-31 11:24:04 ----A---- C:\WINDOWS\system32\inetfr.DLL
2012-05-31 11:24:04 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL
2012-05-31 11:20:15 ----D---- C:\Documents and Settings\TomAdmin\Data aplikací\vlc
2012-05-31 11:19:24 ----D---- C:\Program Files\VideoLAN
2012-05-31 09:23:01 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2012-05-31 09:22:59 ----D---- C:\Program Files\Microsoft WSE
2012-05-31 09:22:30 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2012-05-31 09:22:28 ----D---- C:\WINDOWS\Logs
2012-05-31 09:19:54 ----D---- C:\Program Files\Electronic Arts
2012-05-28 14:34:13 ----A---- C:\WINDOWS\NeroDigital.ini
2012-05-27 10:36:26 ----D---- C:\Documents and Settings\TomAdmin\Data aplikací\.minecraft
2012-05-27 10:27:03 ----D---- C:\Program Files\Common Files\Java
2012-05-27 10:27:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2012-05-27 10:26:42 ----D---- C:\Program Files\Oracle
2012-05-27 10:26:36 ----D---- C:\Documents and Settings\TomAdmin\Data aplikací\Oracle
2012-05-27 10:26:32 ----A---- C:\WINDOWS\system32\npDeployJava1.dll
2012-05-27 10:26:32 ----A---- C:\WINDOWS\system32\javaws.exe
2012-05-27 10:26:32 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-05-27 10:26:28 ----A---- C:\WINDOWS\system32\javaw.exe
2012-05-27 10:26:27 ----A---- C:\WINDOWS\system32\java.exe
2012-05-27 10:26:19 ----D---- C:\Program Files\Java
2012-05-27 10:24:40 ----D---- C:\Documents and Settings\TomAdmin\Data aplikací\Sun
2012-05-27 10:24:17 ----D---- C:\Program Files\Minecraft PC Gamer Demo
2012-05-27 10:22:19 ----SHD---- C:\RECYCLER
2012-05-27 10:22:11 ----D---- C:\Documents and Settings\TomAdmin\Data aplikací\WinRAR
2012-05-27 10:22:05 ----D---- C:\Program Files\WinRAR
2012-05-27 10:21:14 ----D---- C:\Documents and Settings\TomAdmin\Data aplikací\Macromedia
2012-05-27 10:21:14 ----D---- C:\Documents and Settings\TomAdmin\Data aplikací\Adobe
2012-05-27 10:19:34 ----ASH---- C:\pagefile.sys
2012-05-15 08:43:54 ----D---- C:\WINDOWS\temp
2012-05-15 08:43:53 ----A---- C:\ComboFix.txt
2012-05-15 08:41:06 ----A---- C:\Boot.bak
2012-05-15 08:41:04 ----RASHD---- C:\cmdcons
2012-05-15 08:40:32 ----A---- C:\WINDOWS\zip.exe
2012-05-15 08:40:32 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-05-15 08:40:32 ----A---- C:\WINDOWS\SWSC.exe
2012-05-15 08:40:32 ----A---- C:\WINDOWS\SWREG.exe
2012-05-15 08:40:32 ----A---- C:\WINDOWS\sed.exe
2012-05-15 08:40:32 ----A---- C:\WINDOWS\PEV.exe
2012-05-15 08:40:32 ----A---- C:\WINDOWS\NIRCMD.exe
2012-05-15 08:40:32 ----A---- C:\WINDOWS\MBR.exe
2012-05-15 08:40:32 ----A---- C:\WINDOWS\grep.exe
2012-05-15 08:40:27 ----D---- C:\WINDOWS\ERDNT
2012-05-15 08:39:45 ----D---- C:\Qoobox
2012-05-15 08:26:13 ----D---- C:\Program Files\Google
2012-05-15 08:26:12 ----A---- C:\WINDOWS\system32\drivers\sptd.sys
2012-05-15 08:26:11 ----D---- C:\Documents and Settings\TomAdmin\Data aplikací\DAEMON Tools Lite
2012-05-15 08:26:10 ----D---- C:\Program Files\DAEMON Tools Lite
2012-05-15 08:24:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite

======List of files/folders modified in the last 3 months======

2012-07-22 08:32:18 ----RD---- C:\Program Files
2012-07-22 08:30:55 ----D---- C:\Program Files\Mozilla Firefox
2012-07-22 08:25:44 ----D---- C:\WINDOWS\system32
2012-07-22 08:25:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-07-22 08:23:16 ----SHD---- C:\WINDOWS\Installer
2012-07-22 08:22:19 ----D---- C:\WINDOWS\Prefetch
2012-07-22 08:22:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2012-07-22 08:21:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-07-22 08:21:53 ----D---- C:\WINDOWS
2012-07-22 08:21:45 ----D---- C:\WINDOWS\system32\CatRoot2
2012-07-22 08:20:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-07-22 08:18:54 ----HD---- C:\WINDOWS\inf
2012-07-22 08:11:55 ----D---- C:\WINDOWS\Help
2012-07-22 08:11:25 ----D---- C:\WINDOWS\system32\drivers
2012-07-22 08:11:18 ----D---- C:\WINDOWS\system32\drivers\AVG
2012-06-02 15:19:44 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2012-06-02 15:19:38 ----A---- C:\WINDOWS\system32\wuweb.dll
2012-06-02 15:19:38 ----A---- C:\WINDOWS\system32\wucltui.dll
2012-06-02 15:19:34 ----A---- C:\WINDOWS\system32\wups2.dll
2012-06-02 15:19:34 ----A---- C:\WINDOWS\system32\wups.dll
2012-06-02 15:19:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2012-06-02 15:19:34 ----A---- C:\WINDOWS\system32\wuauclt.exe
2012-06-02 15:19:34 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2012-06-02 15:19:34 ----A---- C:\WINDOWS\system32\cdm.dll
2012-06-02 15:19:24 ----A---- C:\WINDOWS\system32\wuapi.dll
2012-06-02 15:19:18 ----A---- C:\WINDOWS\system32\wuaueng.dll
2012-06-01 10:19:26 ----A---- C:\WINDOWS\wincmd.ini
2012-06-01 09:20:21 ----D---- C:\WINDOWS\repair
2012-06-01 09:20:20 ----SHD---- C:\System Volume Information
2012-06-01 09:20:04 ----D---- C:\WINDOWS\Registration
2012-06-01 09:00:37 ----A---- C:\WINDOWS\imsins.BAK
2012-06-01 09:00:29 ----D---- C:\WINDOWS\system32\CatRoot
2012-06-01 08:18:50 ----HD---- C:\Program Files\InstallShield Installation Information
2012-06-01 08:18:24 ----SD---- C:\Documents and Settings\TomAdmin\Data aplikací\Microsoft
2012-06-01 07:05:28 ----D---- C:\WINDOWS\WinSxS
2012-06-01 07:04:26 ----D---- C:\WINDOWS\system32\DirectX
2012-05-31 21:49:22 ----SD---- C:\WINDOWS\Tasks
2012-05-31 14:02:21 ----D---- C:\WINDOWS\SoftwareDistribution
2012-05-31 09:23:01 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-05-31 09:23:00 ----RSD---- C:\WINDOWS\assembly
2012-05-27 10:27:03 ----D---- C:\Program Files\Common Files
2012-05-15 08:43:18 ----A---- C:\WINDOWS\system.ini
2012-05-15 08:43:14 ----D---- C:\WINDOWS\system32\drivers\etc
2012-05-15 08:42:26 ----D---- C:\WINDOWS\AppPatch
2012-05-15 08:41:07 ----RASH---- C:\boot.ini
2012-05-15 08:06:47 ----D---- C:\Documents and Settings

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdide;amdide; C:\WINDOWS\system32\DRIVERS\amdide.sys [2007-10-11 9096]
R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 pssnap;Paramount Software Snapshot Filter; C:\WINDOWS\system32\DRIVERS\pssnap.sys [2011-12-22 16024]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-05-15 477240]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-05-31 242240]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-07-29 7084544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2011-03-30 101392]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134608]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
R3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
R3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-07-20 5795328]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-05-25 142336]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbfilter;AMD USB Filter Driver; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [2009-02-09 22328]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 an2jz2as;an2jz2as; C:\WINDOWS\system32\drivers\an2jz2as.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\TomAdmin\LOCALS~1\Temp\catchme.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSICDSetup;MSICDSetup; \??\D:\CDriver.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-07-28 643072]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [2012-04-04 161664]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service; C:\Program Files\Macrium\Reflect\ReflectService.exe [2011-12-22 224920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-15 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-15 136176]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

[Rudy]

Dejte log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Ebola1]

Přikládám, doufám, že je to takhle OK.
Díky moc.
Tomáš
ComboFix 12-07-21.01 - TomAdmin 22.07.2012 20:07:58.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1375 [GMT 2:00]
Spuštěný z: c:\documents and settings\TomAdmin\Plocha\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-22 do 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 08:32 . 2012-07-22 08:32 -------- d-----w- c:\documents and settings\TomAdmin\Local Settings\Data aplikací\Temp
2012-07-22 08:32 . 2012-07-22 08:32 -------- d-----w- c:\documents and settings\TomAdmin\Local Settings\Data aplikací\Adobe
2012-07-22 08:31 . 2012-07-22 08:31 -------- d-----w- c:\program files\Common Files\Adobe
2012-07-22 06:32 . 2012-07-22 06:32 -------- d-----w- c:\program files\trend micro
2012-07-22 06:32 . 2012-07-22 06:32 -------- d-----w- C:\rsit
2012-07-22 06:18 . 2012-07-22 06:18 0 ----a-w- c:\program files\GUM6F.tmp
2012-07-22 06:07 . 2001-08-17 19:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2012-07-22 06:07 . 2001-08-17 19:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2012-07-22 06:07 . 2001-10-24 09:43 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2012-07-22 06:07 . 2001-10-24 09:43 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2012-07-22 06:07 . 2008-04-13 22:09 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2012-07-22 06:07 . 2008-04-13 22:09 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 13:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-08-06 17:24 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2012-01-20 17:37 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2012-01-20 17:37 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2012-01-20 17:37 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2012-01-20 17:37 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2012-01-20 17:37 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 17:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2012-01-20 17:37 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2012-01-20 17:37 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 19:49 . 2012-05-31 19:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 19:49 . 2012-05-31 19:49 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-31 13:00 . 2012-05-31 13:00 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-27 08:26 . 2012-05-27 08:26 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-15 06:26 . 2012-05-15 06:26 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-12-21 07:39 . 2012-01-22 10:13 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-15_06.43.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 18:54 . 2009-07-11 18:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-11 23:07 . 2009-07-11 23:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-11 23:19 . 2009-07-11 23:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 17:41 . 2009-07-11 17:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2012-07-22 18:01 . 2012-07-22 18:01 16384 c:\windows\temp\Perflib_Perfdata_844.dat
+ 2012-05-31 09:24 . 2003-01-26 09:41 40960 c:\windows\system32\SSubTmr6.dll
+ 2012-06-01 07:00 . 2005-02-25 03:34 22752 c:\windows\system32\spupdsvc.exe
+ 2012-06-01 07:00 . 2010-07-05 13:13 18296 c:\windows\system32\spmsg.dll
+ 2012-07-22 06:11 . 2012-06-02 13:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-07-22 06:11 . 2012-06-02 13:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2012-05-31 12:02 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2008-04-14 12:00 . 2012-07-22 18:05 58596 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2012-05-15 06:34 58596 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2012-07-22 18:05 68736 c:\windows\system32\perfc005.dat
- 2008-04-14 12:00 . 2012-05-15 06:34 68736 c:\windows\system32\perfc005.dat
+ 2012-05-31 09:24 . 1998-07-12 19:00 15360 c:\windows\system32\inetfr.DLL
+ 2012-05-31 09:24 . 1998-07-13 14:53 44544 c:\windows\system32\GIF89.DLL
+ 2012-01-20 09:48 . 2008-04-14 05:44 58496 c:\windows\system32\drivers\redbook.sys
- 2012-01-20 09:48 . 2008-04-14 07:44 58496 c:\windows\system32\drivers\redbook.sys
- 2008-04-14 12:00 . 2008-04-14 12:00 42112 c:\windows\system32\drivers\imapi.sys
+ 2008-04-14 12:00 . 2008-04-13 22:11 42112 c:\windows\system32\drivers\imapi.sys
+ 2009-03-18 14:35 . 2009-03-18 14:35 26176 c:\windows\system32\drivers\hamachi.sys
+ 2008-04-14 12:00 . 2008-04-13 22:10 62976 c:\windows\system32\drivers\cdrom.sys
- 2008-04-14 12:00 . 2008-04-14 12:00 62976 c:\windows\system32\drivers\cdrom.sys
+ 2012-01-20 17:37 . 2012-06-02 13:19 35864 c:\windows\system32\dllcache\wups.dll
+ 2012-01-20 17:37 . 2012-06-02 13:19 53784 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-04-14 12:00 . 2012-06-02 13:19 97304 c:\windows\system32\dllcache\cdm.dll
+ 2012-05-31 09:24 . 1998-07-12 15:00 32768 c:\windows\system32\CMDLGFR.DLL
+ 2012-07-22 06:23 . 2012-07-22 06:23 22016 c:\windows\Installer\1e1b5.msi
+ 2012-05-31 13:01 . 2012-05-31 13:01 27648 c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
+ 2012-06-01 07:00 . 2005-02-25 03:34 22240 c:\windows\$hf_mig$\KB898461\update\spcustom.dll
+ 2012-05-31 12:29 . 2005-02-25 03:34 22752 c:\windows\$hf_mig$\KB898461\spupdsvc.exe
+ 2012-06-01 07:00 . 2005-02-25 03:34 15072 c:\windows\$hf_mig$\KB898461\spmsg.dll
+ 2012-07-22 06:08 . 2001-10-24 10:23 9216 c:\windows\system32\spool\drivers\w32x86\3\hpcstr.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-06 18:23 . 2007-11-06 18:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2009-07-11 23:12 . 2009-07-11 23:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-11 23:09 . 2009-07-11 23:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-11 23:08 . 2009-07-11 23:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2012-05-31 07:23 . 2008-09-05 00:22 447752 c:\windows\system32\vp6vfw.dll
+ 2012-05-31 09:24 . 1999-03-25 15:00 101888 c:\windows\system32\VB6STKIT.DLL
+ 2012-05-31 09:24 . 2000-10-01 15:00 119568 c:\windows\system32\VB6FR.DLL
+ 2012-07-22 06:08 . 2001-10-24 10:23 136192 c:\windows\system32\spool\drivers\w32x86\3\hpcfont.dll
- 2008-04-14 12:00 . 2012-05-15 06:34 392296 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2012-07-22 18:05 392296 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2012-07-22 18:05 389664 c:\windows\system32\perfh005.dat
- 2008-04-14 12:00 . 2012-05-15 06:34 389664 c:\windows\system32\perfh005.dat
+ 2012-05-27 08:26 . 2012-04-04 16:47 772504 c:\windows\system32\npDeployJava1.dll
+ 2012-05-31 09:24 . 1998-07-12 19:00 141312 c:\windows\system32\MSCMCFR.DLL
+ 2012-05-31 19:49 . 2012-05-31 19:49 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-05-31 19:49 . 2012-05-31 19:49 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-05-31 09:24 . 2008-09-24 18:33 484352 c:\windows\system32\lame_enc.dll
+ 2012-05-27 08:26 . 2012-04-04 16:47 227720 c:\windows\system32\javaws.exe
+ 2012-05-27 08:26 . 2012-05-27 08:26 174024 c:\windows\system32\javaw.exe
+ 2012-05-27 08:26 . 2012-05-27 08:26 174024 c:\windows\system32\java.exe
+ 2012-01-20 17:36 . 2012-01-09 16:20 139784 c:\windows\system32\drivers\rdpwd.sys
+ 2012-01-20 17:37 . 2012-06-02 13:19 210968 c:\windows\system32\dllcache\wuweb.dll
+ 2012-01-20 17:37 . 2012-06-02 13:19 329240 c:\windows\system32\dllcache\wucltui.dll
+ 2012-01-20 17:37 . 2012-06-02 13:19 577048 c:\windows\system32\dllcache\wuapi.dll
+ 2012-01-20 17:36 . 2012-01-09 16:20 139784 c:\windows\system32\dllcache\rdpwd.sys
+ 2012-05-27 08:27 . 2012-05-27 08:27 176128 c:\windows\Installer\61d6b.msi
+ 2012-05-27 08:26 . 2012-05-27 08:26 457216 c:\windows\Installer\61d65.msi
+ 2012-05-27 08:26 . 2012-05-27 08:26 863744 c:\windows\Installer\61d61.msi
+ 2012-06-01 05:05 . 2012-06-01 05:05 424960 c:\windows\Installer\4c0eaec.msi
+ 2012-05-31 07:22 . 2012-05-31 07:22 884736 c:\windows\assembly\GAC_MSIL\Microsoft.Web.Services3\3.0.0.0__31bf3856ad364e35\Microsoft.Web.Services3.dll
+ 2012-06-01 07:00 . 2005-02-25 03:34 380128 c:\windows\$NtUninstallKB898461$\spuninst\updspapi.dll
+ 2012-06-01 07:00 . 2005-02-25 03:34 211680 c:\windows\$NtUninstallKB898461$\spuninst\spuninst.exe
+ 2012-06-01 07:00 . 2005-02-25 03:34 380128 c:\windows\$hf_mig$\KB898461\update\updspapi.dll
+ 2012-06-01 07:00 . 2005-02-25 03:34 722144 c:\windows\$hf_mig$\KB898461\update\update.exe
+ 2012-06-01 07:00 . 2005-02-25 03:34 211680 c:\windows\$hf_mig$\KB898461\spuninst.exe
+ 2009-07-11 18:46 . 2009-07-11 18:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 18:46 . 2009-07-11 18:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2012-05-31 19:49 . 2012-05-31 19:49 8797856 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
+ 2012-01-20 17:37 . 2012-06-02 13:19 1933848 c:\windows\system32\dllcache\wuaueng.dll
+ 2012-05-31 07:22 . 2006-09-28 14:05 2414360 c:\windows\system32\d3dx9_31.dll
+ 2012-07-22 08:31 . 2012-07-22 08:31 2305536 c:\windows\Installer\772184.msi
+ 2012-07-22 06:11 . 2012-07-22 06:11 2208768 c:\windows\Installer\48919.msi
+ 2012-05-31 07:23 . 2012-05-31 07:23 1013248 c:\windows\Installer\18ea54.msi
+ 2012-05-31 13:01 . 2012-05-31 13:01 1095680 c:\windows\Installer\14eb56f.msi
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"Steam"="c:\program files\Steam\Steam.exe" [2012-05-31 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mafia ii\\pc\\Mafia2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\worms reloaded\\WormsReloaded.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11.7.2011 2:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 7:30 32592]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [22.12.2011 18:11 16024]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.10.2011 7:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 2:14 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [31.5.2012 15:00 242240]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 7:09 192776]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [22.12.2011 18:11 224920]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [21.1.2012 12:35 101392]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11.7.2011 2:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11.7.2011 2:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [4.10.2011 7:21 16720]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [21.1.2012 12:19 22328]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12.10.2011 7:25 4433248]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.5.2012 8:26 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.1.2012 12:26 1684736]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15.5.2012 8:26 136176]
S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-15 06:26]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-15 06:26]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 84.16.120.1 84.16.96.2
FF - ProfilePath - c:\documents and settings\TomAdmin\Data aplikací\Mozilla\Firefox\Profiles\vov3t9fy.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-22 20:09
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence0"="15-SBWS-31B4-7V8T-QTG7-KTJ5-MWHAEQH"
"Activated"="Y"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2012-07-22 20:10:32
ComboFix-quarantined-files.txt 2012-07-22 18:10
ComboFix2.txt 2012-05-15 06:43
.
Před spuštěním: Volných bajtů: 217 035 980 800
Po spuštění: Volných bajtů: 217 081 802 752
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 8368B6C028A1124CB5958987F1326DAC

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\program files\GUM6F.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Regnull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Ebola1]

Dobrý den,
omlouvám se, ale v den, když jsme problém řešili, tady vypadla elektrika a druhý den jsem musel odjet a dostal jsem se k počítači až teď.
Udělal jsem vše podle Vašich pokynů, přikládám log.
Moc díky

Tomáš

ComboFix 12-07-31.05 - TomAdmin 03.08.2012 9:46.3.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1401 [GMT 2:00]
Spuštěný z: c:\documents and settings\TomAdmin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\TomAdmin\Plocha\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Vytvořen nový Bod Obnovení
.
file zipped: c:\program files\GUM6F.tmp
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\GUM6F.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-03 do 2012-08-03 )))))))))))))))))))))))))))))))
.
.
2012-07-22 08:32 . 2012-07-22 08:32 -------- d-----w- c:\documents and settings\TomAdmin\Local Settings\Data aplikací\Temp
2012-07-22 08:32 . 2012-07-22 08:32 -------- d-----w- c:\documents and settings\TomAdmin\Local Settings\Data aplikací\Adobe
2012-07-22 08:31 . 2012-07-22 08:31 -------- d-----w- c:\program files\Common Files\Adobe
2012-07-22 06:32 . 2012-07-22 06:32 -------- d-----w- c:\program files\trend micro
2012-07-22 06:32 . 2012-07-22 06:32 -------- d-----w- C:\rsit
2012-07-22 06:07 . 2001-08-17 19:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2012-07-22 06:07 . 2001-08-17 19:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2012-07-22 06:07 . 2001-10-24 09:43 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2012-07-22 06:07 . 2001-10-24 09:43 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2012-07-22 06:07 . 2008-04-13 22:09 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2012-07-22 06:07 . 2008-04-13 22:09 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 13:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-08-06 17:24 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2012-01-20 17:37 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2012-01-20 17:37 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2012-01-20 17:37 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2012-01-20 17:37 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2012-01-20 17:37 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 17:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2012-01-20 17:37 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2012-01-20 17:37 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 19:49 . 2012-05-31 19:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 19:49 . 2012-05-31 19:49 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-31 13:00 . 2012-05-31 13:00 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-27 08:26 . 2012-05-27 08:26 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-15 06:26 . 2012-05-15 06:26 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-12-21 07:39 . 2012-01-22 10:13 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-22_18.09.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-03 07:50 . 2012-08-03 07:50 16384 c:\windows\temp\Perflib_Perfdata_1f4.dat
- 2008-04-14 12:00 . 2012-07-22 18:05 58596 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2012-08-03 07:40 58596 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2012-07-22 18:05 68736 c:\windows\system32\perfc005.dat
+ 2008-04-14 12:00 . 2012-08-03 07:40 68736 c:\windows\system32\perfc005.dat
+ 2011-06-06 10:55 . 2011-06-06 10:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\Acrofx32.dll
- 2008-04-14 12:00 . 2012-07-22 18:05 392296 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2012-08-03 07:40 392296 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2012-08-03 07:40 389664 c:\windows\system32\perfh005.dat
- 2008-04-14 12:00 . 2012-07-22 18:05 389664 c:\windows\system32\perfh005.dat
+ 2011-06-06 10:55 . 2011-06-06 10:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 10:55 . 2011-06-06 10:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-04-04 13:32 . 2012-04-04 13:32 16613376 c:\windows\Installer\22f00.msp
+ 2011-06-06 10:55 . 2011-06-06 10:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\AcroRd32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"Steam"="c:\program files\Steam\Steam.exe" [2012-05-31 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mafia ii\\pc\\Mafia2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\worms reloaded\\WormsReloaded.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11.7.2011 2:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 7:30 32592]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [22.12.2011 18:11 16024]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.10.2011 7:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 2:14 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [31.5.2012 15:00 242240]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12.10.2011 7:25 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 7:09 192776]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [22.12.2011 18:11 224920]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [21.1.2012 12:35 101392]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11.7.2011 2:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11.7.2011 2:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [4.10.2011 7:21 16720]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [21.1.2012 12:19 22328]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.5.2012 8:26 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.1.2012 12:26 1684736]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\TomAdmin\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\TomAdmin\LOCALS~1\Temp\CFcatchme.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15.5.2012 8:26 136176]
S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 84.16.120.1 84.16.96.2
FF - ProfilePath - c:\documents and settings\TomAdmin\Data aplikací\Mozilla\Firefox\Profiles\vov3t9fy.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-03 09:50
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1020)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2012-08-03 09:53:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-03 07:53
ComboFix2.txt 2012-07-22 18:10
ComboFix3.txt 2012-05-15 06:43
.
Před spuštěním: Volných bajtů: 216 956 628 992
Po spuštění: Volných bajtů: 216 944 377 856
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9F0BE75BD677A15F9914F6A83AF87187
Nahr nˇ probŘhlo ŁspŘçnŘ

[Rudy]

Smazáno. Nastala nějaká změna?

[Ebola1]

Dobrý večer,
zatím se to tváří dobře, tak snad to bude OK.
Moc, moc díky.

Zdravím

Tomáš

[Rudy]

CF odinstalujte Start>spustit>(napsat) combofix /uninstall>OK. Nemáte zač!