problemy s partition

Zpráva

syskey · #1 Příspěvek od **syskey** » 28 úno 2011 18:18

Na stolnim PC mi nejde otevrit 2. oddil disku (ten nesystemovy). V >>Tento počítač<< se tváří jako složka a při "otevření" se zobrazí "D:\ přístup byl odepřen". Při startu PC se zobrazuje upozornění, že chybí soubor csrss.exe v uvedenem adresáři, resp. v daném adresáři nemůže tento soubor nalézt. Následuje zpráva pro odstranění aktuálního souboru WIN.INI. Posilam log z RSIT.

Logfile of random's system information tool 1.08 (written by random/random)
Run by uzivatel at 2011-02-28 18:02:39
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 57 GB (71%) free of 80 GB
Total RAM: 1023 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:02:51, on 28.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\rundll32.exe
D:\Štěpa\programy\power iso\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Virtuos\ICQ6\ICQ6.5\ICQ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
D:\Downloads\RSIT.exe
C:\Program Files\trend micro\uzivatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=bf
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=bf&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:53798
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_2.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
F3 - REG:win.ini: load=C:\DOCUME~1\uzivatel\LOCALS~1\Temp\csrss.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_2.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_2.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Štěpa\programy\power iso\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Assassin G13] C:\Program Files\Assassin G13\assassin.exe -s
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ICQ] "D:\Virtuos\ICQ6\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [CE8SIIFGSU] C:\DOCUME~1\uzivatel\LOCALS~1\Temp\Yrx.exe
O4 - HKCU\..\Run: [engel] C:\Documents and Settings\uzivatel\Data aplikací\updates\updates.exe
O4 - HKCU\..\Run: [Windows SafeAssist] C:\Documents and Settings\uzivatel\Data aplikací\winlogon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Virtuos\ICQ6\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Virtuos\ICQ6\ICQ6.5\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11657 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-484061587-1644491937-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-484061587-1644491937-1003UA.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-11-24 1623392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-10-06 2475336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll [2011-01-28 726016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-16 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_2.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-10-06 2475336]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_2.dll [2010-10-18 3908192]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll [2011-01-28 726016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe [2005-04-26 589824]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"PWRISOVM.EXE"=D:\Štěpa\programy\power iso\PowerISO\PWRISOVM.EXE [2009-03-15 180224]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-16 149280]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-11-24 2069344]
"Assassin G13"=C:\Program Files\Assassin G13\assassin.exe -s []
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-01-28 526336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-12-05 135664]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"ICQ"=D:\Virtuos\ICQ6\ICQ6.5\ICQ.exe [2010-11-16 172856]
"CE8SIIFGSU"=C:\DOCUME~1\uzivatel\LOCALS~1\Temp\Yrx.exe []
"engel"=C:\Documents and Settings\uzivatel\Data aplikací\updates\updates.exe []
"Windows SafeAssist"=C:\Documents and Settings\uzivatel\Data aplikací\winlogon.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Rychlé spuštění aplikace HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-07-15 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMHelp"=1
"NoSMConfigurePrograms"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Štěpa\programy\pinnacle\Programs\RM.exe"="D:\Štěpa\programy\pinnacle\Programs\RM.exe:*:Enabled:Render Manager"
"D:\Štěpa\programy\pinnacle\Programs\PMSRegisterFile.exe"="D:\Štěpa\programy\pinnacle\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"D:\Štěpa\programy\pinnacle\Programs\umi.exe"="D:\Štěpa\programy\pinnacle\Programs\umi.exe:*:Enabled:umi"
"D:\Štěpa\programy\pinnacle\Programs\VideoSpin.exe"="D:\Štěpa\programy\pinnacle\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"D:\Virtuos\ICQ6\ICQ.exe"="D:\Virtuos\ICQ6\ICQ.exe:*:Enabled:ICQ Library"
"C:\Program Files\VUGames\SWAT 4\Content\System\Swat4DedicatedServer.exe"="C:\Program Files\VUGames\SWAT 4\Content\System\Swat4DedicatedServer.exe:*:Enabled:SWAT 4"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"D:\Štěpa\programy\winzip\ICQ6.5\ICQ.exe"="D:\Štěpa\programy\winzip\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Virtuos\ICQ6\ICQ6.5\ICQ.exe"="D:\Virtuos\ICQ6\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe"="C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe:*:Enabled:CLI Application (Command Line Interface)"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe"="C:\Program Files\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"Windows Firewall"="C:\Documents and Settings\uzivatel\Data aplikací\winlogon.exe"
"Windows SafeAssist"="C:\Documents and Settings\uzivatel\Data aplikací\winlogon.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-02-28 18:02:39 ----D---- C:\rsit
2011-02-28 18:02:39 ----D---- C:\Program Files\trend micro
2011-02-27 16:18:53 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Search Settings
2011-02-27 16:18:45 ----D---- C:\Program Files\pdfforge Toolbar
2011-02-27 16:18:45 ----D---- C:\Program Files\Application Updater
2011-02-20 21:16:07 ----A---- C:\WINDOWS\system32\drivers\wplfiw.sys
2011-02-20 21:14:01 ----A---- C:\Documents and Settings\uzivatel\Data aplikací\internetfiles213.tmp
2011-02-20 21:13:23 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\updates
2011-02-17 21:32:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\POPWWPROFILES
2011-02-12 09:22:32 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\facemoods.com
2011-02-11 18:30:08 ----D---- C:\Program Files\ConduitEngine
2011-02-11 18:29:59 ----D---- C:\Program Files\uTorrentBar
2011-02-11 18:23:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\InstallMate
2011-02-10 18:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-02-10 18:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-02-10 18:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-02-10 18:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-02-10 17:58:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-02-10 17:57:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-02-10 17:57:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$

======List of files/folders modified in the last 1 months======

2011-02-28 18:02:39 ----RD---- C:\Program Files
2011-02-28 17:58:15 ----AD---- C:\WINDOWS
2011-02-28 17:52:20 ----D---- C:\WINDOWS\Temp
2011-02-28 17:49:23 ----D---- C:\WINDOWS\system32\drivers\Avg
2011-02-28 17:45:10 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-28 17:44:49 ----D---- C:\WINDOWS\system32
2011-02-28 17:38:56 ----A---- C:\WINDOWS\ntbtlog.txt
2011-02-28 12:06:07 ----D---- C:\WINDOWS\Prefetch
2011-02-27 23:43:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-27 22:34:44 ----HD---- C:\WINDOWS\inf
2011-02-27 18:45:11 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-27 16:59:14 ----RSD---- C:\WINDOWS\Fonts
2011-02-27 16:59:01 ----SHD---- C:\WINDOWS\Installer
2011-02-27 16:59:01 ----HD---- C:\Config.Msi
2011-02-27 16:58:59 ----D---- C:\WINDOWS\system32\drivers
2011-02-27 16:58:53 ----A---- C:\WINDOWS\VFO.INI
2011-02-27 16:18:46 ----D---- C:\WINDOWS\WinSxS
2011-02-27 16:18:45 ----D---- C:\Program Files\Common Files\Spigot
2011-02-22 21:48:45 ----SD---- C:\Documents and Settings\uzivatel\Data aplikací\Microsoft
2011-02-20 21:39:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2011-02-20 21:17:58 ----D---- C:\Program Files\BS_Player
2011-02-18 20:29:44 ----D---- C:\WINDOWS\Downloaded Installations
2011-02-17 21:32:17 ----D---- C:\Program Files\Ubisoft
2011-02-17 21:28:30 ----D---- C:\Program Files\MPlayer for Windows
2011-02-16 17:41:07 ----SD---- C:\WINDOWS\Tasks
2011-02-14 21:00:41 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Skype
2011-02-13 10:12:57 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2011-02-10 18:02:54 ----D---- C:\WINDOWS\system32\dllcache
2011-02-10 18:02:48 ----A---- C:\WINDOWS\imsins.BAK
2011-02-10 17:59:23 ----A---- C:\WINDOWS\system32\MRT.exe
2011-02-10 17:59:11 ----D---- C:\WINDOWS\system32\cs-cz
2011-02-10 17:59:11 ----D---- C:\Program Files\Internet Explorer
2011-02-10 17:58:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-02-10 17:57:37 ----HD---- C:\WINDOWS\$hf_mig$
2011-02-05 16:22:44 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSErHrxpx;AVG9IDSErHr; C:\WINDOWS\System32\Drivers\AVGIDSxx.sys [2010-07-15 25168]
R0 AvgRkx86;avgrkx86.sys; C:\WINDOWS\System32\Drivers\avgrkx86.sys [2010-04-16 52872]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-04-26 60928]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-18 77568]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-07-15 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-25 29584]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-07-15 243024]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-04-16 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0 wplfiw;wplfiw; C:\WINDOWS\system32\drivers\wplfiw.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-04-16 30104]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744]
S3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-11 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 PAC207;PC Camera; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 508160]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-05-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-18 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-01-28 387072]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-11-24 2331544]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-16 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-03-17 520192]
S2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-07-15 5897808]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-10-06 517448]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

syskey · #2 Příspěvek od **syskey** » 28 úno 2011 18:25

nouzový režim už jsem zkoušel.

#3 Příspěvek od **motji** » 28 úno 2011 18:48

Dobrý večer

Vidím tam breberky, tak to odvirujeme a uvidíme

Stahněte Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkuste stahnout jiný

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

-spusťte ho a nechejte pracovat. Sám se ukončí.

-

Ted nerestartujte počítač!

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
-přejmenujte combofix na cokoliv.com

syskey · #4 Příspěvek od **syskey** » 01 bře 2011 19:25

log z rkill:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01.03.2011 at 17:14:45.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\WINDOWS\system32\verclsid.exe

Rkill completed on 01.03.2011 at 17:14:53.

Jinak - Combofix jsem zkousel, samozrejme s vyplim rezidentnim stitem AVG9.0 (free) a firewallem windows, jenze to mu nestacilo a byla vyzadovana odinstalace AVG, kde byl v zaverecne fazi problem se zapisem do registru => instalace selhala protokol o chybe prikladam v souboru.

#5 Příspěvek od **motji** » 01 bře 2011 21:26

Zkuste AVG odinstalovat tímto
http://www.slunecnice.cz/sw/appremover/

syskey · #6 Příspěvek od **syskey** » 01 bře 2011 22:23

Diky, problem vyresen (smazani udaju z registru CCleanerem a rucni odstraneni). Posilam log z ComboFix

ComboFix 11-02-28.07 - uzivatel 01.03.2011 22:04:59.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.633 [GMT 1:00]
Spuštěný z: c:\documents and settings\uzivatel\Plocha\cokoliv.com.exe
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Data aplikací\facemoods.com
c:\documents and settings\LocalService\Data aplikací\PriceGong
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\LocalService\Data aplikací\PriceGong\Data\z.xml
c:\documents and settings\uzivatel\Data aplikací\facemoods.com
c:\documents and settings\uzivatel\Data aplikací\Microsoft\Google
c:\documents and settings\uzivatel\Data aplikací\Microsoft\Google\s.txt
c:\program files\pdfforge Toolbar\IE\4.3\pdFForgetoolbarie.dll
c:\windows\system32\driVERs\wplfiw.sys
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
D:\Autorun.inf
d:\driver\info
d:\driver\info\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS
-------\Legacy_wplfiw
-------\Service_wplfiw

((((((((((((((((((((((((( Soubory vytvořené od 2011-02-01 do 2011-03-01 )))))))))))))))))))))))))))))))
.

2011-03-01 21:11 . 2011-03-01 21:11 -------- d-----w- c:\windows\system32\wbem\snmp
2011-03-01 21:11 . 2011-03-01 21:11 -------- d-----w- c:\windows\system32\xircom
2011-03-01 21:11 . 2011-03-01 21:11 -------- d-----w- c:\windows\srchasst
2011-03-01 20:36 . 2011-03-01 20:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2011-03-01 20:27 . 2011-03-01 20:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-03-01 19:49 . 2011-03-01 19:49 -------- d-----w- c:\program files\CCleaner
2011-02-28 17:02 . 2011-02-28 17:02 -------- d-----w- C:\rsit
2011-02-28 17:02 . 2011-02-28 17:02 -------- d-----w- c:\program files\trend micro
2011-02-27 15:18 . 2011-02-27 15:18 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\Search Settings
2011-02-27 15:18 . 2011-02-27 15:18 -------- d-----w- c:\program files\pdfforge Toolbar
2011-02-27 15:18 . 2011-02-27 15:18 -------- d-----w- c:\program files\Application Updater
2011-02-20 20:17 . 2011-02-20 20:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Conduit
2011-02-20 20:16 . 2011-02-20 20:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\BS_Player
2011-02-20 20:16 . 2011-02-20 20:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\uTorrentBar
2011-02-20 20:16 . 2011-02-20 20:16 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-02-20 20:14 . 2011-02-20 20:14 9 ----a-w- c:\documents and settings\uzivatel\Data aplikací\internetfiles213.tmp
2011-02-20 20:13 . 2011-02-22 20:51 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\updates
2011-02-17 20:32 . 2011-02-17 20:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\POPWWPROFILES
2011-02-17 20:31 . 2002-12-05 13:12 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-02-17 20:31 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-02-17 20:31 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-02-17 20:31 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-02-17 20:31 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-02-17 20:31 . 2011-02-17 20:31 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-02-17 20:31 . 2011-02-17 20:31 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-02-11 17:30 . 2011-02-17 20:49 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Data aplikací\uTorrentBar
2011-02-11 17:30 . 2011-02-17 20:49 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Data aplikací\ConduitEngine
2011-02-11 17:30 . 2011-02-11 17:30 -------- d-----w- c:\program files\ConduitEngine
2011-02-11 17:29 . 2011-02-11 17:30 -------- d-----w- c:\program files\uTorrentBar
2011-02-11 17:23 . 2011-02-11 17:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\InstallMate

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2008-04-14 06:51 440320 ------w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 06:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 05:45 1854976 ------w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-04-14 06:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:06 . 2008-05-18 21:06 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:06 . 2008-05-18 21:05 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:06 . 2008-05-18 21:05 78336 ------w- c:\windows\system32\ieencode.dll
2010-12-20 23:06 . 2008-05-18 21:05 17408 ------w- c:\windows\system32\corpol.dll
2010-12-20 17:25 . 2008-04-14 06:51 729088 ------w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-05-18 21:05 389120 ------w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2008-04-14 06:51 713216 ------w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2008-04-14 06:07 2194944 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2008-04-14 08:06 2071552 ------w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2008-04-14 06:51 33280 ------w- c:\windows\system32\csrsrv.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_2.dll" [2010-10-18 3908192]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\BS_Player\tbBS_2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_2.dll" [2010-10-18 3908192]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_2.dll" [2010-10-18 3908192]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\uzivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-12-05 135664]
"ICQ"="d:\virtuos\ICQ6\ICQ6.5\ICQ.exe" [2010-11-16 172856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PWRISOVM.EXE"="d:\štěpa\programy\power iso\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-16 149280]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2010-12-20 124928]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 16:38 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VUGames\\SWAT 4\\Content\\System\\Swat4DedicatedServer.exe"=
"d:\\Virtuos\\ICQ6\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"Windows Firewall"= c:\documents and settings\uzivatel\Data aplikací\winlogon.exe
"Windows SafeAssist"= c:\documents and settings\uzivatel\Data aplikací\winlogon.exe

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [16.4.2010 18:22 25168]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28.1.2011 17:10 387072]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [14.7.2009 15:43 222456]
S2 avg9emc;AVG E-mail Scanner;"c:\program files\AVG\AVG9\avgemc.exe" --> c:\program files\AVG\AVG9\avgemc.exe [?]
S2 avg9wd;AVG WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]
S2 avgfws9;AVG Firewall;"c:\program files\AVG\AVG9\avgfws9.exe" --> c:\program files\AVG\AVG9\avgfws9.exe [?]
S2 AVGIDSAgent;AVG9IDSAgent;"c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent --> c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [16.4.2010 18:18 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [16.4.2010 18:18 30104]
S3 AVGIDSDriverxpx;AVG9IDSDriver;\??\c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys --> c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [?]
S3 AVGIDSFilterxpx;AVG9IDSFilter;\??\c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys --> c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [?]
S3 AVGIDSShimxpx;AVG9IDSShim;\??\c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys --> c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [?]
S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29.5.2007 12:30 508160]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2011-02-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 17:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.facemoods.com/?a=bf
uInternet Settings,ProxyServer = http=127.0.0.1:53798
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\p475vrlv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-engel - c:\documents and settings\uzivatel\Data aplikací\updates\updates.exe
HKCU-Run-Windows SafeAssist - c:\documents and settings\uzivatel\Data aplikací\winlogon.exe
HKLM-Run-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
HKLM-Run-Assassin G13 - c:\program files\Assassin G13\assassin.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-01 22:11
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE03.00.00.01MSWINDOWS"="D2DF06E18AAD372FF58051A255B4350AAF307CEF8F04AE5205A81576ADC777EFA7A46CA4AE1CEC35D5CA6CB48555178F4ADC7A018D1C4A083CBCE42E11D9E817E7426CA7E0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452FEBC9E127BECC74C9DB7CE019D40AA5C5F43E7773EF8214B9964C28AF00F6F588ACDDFA28E92BBADAE81B068085989AA247D4EE9B7CCB0858EF2C52735EFD3E55A8E38AB7A6CA783C4D9CDC4573910E13A1F77B7384C859903E4F918B8D9CAA7BEFBD2A188ACFB5833186727200260BE65F88793440499B507A6B9F25EC2157EB63ADD989950DBDF86BAA0C7DF5A23E05D05B77418E4BB0EA0C9710FBC0547CFB2929CE9C2BA41CF3DE3B01F48CCD572CEDE529421428F5BC883A309A1DB488399F46432CB317760495BE16BBF49CA1CD94539F481D48A576CAB64410A6AD38545729FD3315F22CF140C95AFDEA3288B911E60581039F8426BBFDD5B2B3679480340CCF2A45233DF7604BC31F392E7757E6F50C458EF77609DE04DBF6C271DBE17B87DF789FDF556C0F65F7A003157109D662486975E7B7949538399680B7763B4D9D911783805FCB5BC1A5A38FE17155D528E2C41CAC958AC0166DAEE94933108451A30BEBA51218BCD9BE186619FC2A32751097BE2FECD7876EDB50458D1A82E418D09DA2521936E4AA5E6889C385EC67DC5B421B7872DD1E3A824DE4FE350B8B7169505788C2BFC76118510DE7FAB13105889C03B28CC529FB7E06B57D4AFAEB5AA92229B0042C9B6C8992135E677C8BE88A71BC8F5090620506D4932FDD20A6F5481D0D93CB4DC184C47F715B58F9C0EEB70299BDD42ED053B0DCA0510CAB8B733A66060566530C8AD737E558345B527A98C14D29CDB800ED54879D88DAD1B0B778DD5C2363A331A96C75AB0BF7130537E673B74463DA51F91EA8E9AD0928905E800EAF59A1B4906BF345DC5ABED1D05BAAFB0E8C0D13AC274057B9C0395CDE961110A5592F64925F9E8931A5D19FE4DC2573A7B48890F25176B6215A5D8A31D4E96D420833F7D3728DEB914BED5CEE60E9753DD69586A17A6351B9B0C00BF2BB3A7A076A66AA59EC0CC41FE0C8A78ACA96AAA2309B4840EE43FB22FDDB5C6C026A374E00870F4E251B2CF0A5822DB1EB50FA2445C1C0B2226AAE6301723532FD0AA8D4909D0122E7653BE4A890BCC5E6608D11E6F8D9E9054D92B63867B736C72A0DC7C5D8B98CFE4341BB4D83813B7051F0271200C53BAECF4A7F3D173A8135B31062F8E27173B649EA726D4A06C146CDB32E0219FB2A581E9B86EEE43696174C7E176F92E10864E21D8DCDD3E07040D1094F57AD33BF8B5E76DC329269E3836167D4D4F2CFAED148E587E2B1008BC6BCD119D85B85C0245"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3740)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Celkový čas: 2011-03-01 22:15:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-01 21:15

Před spuštěním: Volných bajtů: 59 799 642 112
Po spuštění: Volných bajtů: 59 807 604 736

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 8745743638A6FB68B27C8226C7510B0D

Zkontrolujte prosim jak je na tom PC s temi viry, jinak po restartovani pocitace ComboFixem v posledni fazi (pred vytvorenim logu) je problem s diskovym oddilem vyresen (vse ok). Diky.

#7 Příspěvek od **motji** » 01 bře 2011 22:35

Pak domažeme nějaké drobnosti. Ještě projedte počítač mbamem.

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

syskey · #8 Příspěvek od **syskey** » 02 bře 2011 09:40

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5928

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2.3.2011 9:35:26
mbam-log-2011-03-02 (09-35-15).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 217846
Uplynulý čas: 28 minut, 46 sekund

Infikované procesy v paměti: 2
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 5
Infikované datové položky v registru: 1
Infikované složky: 0
Infikované soubory: 8

Infikované procesy v paměti:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 548 -> No action taken.
c:\program files\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> 144 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> No action taken.

Infikované datové položky v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> No action taken.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> No action taken.
c:\program files\pdfforge toolbar\widgihelper.exe (PUP.Dealio) -> No action taken.
c:\program files\mplayer for windows\codecs\msvidc32.dll (Trojan.FakeMS) -> No action taken.
c:\Qoobox\quarantine\C\program files\pdfforge toolbar\IE\4.3\pdfforgetoolbarie.dll.vir (PUP.Dealio) -> No action taken.
c:\system volume information\_restore{1a7eca85-9cef-400f-9ff2-24d419dadf88}\RP11\A0000633.dll (PUP.Dealio) -> No action taken.
d:\tamara\Lamik sw\nero v6.3.1.25\Keygen.exe (Hacktool.Gen) -> No action taken.
c:\program files\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> No action taken.

#9 Příspěvek od **motji** » 02 bře 2011 12:07

Poprosím o nový log ze rsitu. Jak to vypadá s počítačem?

syskey · #10 Příspěvek od **syskey** » 02 bře 2011 14:13

Logfile of random's system information tool 1.08 (written by random/random)
Run by uzivatel at 2011-03-02 14:11:19
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 56 GB (71%) free of 80 GB
Total RAM: 1023 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:11:27, on 2.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Downloads\RSIT.exe
C:\Program Files\trend micro\uzivatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=bf
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:53798
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_2.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (file missing)
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_2.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_2.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Štěpa\programy\power iso\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "D:\Virtuos\ICQ6\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Virtuos\ICQ6\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Virtuos\ICQ6\ICQ6.5\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: AVG E-mail Scanner (avg9emc) - Unknown owner - C:\Program Files\AVG\AVG9\avgemc.exe (file missing)
O23 - Service: AVG WatchDog (avg9wd) - Unknown owner - C:\Program Files\AVG\AVG9\avgwdsvc.exe (file missing)
O23 - Service: AVG Firewall (avgfws9) - Unknown owner - C:\Program Files\AVG\AVG9\avgfws9.exe (file missing)
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - Unknown owner - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9074 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-16 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_2.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_2.dll [2010-10-18 3908192]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe [2005-04-26 589824]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"PWRISOVM.EXE"=D:\Štěpa\programy\power iso\PowerISO\PWRISOVM.EXE [2009-03-15 180224]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-16 149280]
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-01-28 526336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-12-05 135664]
"ICQ"=D:\Virtuos\ICQ6\ICQ6.5\ICQ.exe [2010-11-16 172856]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Rychlé spuštění aplikace HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-07-15 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSMHelp"=1
"NoSMConfigurePrograms"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\VUGames\SWAT 4\Content\System\Swat4DedicatedServer.exe"="C:\Program Files\VUGames\SWAT 4\Content\System\Swat4DedicatedServer.exe:*:Enabled:SWAT 4"
"D:\Virtuos\ICQ6\ICQ6.5\ICQ.exe"="D:\Virtuos\ICQ6\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe"="C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe:*:Enabled:CLI Application (Command Line Interface)"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"Windows Firewall"="C:\Documents and Settings\uzivatel\Data aplikací\winlogon.exe"
"Windows SafeAssist"="C:\Documents and Settings\uzivatel\Data aplikací\winlogon.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-03-02 11:26:48 ----D---- C:\WINDOWS\LastGood
2011-03-02 09:35:26 ----A---- C:\mbam-log-2011-03-02 (09-35-15).txt
2011-03-02 09:02:31 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Malwarebytes
2011-03-02 09:02:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-03-02 09:02:21 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-03-02 09:02:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-03-02 09:02:18 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-03-01 22:35:34 ----SHD---- C:\RECYCLER
2011-03-01 22:15:37 ----A---- C:\ComboFix.txt
2011-03-01 22:11:12 ----D---- C:\Program Files\xerox
2011-03-01 22:11:07 ----D---- C:\WINDOWS\system32\xircom
2011-03-01 22:11:07 ----D---- C:\WINDOWS\srchasst
2011-03-01 22:11:06 ----D---- C:\Program Files\msn gaming zone
2011-03-01 22:11:05 ----D---- C:\Program Files\microsoft frontpage
2011-03-01 22:03:51 ----A---- C:\Boot.bak
2011-03-01 22:03:43 ----RASHD---- C:\cmdcons
2011-03-01 22:02:28 ----A---- C:\WINDOWS\zip.exe
2011-03-01 22:02:28 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-03-01 22:02:28 ----A---- C:\WINDOWS\SWSC.exe
2011-03-01 22:02:28 ----A---- C:\WINDOWS\SWREG.exe
2011-03-01 22:02:28 ----A---- C:\WINDOWS\sed.exe
2011-03-01 22:02:28 ----A---- C:\WINDOWS\PEV.exe
2011-03-01 22:02:28 ----A---- C:\WINDOWS\NIRCMD.exe
2011-03-01 22:02:28 ----A---- C:\WINDOWS\MBR.exe
2011-03-01 22:02:28 ----A---- C:\WINDOWS\grep.exe
2011-03-01 22:02:21 ----D---- C:\WINDOWS\ERDNT
2011-03-01 21:36:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG10
2011-03-01 21:27:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-03-01 20:49:24 ----D---- C:\Program Files\CCleaner
2011-03-01 17:45:26 ----AD---- C:\Qoobox
2011-02-28 18:02:39 ----D---- C:\rsit
2011-02-28 18:02:39 ----D---- C:\Program Files\trend micro
2011-02-27 16:18:53 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Search Settings
2011-02-27 16:18:45 ----D---- C:\Program Files\pdfforge Toolbar
2011-02-27 16:18:45 ----D---- C:\Program Files\Application Updater
2011-02-20 21:14:01 ----A---- C:\Documents and Settings\uzivatel\Data aplikací\internetfiles213.tmp
2011-02-20 21:13:23 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\updates
2011-02-17 21:32:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\POPWWPROFILES
2011-02-11 18:30:08 ----D---- C:\Program Files\ConduitEngine
2011-02-11 18:29:59 ----D---- C:\Program Files\uTorrentBar
2011-02-11 18:23:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\InstallMate
2011-02-10 18:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-02-10 18:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-02-10 18:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-02-10 18:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-02-10 17:58:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-02-10 17:57:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-02-10 17:57:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$

======List of files/folders modified in the last 1 months======

2011-03-02 14:11:20 ----D---- C:\WINDOWS\Prefetch
2011-03-02 13:45:19 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Skype
2011-03-02 12:21:22 ----AD---- C:\WINDOWS
2011-03-02 11:33:23 ----SHD---- C:\WINDOWS\Installer
2011-03-02 11:33:22 ----RD---- C:\Program Files
2011-03-02 11:33:22 ----D---- C:\Config.Msi
2011-03-02 11:33:11 ----D---- C:\WINDOWS\Temp
2011-03-02 11:33:11 ----D---- C:\WINDOWS\system32\drivers
2011-03-02 11:33:10 ----HD---- C:\WINDOWS\inf
2011-03-02 11:26:46 ----D---- C:\WINDOWS\system32\drivers\Avg
2011-03-02 11:26:31 ----D---- C:\WINDOWS\system32\dllcache
2011-03-02 11:25:16 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-02 11:25:13 ----D---- C:\WINDOWS\system32
2011-03-01 22:15:00 ----SD---- C:\WINDOWS\Tasks
2011-03-01 22:11:47 ----A---- C:\WINDOWS\system.ini
2011-03-01 22:11:20 ----D---- C:\WINDOWS\system32\drivers\etc
2011-03-01 22:11:12 ----D---- C:\WINDOWS\Help
2011-03-01 22:11:11 ----D---- C:\WINDOWS\system32\wbem
2011-03-01 22:11:07 ----D---- C:\WINDOWS\ime
2011-03-01 22:11:07 ----D---- C:\Program Files\Windows NT
2011-03-01 22:09:22 ----D---- C:\WINDOWS\system32\config
2011-03-01 22:06:56 ----D---- C:\WINDOWS\AppPatch
2011-03-01 22:06:50 ----D---- C:\Program Files\Common Files
2011-03-01 22:03:51 ----RASH---- C:\boot.ini
2011-03-01 22:02:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-01 21:52:04 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\ICQ
2011-03-01 21:35:10 ----D---- C:\WINDOWS\WinSxS
2011-03-01 21:14:16 ----D---- C:\WINDOWS\Debug
2011-03-01 21:14:08 ----D---- C:\WINDOWS\Minidump
2011-03-01 20:43:36 ----SD---- C:\Documents and Settings\uzivatel\Data aplikací\Microsoft
2011-03-01 20:42:20 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-01 18:14:36 ----SHD---- C:\System Volume Information
2011-03-01 18:14:36 ----D---- C:\WINDOWS\system32\Restore
2011-02-27 18:45:11 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-27 16:59:14 ----RSD---- C:\WINDOWS\Fonts
2011-02-27 16:58:53 ----A---- C:\WINDOWS\VFO.INI
2011-02-27 16:18:45 ----D---- C:\Program Files\Common Files\Spigot
2011-02-20 21:39:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2011-02-20 21:17:58 ----D---- C:\Program Files\BS_Player
2011-02-18 20:29:44 ----D---- C:\WINDOWS\Downloaded Installations
2011-02-17 21:32:17 ----D---- C:\Program Files\Ubisoft
2011-02-17 21:28:30 ----D---- C:\Program Files\MPlayer for Windows
2011-02-13 10:12:57 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2011-02-10 17:59:23 ----A---- C:\WINDOWS\system32\MRT.exe
2011-02-10 17:59:11 ----D---- C:\WINDOWS\system32\cs-cz
2011-02-10 17:59:11 ----D---- C:\Program Files\Internet Explorer
2011-02-10 17:58:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-02-05 16:22:44 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSErHrxpx;AVG9IDSErHr; C:\WINDOWS\System32\Drivers\AVGIDSxx.sys [2010-07-15 25168]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-04-26 60928]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-18 77568]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-07-12 30432]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 PAC207;PC Camera; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 508160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys []
R4 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys []
R4 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys []
R4 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys []
R4 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys []
R4 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-07-12 30432]
S3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
S3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
S3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\cokoliv.com\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744]
S3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-11 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-05-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-18 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-01-28 387072]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-16 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-03-17 520192]
S2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe []
S2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe []
S2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe []
S2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

syskey · #11 Příspěvek od **syskey** » 02 bře 2011 15:07

Stav PC: Akorat pri opetovne instalaci AVG byl problem s pravy (pro pristup funkce Watchdog - pro tuto funkci byl mimochodem potreba SP3 ktery ted stahuji).

#12 Příspěvek od **motji** » 02 bře 2011 16:19

AVG v poslední době dělá docela problémy. Pokud nemáte koupenou licenci, popřemýšlela bych o jiném antiviru.

Už jste ho nainstaloval? Jestli ne, tak neinstalujte, ještě bych přes combofix něco domazala. Jen napište, at vím

syskey · #13 Příspěvek od **syskey** » 02 bře 2011 16:31

To byla instalace komercni verze AVG (s licenci). A po tech neuspesnych instalacich jsem cekal na vasi radu (-takze to jeste nemam nainstalovane)

#14 Příspěvek od **motji** » 02 bře 2011 16:55

Fajn, ještě domažu nějaké zbytečnosti, až combofix odinstalujeme, tak dáte zpět AVG.

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
C:\Program Files\ConduitEngine
C:\Program Files\uTorrentBar
C:\Documents and Settings\uzivatel\Data aplikací\Search Settings
 C:\Program Files\pdfforge Toolbar
C:\Program Files\Application Updater

File::
C:\Documents and Settings\uzivatel\Data aplikací\internetfiles213.tmp

DDS::
uStart Page = hxxp://start.facemoods.com/?a=bf

Firefox::
FF - ProfilePath - c:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\p475vrlv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= -
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://tharifas.sweb.cz/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

***********

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

syskey · #15 Příspěvek od **syskey** » 02 bře 2011 18:12

ComboFix 11-02-28.07 - uzivatel 02.03.2011 17:58:18.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.626 [GMT 1:00]
Spuštěný z: c:\documents and settings\uzivatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\uzivatel\Plocha\CFScript.txt

FILE ::
"c:\documents and settings\uzivatel\Data aplikací\internetfiles213.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\uzivatel\Data aplikací\Search Settings
c:\program files\Application Updater
c:\program files\Application Updater\ApplicationUpdater.exe
c:\program files\Application Updater\config.ini
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\toolbar.cfg
c:\program files\pdfforge Toolbar
c:\program files\pdfforge Toolbar\FF\chrome.manifest
c:\program files\pdfforge Toolbar\FF\chrome\content\chevron.js
c:\program files\pdfforge Toolbar\FF\chrome\content\chevron.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\login.js
c:\program files\pdfforge Toolbar\FF\chrome\content\login.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\parser.js
c:\program files\pdfforge Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\pdfforge Toolbar\FF\chrome\content\searchbox.js
c:\program files\pdfforge Toolbar\FF\chrome\content\searchbox.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\utils.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgicomm.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgihandling.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgichevron.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\widgiui.js
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\amazon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\ebay.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\chevron.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_branding.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_icon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-button.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\searchbox.css
c:\program files\pdfforge Toolbar\FF\chrome\skin\splitter.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\pdfforge Toolbar\FF\install.rdf
c:\program files\pdfforge Toolbar\IE\4.3\config.ini
c:\program files\pdfforge Toolbar\Res\amazon.gif
c:\program files\pdfforge Toolbar\Res\ebay.gif
c:\program files\pdfforge Toolbar\Res\icon_settings.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif
c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\Res\search-button-hover.gif
c:\program files\pdfforge Toolbar\Res\search-button.gif
c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\Res\search-chevron.gif
c:\program files\pdfforge Toolbar\Res\search_amazon.gif
c:\program files\pdfforge Toolbar\Res\search_ebay.gif
c:\program files\pdfforge Toolbar\Res\search_yahoo.gif
c:\program files\pdfforge Toolbar\Res\widgets.xml
c:\program files\pdfforge Toolbar\WidgiHelper.exe
c:\program files\uTorrentBar
c:\program files\uTorrentBar\GottenAppsContextMenu.xml
c:\program files\uTorrentBar\INSTALL.LOG
c:\program files\uTorrentBar\OtherAppsContextMenu.xml
c:\program files\uTorrentBar\SharedAppsContextMenu.xml
c:\program files\uTorrentBar\tbuTor.dll
c:\program files\uTorrentBar\toolbar.cfg
c:\program files\uTorrentBar\ToolbarContextMenu.xml
c:\program files\uTorrentBar\UNWISE.EXE
c:\program files\uTorrentBar\uTorrentBarToolbarHelper.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_Application_Updater
-------\Legacy_Application_Updater
-------\Service_Application Updater
-------\Service_Application Updater

((((((((((((((((((((((((( Soubory vytvořené od 2011-02-02 do 2011-03-02 )))))))))))))))))))))))))))))))
.

2011-03-02 17:06 . 2011-03-02 17:06 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\Search Settings
2011-03-02 15:12 . 2011-03-02 15:12 -------- d-----w- c:\documents and settings\uzivatel\.dvdcss
2011-03-02 08:02 . 2011-03-02 08:02 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\Malwarebytes
2011-03-02 08:02 . 2011-03-02 08:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-03-02 08:02 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-02 08:02 . 2011-03-02 08:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-02 08:02 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-01 21:11 . 2011-03-01 21:11 -------- d-----w- c:\windows\system32\wbem\snmp
2011-03-01 21:11 . 2011-03-01 21:11 -------- d-----w- c:\windows\system32\xircom
2011-03-01 21:11 . 2011-03-01 21:11 -------- d-----w- c:\windows\srchasst
2011-03-01 21:11 . 2011-03-01 21:11 -------- d-----w- c:\program files\microsoft frontpage
2011-03-01 20:36 . 2011-03-02 13:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2011-03-01 20:27 . 2011-03-01 20:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-03-01 19:49 . 2011-03-01 19:49 -------- d-----w- c:\program files\CCleaner
2011-02-28 17:02 . 2011-03-02 13:11 -------- d-----w- c:\program files\trend micro
2011-02-28 17:02 . 2011-02-28 17:02 -------- d-----w- C:\rsit
2011-02-20 20:17 . 2011-02-20 20:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Conduit
2011-02-20 20:16 . 2011-02-20 20:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\BS_Player
2011-02-20 20:16 . 2011-02-20 20:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\uTorrentBar
2011-02-20 20:16 . 2011-02-20 20:16 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-02-20 20:14 . 2011-02-20 20:14 9 ----a-w- c:\documents and settings\uzivatel\Data aplikací\internetfiles213.tmp
2011-02-20 20:13 . 2011-02-22 20:51 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\updates
2011-02-17 20:32 . 2011-02-17 20:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\POPWWPROFILES
2011-02-17 20:31 . 2002-12-05 13:12 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-02-17 20:31 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-02-17 20:31 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-02-17 20:31 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-02-17 20:31 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-02-17 20:31 . 2011-02-17 20:31 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-02-17 20:31 . 2011-02-17 20:31 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-02-11 17:30 . 2011-02-17 20:49 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Data aplikací\uTorrentBar
2011-02-11 17:30 . 2011-02-17 20:49 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Data aplikací\ConduitEngine
2011-02-11 17:23 . 2011-02-11 17:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\InstallMate

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2008-04-14 06:51 440320 ------w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 06:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 05:45 1854976 ------w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-04-14 06:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:06 . 2008-05-18 21:06 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:06 . 2008-05-18 21:05 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:06 . 2008-05-18 21:05 78336 ------w- c:\windows\system32\ieencode.dll
2010-12-20 23:06 . 2008-05-18 21:05 17408 ------w- c:\windows\system32\corpol.dll
2010-12-20 17:25 . 2008-04-14 06:51 729088 ------w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-05-18 21:05 389120 ------w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2008-04-14 06:51 713216 ------w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2008-04-14 06:07 2194944 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2008-04-14 08:06 2071552 ------w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2008-04-14 06:51 33280 ------w- c:\windows\system32\csrsrv.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-03-01_21.11.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-02 17:06 . 2011-03-02 17:06 16384 c:\windows\Temp\Perflib_Perfdata_454.dat
+ 2010-04-16 17:18 . 2010-07-12 03:33 30432 c:\windows\system32\drivers\avgfwdx.sys
+ 2010-04-16 17:18 . 2010-07-12 03:33 51040 c:\windows\system32\avgfwdx.dll
+ 2008-04-14 06:51 . 2008-04-14 06:51 640000 c:\windows\system32\dllcache\dbghelp.dll
+ 2011-03-02 10:24 . 2011-03-02 10:24 1568768 c:\windows\Installer\872f30.msi
+ 2011-03-02 13:43 . 2011-03-02 13:43 1568768 c:\windows\Installer\19800.msi
+ 2011-03-02 13:18 . 2011-03-02 13:18 1568768 c:\windows\Installer\125d534.msi
+ 2011-03-01 21:29 . 2011-03-01 21:29 1568768 c:\windows\Installer\1173e8.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\uzivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-12-05 135664]
"ICQ"="d:\virtuos\ICQ6\ICQ6.5\ICQ.exe" [2010-11-16 172856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PWRISOVM.EXE"="d:\štěpa\programy\power iso\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-16 149280]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2010-12-20 124928]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 16:38 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VUGames\\SWAT 4\\Content\\System\\Swat4DedicatedServer.exe"=
"d:\\Virtuos\\ICQ6\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"Windows Firewall"= c:\documents and settings\uzivatel\Data aplikací\winlogon.exe
"Windows SafeAssist"= c:\documents and settings\uzivatel\Data aplikací\winlogon.exe

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [16.4.2010 18:22 25168]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [14.7.2009 15:43 222456]
S2 avg9emc;AVG E-mail Scanner;"c:\program files\AVG\AVG9\avgemc.exe" --> c:\program files\AVG\AVG9\avgemc.exe [?]
S2 avg9wd;AVG WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]
S2 avgfws9;AVG Firewall;"c:\program files\AVG\AVG9\avgfws9.exe" --> c:\program files\AVG\AVG9\avgfws9.exe [?]
S2 AVGIDSAgent;AVG9IDSAgent;"c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent --> c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [16.4.2010 18:18 30432]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [16.4.2010 18:18 30432]
S3 AVGIDSDriverxpx;AVG9IDSDriver;\??\c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys --> c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [?]
S3 AVGIDSFilterxpx;AVG9IDSFilter;\??\c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys --> c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [?]
S3 AVGIDSShimxpx;AVG9IDSShim;\??\c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys --> c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [?]
S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29.5.2007 12:30 508160]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2011-02-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 17:35]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:53798
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\p475vrlv.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-uTorrentBar Toolbar - c:\progra~1\UTORRE~1\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-02 18:06
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE03.00.00.01MSWINDOWS"="D2DF06E18AAD372FF58051A255B4350AAF307CEF8F04AE5205A81576ADC777EFA7A46CA4AE1CEC35D5CA6CB48555178F4ADC7A018D1C4A083CBCE42E11D9E817E7426CA7E0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452FEBC9E127BECC74C9DB7CE019D40AA5C5F43E7773EF8214B9964C28AF00F6F588ACDDFA28E92BBADAE81B068085989AA247D4EE9B7CCB0858EF2C52735EFD3E55A8E38AB7A6CA783C4D9CDC4573910E13A1F77B7384C859903E4F918B8D9CAA7BEFBD2A188ACFB5833186727200260BE65F88793440499B507A6B9F25EC2157EB63ADD989950DBDF86BAA0C7DF5A23E05D05B77418E4BB0EA0C9710FBC0547CFB2929CE9C2BA41CF3DE3B01F48CCD572CEDE529421428F5BC883A309A1DB488399F46432CB317760495BE16BBF49CA1CD94539F481D48A576CAB64410A6AD38545729FD3315F22CF140C95AFDEA3288B911E60581039F8426BBFDD5B2B3679480340CCF2A45233DF7604BC31F392E7757E6F50C458EF77609DE04DBF6C271DBE17B87DF789FDF556C0F65F7A003157109D662486975E7B7949538399680B7763B4D9D911783805FCB5BC1A5A38FE17155D528E2C41CAC958AC0166DAEE94933108451A30BEBA51218BCD9BE186619FC2A32751097BE2FECD7876EDB50458D1A82E418D09DA2521936E4AA5E6889C385EC67DC5B421B7872DD1E3A824DE4FE350B8B7169505788C2BFC76118510DE7FAB13105889C03B28CC529FB7E06B57D4AFAEB5AA92229B0042C9B6C8992135E677C8BE88A71BC8F5090620506D4932FDD20A6F5481D0D93CB4DC184C47F715B58F9C0EEB70299BDD42ED053B0DCA0510CAB8B733A66060566530C8AD737E558345B527A98C14D29CDB800ED54879D88DAD1B0B778DD5C2363A331A96C75AB0BF7130537E673B74463DA51F91EA8E9AD0928905E800EAF59A1B4906BF345DC5ABED1D05BAAFB0E8C0D13AC274057B9C0395CDE961110A5592F64925F9E8931A5D19FE4DC2573A7B48890F25176B6215A5D8A31D4E96D420833F7D3728DEB914BED5CEE60E9753DD69586A17A6351B9B0C00BF2BB3A7A076A66AA59EC0CC41FE0C8A78ACA96AAA2309B4840EE43FB22FDDB5C6C026A374E00870F4E251B2CF0A5822DB1EB50FA2445C1C0B2226AAE6301723532FD0AA8D4909D0122E7653BE4A890BCC5E6608D11E6F8D9E9054D92B63867B736C72A0DC7C5D8B98CFE4341BB4D83813B7051F0271200C53BAECF4A7F3D173A8135B31062F8E27173B649EA726D4A06C146CDB32E0219FB2A581E9B86EEE43696174C7E176F92E10864E21D8DCDD3E07040D1094F57AD33BF8B5E76DC329269E3836167D4D4F2CFAED148E587E2B1008BC6BCD119D85B85C0245"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2896)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Celkový čas: 2011-03-02 18:09:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-02 17:09

Před spuštěním: Volných bajtů: 59 048 452 096
Po spuštění: Volných bajtů: 59 033 333 760

- - End Of File - - 6100D60CC9D23F81AEB6D1379C2C316C

VIRY.CZ

problemy s partition

problemy s partition

Re: problemy s partition

Re: problemy s partition

Re: problemy s partition

Re: problemy s partition

Re: problemy s partition

Re: problemy s partition

Re: problemy s partition

Re: problemy s partition

Re: problemy s partition

Re: problemy s partition

Re: problemy s partition

Re: problemy s partition

Re: problemy s partition

Re: problemy s partition