Nefunkční stránky antivirů

[petruvak]

Dobrý den,
bohužel se mi nedaří připojit na webové stránky všech známých výrobců antivirů.
Aktualizace microsoft update funguje.
Zkoušel jsem spustit Combofix, ale nedaří se mi odinstalovat AVG a to ani v nouzovém režimu.

Přikládám log z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Pitrs at 2011-03-19 12:40:59
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 359 GB (75%) free of 477 GB
Total RAM: 2047 MB (58% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-09-24 756840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-11-24 1623392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-11-26 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-02 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-04-17 16143872]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Ai Quicker Help"=C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe [2006-11-09 3165696]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2004-06-28 57344]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-12-18 76304]
"Bluetooth Connection Assistant"=LBTWIZ.EXE -silent []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-11-24 2069344]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-12-18 40368]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe [2008-01-29 2449455]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe []
"RGSC"=C:\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []
""= []
"JP595IR86O"=C:\WINDOWS\TEMP\Vhd.exe []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-02-18 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Games\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Games\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\Games\Half Life 2\hl2.exe"="C:\Games\Half Life 2\hl2.exe:*:Disabled:hl2"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Games\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="C:\Games\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)"
"C:\Games\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="C:\Games\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Games\Brothers in Arms - Hell's Highway\Binaries\biahh.exe"="C:\Games\Brothers in Arms - Hell's Highway\Binaries\biahh.exe:*:Enabled:biahh"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Games\Battlefield Bad Company 2\BFBC2Updater.exe"="C:\Games\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Games\Call of Duty - Black Ops\BlackOps.exe"="C:\Games\Call of Duty - Black Ops\BlackOps.exe:*:Enabled:BlackOps"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-03-19 12:02:27 ----D---- C:\rsit
2011-03-19 12:02:27 ----D---- C:\Program Files\trend micro
2011-03-18 22:04:50 ----SHD---- C:\Config.Msi
2011-03-18 20:42:05 ----A---- C:\WINDOWS\ntbtlog.txt
2011-03-16 21:00:22 ----A---- C:\WINDOWS\system32\drivers\fsbts.sys
2011-03-16 20:37:36 ----HD---- C:\WINDOWS\system32\GroupPolicy
2011-03-16 19:14:32 ----D---- C:\Qoobox
2011-03-09 19:37:22 ----A---- C:\Documents and Settings\Pitrs\Data aplikací\B.tmp
2011-03-09 00:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-08 23:56:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-03-06 17:14:43 ----A---- C:\WINDOWS\d.ini
2011-03-02 19:53:42 -------- C:\Documents and Settings\Pitrs\Data aplikací\Cvrcre.exe
2011-02-27 22:26:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$

======List of files/folders modified in the last 1 months======

2011-03-19 12:40:55 ----D---- C:\Documents and Settings\Pitrs\Data aplikací\Free Download Manager
2011-03-19 12:40:01 ----D---- C:\WINDOWS\Temp
2011-03-19 12:26:42 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-19 12:10:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-19 12:02:27 ----RD---- C:\Program Files
2011-03-19 11:58:03 ----SD---- C:\WINDOWS\Tasks
2011-03-19 11:33:08 ----A---- C:\WINDOWS\wincmd.ini
2011-03-19 09:54:32 ----D---- C:\CD_Images
2011-03-19 08:42:12 ----D---- C:\WINDOWS\system32\drivers
2011-03-19 08:42:12 ----D---- C:\WINDOWS\system32
2011-03-19 08:42:12 ----D---- C:\WINDOWS
2011-03-19 08:42:11 ----D---- C:\WINDOWS\system32\drivers\Avg
2011-03-19 08:41:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2011-03-19 07:55:34 ----D---- C:\Program Files\xerox
2011-03-18 22:53:33 ----A---- C:\WINDOWS\NeroDigital.ini
2011-03-18 22:13:40 ----D---- C:\Games
2011-03-18 22:04:50 ----SHD---- C:\WINDOWS\Installer
2011-03-18 21:52:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-18 20:42:53 ----D---- C:\Documents and Settings
2011-03-16 22:28:01 ----D---- C:\WINDOWS\Prefetch
2011-03-13 14:02:26 ----D---- C:\Program Files\Mozilla Firefox
2011-03-09 00:00:23 ----HD---- C:\WINDOWS\inf
2011-03-09 00:00:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-08 23:56:46 ----A---- C:\WINDOWS\system32\MRT.exe
2011-03-08 23:56:43 ----A---- C:\WINDOWS\imsins.BAK
2011-03-08 23:49:50 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-06 17:14:44 ----D---- C:\Program Files\totalcmd
2011-03-01 20:00:08 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 fsbts;fsbts; C:\WINDOWS\system32\Drivers\fsbts.sys [2011-03-16 26624]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-10-24 697328]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-07-18 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-02 29584]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-07-18 243024]
R1 FreeOTFE;FreeOTFE; \??\C:\WINDOWS\system32\FreeOTFE.sys []
R1 FreeOTFECypherAES_ltc;FreeOTFECypherAES_ltc; \??\C:\WINDOWS\system32\FreeOTFECypherAES_ltc.sys []
R1 FreeOTFECypherBlowfish;FreeOTFECypherBlowfish; \??\C:\WINDOWS\system32\FreeOTFECypherBlowfish.sys []
R1 FreeOTFECypherCAST5;FreeOTFECypherCAST5; \??\C:\WINDOWS\system32\FreeOTFECypherCAST5.sys []
R1 FreeOTFECypherCAST6_Gladman;FreeOTFECypherCAST6_Gladman; \??\C:\WINDOWS\system32\FreeOTFECypherCAST6_Gladman.sys []
R1 FreeOTFECypherDES;FreeOTFECypherDES; \??\C:\WINDOWS\system32\FreeOTFECypherDES.sys []
R1 FreeOTFECypherMARS_Gladman;FreeOTFECypherMARS_Gladman; \??\C:\WINDOWS\system32\FreeOTFECypherMARS_Gladman.sys []
R1 FreeOTFECypherRC6_ltc;FreeOTFECypherRC6_ltc; \??\C:\WINDOWS\system32\FreeOTFECypherRC6_ltc.sys []
R1 FreeOTFECypherSerpent_Gladman;FreeOTFECypherSerpent_Gladman; \??\C:\WINDOWS\system32\FreeOTFECypherSerpent_Gladman.sys []
R1 FreeOTFECypherTwofish_ltc;FreeOTFECypherTwofish_ltc; \??\C:\WINDOWS\system32\FreeOTFECypherTwofish_ltc.sys []
R1 FreeOTFEHashMD;FreeOTFEHashMD; \??\C:\WINDOWS\system32\FreeOTFEHashMD.sys []
R1 FreeOTFEHashRIPEMD;FreeOTFEHashRIPEMD; \??\C:\WINDOWS\system32\FreeOTFEHashRIPEMD.sys []
R1 FreeOTFEHashSHA;FreeOTFEHashSHA; \??\C:\WINDOWS\system32\FreeOTFEHashSHA.sys []
R1 FreeOTFEHashTiger;FreeOTFEHashTiger; \??\C:\WINDOWS\system32\FreeOTFEHashTiger.sys []
R1 FreeOTFEHashWhirlpool;FreeOTFEHashWhirlpool; \??\C:\WINDOWS\system32\FreeOTFEHashWhirlpool.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-01-29 21035]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-01-03 281760]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-07-06 9728]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-01-03 25888]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2004-07-06 26240]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-17 4262912]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-03 10232128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-05-06 232064]
S2 MLPTDR_C;MLPTDR_C; \??\C:\WINDOWS\system32\MLPTDR_C.sys []
S3 a8zoqrv7;a8zoqrv7; C:\WINDOWS\system32\drivers\a8zoqrv7.sys []
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\WINDOWS\System32\Drivers\frmupgr.sys [2007-01-03 27536]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-09-05 176128]
S3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2006-06-14 29184]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-18 308136]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-03-01 1405384]
R2 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-02-18 121360]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-28 135664]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[petruvak]

Zkoušel jsem ComboFix a ten se nespustí přes AVG a to jsem tam deaktivoval rezidentní štít.
Také jsem ho chtěl úplně odinstalovat, ale tam mě to hází hlášku:

Tento počítač: instalace selhala
Instalace:
Chyba: Selhala akce pro klíč registru HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: vytváření registrového klíče....
Přístup je odepřen.

Nemáte prosím nějaký fígl jak odstranit to AVG?

[petruvak]

Na odinstalovaní AVG jsem zkusil program Revo Uninstaller a tím to také nelze.
Můžete mi prosím někdo poslat třeba na mail, nebo někam nahrát program AVG Remover? Protože mi nefungují stránky výrobce, tak si ho nemohu sám stáhnout.
Předem děkuji.

[Rudy]

Zkuste AVG uninstall tool: http://www.crystalidea.com/avg-uninstall-tool .

[petruvak]

Tak bohužel to také nejde a hlásí to pořád stejnou chybu. Mám AVG 9.0 a to nelze klasicky zavřít, jak popisují v návodu u uninstall tools.
Nevíte, zda AVG Remover funguje stejně?

[Rudy]

To nevím, AVG nepoužívám již od 6. verze. Zkuste ten AVG Remover: http://www.ulozto.cz/8356461/avg-remove ... 1-1184-exe .

[petruvak]

Děkuji, konečně se to povedlo, tak posílám ten výpis z ComboFixu:

ComboFix 11-03-18.03 - Pitrs 20.03.2011 12:50:50.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1482 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pitrs\Plocha\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\ntuser.pol
c:\program files\AdVantage
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc
c:\windows\d.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
-------\Service_SSHNAS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-20 do 2011-03-20 )))))))))))))))))))))))))))))))
.
.
2011-03-09 18:37 . 2011-03-09 18:37 111616 ----a-w- c:\documents and settings\Pitrs\Data aplikací\B.tmp
2011-03-02 18:53 . 2011-03-09 18:37 111616 ------w- c:\documents and settings\Pitrs\Data aplikací\Cvrcre.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 08:35 . 2008-01-29 22:38 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2004-08-17 14:49 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-17 14:49 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 12:55 . 2009-11-27 09:16 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-02-02 20:40 . 2010-07-13 14:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2008-05-04 11:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 17:11 . 2009-10-03 09:05 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58 . 2008-01-29 21:18 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-01-29 21:18 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-17 14:49 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-17 14:48 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-08-17 14:44 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-17 14:49 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:06 . 2004-08-17 14:49 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:06 . 2004-08-17 14:49 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:06 . 2004-08-17 14:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:06 . 2004-08-17 14:49 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 17:25 . 2004-08-17 14:49 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-17 14:44 389120 ----a-w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-01-29 2449455]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"Ai Quicker Help"="c:\program files\ASUS\ASUS DH Remote\AsRc.exe" [2006-11-09 3165696]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-06-28 57344]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-13 809488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 22:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [16.3.2011 21:00 26624]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.11.2009 10:07 64288]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.2.2008 17:36 697328]
R1 FreeOTFE;FreeOTFE;c:\windows\system32\FreeOTFE.sys [19.2.2011 10:01 31856]
R1 FreeOTFECypherAES_ltc;FreeOTFECypherAES_ltc;c:\windows\system32\FreeOTFECypherAES_ltc.sys [19.2.2011 10:01 47216]
R1 FreeOTFECypherBlowfish;FreeOTFECypherBlowfish;c:\windows\system32\FreeOTFECypherBlowfish.sys [19.2.2011 10:01 25200]
R1 FreeOTFECypherCAST5;FreeOTFECypherCAST5;c:\windows\system32\FreeOTFECypherCAST5.sys [19.2.2011 10:01 31088]
R1 FreeOTFECypherCAST6_Gladman;FreeOTFECypherCAST6_Gladman;c:\windows\system32\FreeOTFECypherCAST6_Gladman.sys [19.2.2011 10:01 29808]
R1 FreeOTFECypherDES;FreeOTFECypherDES;c:\windows\system32\FreeOTFECypherDES.sys [19.2.2011 10:01 56816]
R1 FreeOTFECypherMARS_Gladman;FreeOTFECypherMARS_Gladman;c:\windows\system32\FreeOTFECypherMARS_Gladman.sys [19.2.2011 10:01 26480]
R1 FreeOTFECypherRC6_ltc;FreeOTFECypherRC6_ltc;c:\windows\system32\FreeOTFECypherRC6_ltc.sys [19.2.2011 10:01 26096]
R1 FreeOTFECypherSerpent_Gladman;FreeOTFECypherSerpent_Gladman;c:\windows\system32\FreeOTFECypherSerpent_Gladman.sys [19.2.2011 10:01 29168]
R1 FreeOTFECypherTwofish_ltc;FreeOTFECypherTwofish_ltc;c:\windows\system32\FreeOTFECypherTwofish_ltc.sys [19.2.2011 10:01 31856]
R1 FreeOTFEHashMD;FreeOTFEHashMD;c:\windows\system32\FreeOTFEHashMD.sys [19.2.2011 10:01 16880]
R1 FreeOTFEHashRIPEMD;FreeOTFEHashRIPEMD;c:\windows\system32\FreeOTFEHashRIPEMD.sys [19.2.2011 10:01 32624]
R1 FreeOTFEHashSHA;FreeOTFEHashSHA;c:\windows\system32\FreeOTFEHashSHA.sys [19.2.2011 10:01 26224]
R1 FreeOTFEHashTiger;FreeOTFEHashTiger;c:\windows\system32\FreeOTFEHashTiger.sys [19.2.2011 10:01 22128]
R1 FreeOTFEHashWhirlpool;FreeOTFEHashWhirlpool;c:\windows\system32\FreeOTFEHashWhirlpool.sys [19.2.2011 10:01 30704]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.3.2009 18:54 247096]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12.8.2010 13:15 1405384]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.11.2009 8:57 135664]
S2 MLPTDR_C;MLPTDR_C;c:\windows\system32\MLPTDR_C.SYS [3.9.2002 19:31 19296]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12.8.2010 13:15 15232]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [29.1.2008 22:53 176128]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [29.1.2008 22:53 13532]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 13:06]
.
2011-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 07:57]
.
2011-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 07:57]
.
2011-03-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
TCP: {E3E92465-081F-4E72-A49A-072ED05811EA} = 81.2.209.93,10.32.80.2
FF - ProfilePath - c:\documents and settings\Pitrs\Data aplikací\Mozilla\Firefox\Profiles\0cqqbf5q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
HKCU-Run-RGSC - c:\games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKLM-Run-nwiz - nwiz.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-20 12:56
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Rwrcrt = c:\documents and settings\Pitrs\Data aplikac?\Rwrcrt.exe
.
skenování skrytých souborů ...
.
.
c:\windows\TEMP\TMP0000001E4625F1EFCB1EC0F6 524288 bytes
c:\documents and settings\Pitrs\Data aplikací\Rwrcrt.exe 111616 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 2
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rwrcrt"="c:\\Documents and Settings\\Pitrs\\Data aplikací\\Rwrcrt.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-725345543-480258197-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CC391000-731C-3E36-117A-5349575064A4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jaecdocdeeneakladmln"=hex:62,61,61,6d,00,8c
"jaecdocdeeneakladmhn"=hex:62,61,70,6c,00,8c
"iaebnlhpmcckneehof"=hex:6b,61,68,6d,63,65,62,63,6f,6c,6e,62,67,68,6b,66,6b,67,
64,68,70,69,00,00
"hacbjnhhkglonjgo"=hex:6b,61,68,6d,63,65,62,63,6f,6c,6e,62,67,68,64,66,66,63,
6d,64,61,67,00,00
.
[HKEY_USERS\S-1-5-21-1715567821-725345543-480258197-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:45,2c,4c,48,82,d1,b3,13,ef,30,cf,58,2c,fd,3f,4f,6e,43,75,a3,c0,74,66,
e6,fe,97,93,5d,72,06,c8,53,f6,f9,30,a1,5b,7a,09,c0,90,48,c4,3a,73,de,13,c3,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1715567821-725345543-480258197-1003\Software\SecuROM\License information*]
"datasecu"=hex:ed,42,c8,80,8a,41,13,84,91,47,c2,10,b0,e7,a4,90,b2,e3,fa,1d,b4,
09,cc,cf,87,4d,65,a0,64,a5,83,87,70,e6,e7,63,84,ae,02,a2,3b,ba,a8,c1,db,c7,\
"rkeysecu"=hex:e8,65,76,1b,52,27,66,e4,6a,c4,25,29,54,1a,23,6a
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(4004)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Logishrd\Bluetooth\LBTServ.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\RTHDCPL.EXE
c:\program files\Logitech\SetPoint\LBTWiz.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2011-03-20 13:03:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-20 12:03
.
Před spuštěním: Volných bajtů: 377 092 562 944
Po spuštění: Volných bajtů: 380 287 500 288
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A7C00444E24FF2EB442F5735F1482A9E

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\documents and settings\Pitrs\Data aplikací\B.tmp
c:\documents and settings\Pitrs\Data aplikací\Cvrcre.exe
c:\windows\system32\drivers\SjyPkt.sys
c:\windows\TEMP\TMP0000001E4625F1EFCB1EC0F6
c:\documents and settings\Pitrs\Data aplikací\Rwrcrt.exe

Driver::
SjyPkt

Registry::
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Rwrcrt"=-

Regnull::
[HKEY_USERS\S-1-5-21-1715567821-725345543-480258197-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CC391000-731C-3E36-117A-5349575064A4}*]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[petruvak]

Paráda, povedlo se a vše běží. Díky moc.
Jdu objednat NOD32:-)

[Rudy]

Nemáte zač!