total zpomalene PC

[dokken]

zdravim, neni nejake jine cisteni? Kasperksy je moc pomaly, 5h to stalo na 2%...

[motji]

Je, ale AVPtool patří k těm nejlepším.
Tak jinak, co za vir Vám Avast hlásí a v kterých souborech? Stačí pár, at mám představu o co se jedná.

[dokken]

zdravim
tak free Avast nasel dva kousky, neumim vypreparovat z neho log, tak tady je screen:
http://img253.imageshack.us/img253/7278/avastscreen.png
wifi stale nejde, resp. snazi se pripojit na znamou sit, ale nikdy se nepripoji. Pokud to nebude nezbytne nutne, pripojeni na net bych neresil

a RSIT jeste posledni:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Racek at 2010-03-20 22:16:07
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 127 GB (53%) free of 239 GB
Total RAM: 511 MB (39% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe [2006-12-15 75520]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-03-27 24103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-24 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2
"O&O Defrag"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe

C:\Documents and Settings\Racek\Nabídka Start\Programy\Po spuštění
_uninst_setup_9.0.0.722_20.03.2010_12-47.exe.lnk - C:\Documents and Settings\Racek\Local Settings\temp\_uninst_setup_9.0.0.722_20.03.2010_12-47.exe.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-20 22:16:08 ----D---- C:\Program Files\trend micro
2010-03-20 22:16:07 ----D---- C:\rsit
2010-03-20 21:55:07 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-20 21:55:01 ----D---- C:\Program Files\Alwil Software
2010-03-20 17:20:07 ----D---- C:\Program Files\Belkin
2010-03-20 14:37:12 ----SHD---- C:\RECYCLER
2010-03-20 14:36:25 ----D---- C:\WINDOWS\temp
2010-03-20 02:27:11 ----D---- C:\WINDOWS\{9044EB87-7F7C-4801-9A35-1481E1017EAE}
2010-03-20 02:18:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-03-20 01:45:00 ----D---- C:\Documents and Settings\Racek\Data aplikací\Malwarebytes
2010-03-20 01:44:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-03-20 01:44:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-19 20:19:28 ----D---- C:\WINDOWS\WBEM
2010-03-19 20:19:27 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-19 20:17:44 ----HDC---- C:\WINDOWS\ie7
2010-03-19 20:17:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2010-03-19 20:16:06 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-03-19 20:14:31 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2010-03-19 20:14:11 ----N---- C:\WINDOWS\system32\xmllite.dll
2010-03-19 18:56:18 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-03-19 18:21:17 ----D---- C:\Documents and Settings\Racek\Data aplikací\ESET
2010-03-19 18:20:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-03-19 18:15:47 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-19 18:15:47 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-19 18:15:47 ----A---- C:\WINDOWS\system32\java.exe
2010-03-19 18:15:16 ----D---- C:\Program Files\Common Files\Java
2010-03-19 18:14:26 ----D---- C:\totalcmd
2010-03-19 18:07:45 ----A---- C:\WINDOWS\oodcnt.INI
2010-03-19 18:07:41 ----D---- C:\WINDOWS\system32\oodag
2010-03-19 18:04:59 ----D---- C:\Program Files\OO Software
2010-03-19 17:53:25 ----D---- C:\Program Files\CCleaner
2010-03-19 16:57:59 ----D---- C:\WINDOWS\ERDNT
2010-03-19 16:42:12 ----D---- C:\Program Files\Your Uninstaller 2004
2010-03-19 16:13:04 ----D---- C:\WINDOWS\{D9FAE986-A4C1-4A2D-8B20-60F92F4222AD}
2010-03-19 14:46:41 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2010-03-19 14:46:27 ----D---- C:\Program Files\Registry Mechanic
2010-03-19 14:43:57 ----D---- C:\Documents and Settings\Racek\Data aplikací\U3
2010-03-19 14:42:16 ----D---- C:\WINDOWS\pss
2010-03-07 20:00:54 ----D---- C:\Program Files\Alex Kočičák
2010-03-07 15:20:19 ----D---- C:\Program Files\Veselá kuřata
2010-03-05 18:20:06 ----D---- C:\Documents and Settings\Racek\Data aplikací\V-Games
2010-03-05 18:19:09 ----D---- C:\Program Files\Alenka 2 - Kouzelná země

======List of files/folders modified in the last 1 months======

2010-03-20 22:16:08 ----RD---- C:\Program Files
2010-03-20 22:14:47 ----HD---- C:\WINDOWS\Prefetch
2010-03-20 21:55:50 ----HD---- C:\WINDOWS\system32\CatRoot2
2010-03-20 21:55:25 ----HD---- C:\WINDOWS\system32\drivers
2010-03-20 21:55:18 ----SHD---- C:\WINDOWS\Installer
2010-03-20 21:55:16 ----HD---- C:\WINDOWS\WinSxS
2010-03-20 21:55:14 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-20 21:55:07 ----D---- C:\WINDOWS\system32
2010-03-20 21:53:07 ----D---- C:\WINDOWS
2010-03-20 20:36:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-20 17:57:28 ----HD---- C:\WINDOWS\inf
2010-03-20 17:55:25 ----HD---- C:\WINDOWS\system32\config
2010-03-20 17:50:05 ----AH---- C:\WINDOWS\WINCMD.INI
2010-03-20 17:49:09 ----D---- C:\Program Files\totalcmd
2010-03-20 17:20:31 ----HD---- C:\WINDOWS\system32\CatRoot
2010-03-20 17:17:59 ----HD---- C:\WINDOWS\Debug
2010-03-20 17:01:25 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-20 14:39:17 ----SHD---- C:\System Volume Information
2010-03-20 14:39:17 ----HD---- C:\WINDOWS\system32\Restore
2010-03-20 14:32:21 ----A---- C:\WINDOWS\system.ini
2010-03-20 14:28:45 ----HD---- C:\WINDOWS\AppPatch
2010-03-20 14:28:38 ----D---- C:\Program Files\Common Files
2010-03-20 02:51:42 ----D---- C:\WINDOWS\v8120
2010-03-20 02:51:30 ----D---- C:\WINDOWS\v8200
2010-03-20 02:48:52 ----HD---- C:\WINDOWS\EHome
2010-03-20 02:48:51 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-03-20 02:48:51 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-03-20 02:48:50 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2010-03-20 02:48:48 ----HDC---- C:\WINDOWS\$NtUninstallKB929338$
2010-03-20 02:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2010-03-20 02:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2010-03-20 02:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2010-03-20 02:48:46 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2010-03-20 02:48:46 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2010-03-20 02:48:35 ----D---- C:\Program Files\Windows NT
2010-03-20 02:48:34 ----D---- C:\Program Files\Windows Media Player
2010-03-20 02:48:33 ----D---- C:\Program Files\Windows Media Connect 2
2010-03-20 02:48:33 ----D---- C:\Program Files\Winamp
2010-03-20 02:48:15 ----SD---- C:\WINDOWS\Tasks
2010-03-20 02:48:12 ----D---- C:\Program Files\Gutterball 2
2010-03-20 02:48:10 ----D---- C:\Program Files\AvRack
2010-03-20 02:14:32 ----HD---- C:\WINDOWS\Config
2010-03-20 02:03:49 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-03-20 01:16:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-20 00:40:52 ----ASH---- C:\boot.ini
2010-03-19 22:31:40 ----D---- C:\Documents and Settings\Racek\Data aplikací\Skype
2010-03-19 20:23:31 ----HD---- C:\WINDOWS\Help
2010-03-19 20:23:31 ----D---- C:\Program Files\Internet Explorer
2010-03-19 20:19:19 ----HD---- C:\WINDOWS\Media
2010-03-19 20:14:17 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-19 19:49:03 ----D---- C:\BORDEL
2010-03-19 18:15:47 ----D---- C:\Program Files\Java
2010-03-19 17:06:41 ----SD---- C:\Documents and Settings\Racek\Data aplikací\Microsoft
2010-03-19 16:15:14 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-03-19 15:55:25 ----D---- C:\Documents and Settings
2010-03-17 20:59:18 ----D---- C:\Documents and Settings\Racek\Data aplikací\skypePM
2010-02-27 17:49:41 ----AH---- C:\WINDOWS\NeroDigital.ini
2010-02-27 17:49:24 ----A---- C:\WINDOWS\M3JPEG.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 BLKWGU(Belkin);Belkin Wireless G USB Network Adapter(Belkin); C:\WINDOWS\system32\DRIVERS\BLKWGU.sys [2005-11-09 402944]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\Racek\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-01-21 118656]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 ute4nja4;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\ute4nja4.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-24 17664]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-01 691696]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2010-02-13 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2010-02-13 14336]
S4 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
S4 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2008-10-15 439632]

-----------------EOF-----------------

[motji]

jo jinak cerstvej avast ukazuje stovky infikovanejch souboru

A to bylo co?

Ovladač na wifi jste přeinstaloval?
Jak to ted vypadá s počítačem?

[dokken]

Neco kolem 300 infikovanejch souboru ukazal Avast vcera vecer. Dnes jsem delal psi kusy s snecim Kasperskym, spoustel ho i v nouzaku, pak jsem to vzdal a odinstalovat. Projel jsem PC Cleanerem, T-cleanerem a TFC. Po vycisteni a restartu, jsem opet nainstoval dnes novy cerstvy free Avast a dal rychly scan. Vysledek - pouze dva nalezy.

Co se tyce usb wifi, tak je to Belkin a uz jsem mel drive s timto potize, musel jsem najit presne verzi ovladace, nebot existuji 4...stalo se mi to uz jednou na laptopu...breberkama to neni, jen se nekdy velice dlouho pripojuje na sit, obzvlast kdyz je sifrovani WEP2.

Jinak je PC rychle jako sip, bez problemu...

[motji]

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

Uděláme pro jistotu ještě sken na rootkity?

[dokken]

tak tady je posledni log, muzete dat odkaz na rootkit killer? ))
Logfile of random's system information tool 1.06 (written by random/random)
Run by Racek at 2010-03-20 22:53:01
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 127 GB (53%) free of 239 GB
Total RAM: 511 MB (46% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe [2006-12-15 75520]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-03-27 24103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-24 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2
"O&O Defrag"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe

C:\Documents and Settings\Racek\Nabídka Start\Programy\Po spuštění
_uninst_setup_9.0.0.722_20.03.2010_12-47.exe.lnk - C:\Documents and Settings\Racek\Local Settings\temp\_uninst_setup_9.0.0.722_20.03.2010_12-47.exe.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-20 22:53:01 ----D---- C:\rsit
2010-03-20 22:16:08 ----D---- C:\Program Files\trend micro
2010-03-20 21:55:07 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-20 21:55:01 ----D---- C:\Program Files\Alwil Software
2010-03-20 17:20:07 ----D---- C:\Program Files\Belkin
2010-03-20 14:37:12 ----SHD---- C:\RECYCLER
2010-03-20 14:36:25 ----D---- C:\WINDOWS\temp
2010-03-20 02:27:11 ----D---- C:\WINDOWS\{9044EB87-7F7C-4801-9A35-1481E1017EAE}
2010-03-20 02:18:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-03-20 01:45:00 ----D---- C:\Documents and Settings\Racek\Data aplikací\Malwarebytes
2010-03-20 01:44:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-03-20 01:44:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-19 20:19:28 ----D---- C:\WINDOWS\WBEM
2010-03-19 20:19:27 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-19 20:17:44 ----HDC---- C:\WINDOWS\ie7
2010-03-19 20:17:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2010-03-19 20:16:06 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-03-19 20:14:31 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2010-03-19 20:14:11 ----N---- C:\WINDOWS\system32\xmllite.dll
2010-03-19 18:56:18 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-03-19 18:21:17 ----D---- C:\Documents and Settings\Racek\Data aplikací\ESET
2010-03-19 18:20:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-03-19 18:15:47 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-19 18:15:47 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-19 18:15:47 ----A---- C:\WINDOWS\system32\java.exe
2010-03-19 18:15:16 ----D---- C:\Program Files\Common Files\Java
2010-03-19 18:14:26 ----D---- C:\totalcmd
2010-03-19 18:07:45 ----A---- C:\WINDOWS\oodcnt.INI
2010-03-19 18:07:41 ----D---- C:\WINDOWS\system32\oodag
2010-03-19 18:04:59 ----D---- C:\Program Files\OO Software
2010-03-19 17:53:25 ----D---- C:\Program Files\CCleaner
2010-03-19 16:57:59 ----D---- C:\WINDOWS\ERDNT
2010-03-19 16:42:12 ----D---- C:\Program Files\Your Uninstaller 2004
2010-03-19 16:13:04 ----D---- C:\WINDOWS\{D9FAE986-A4C1-4A2D-8B20-60F92F4222AD}
2010-03-19 14:46:41 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2010-03-19 14:46:27 ----D---- C:\Program Files\Registry Mechanic
2010-03-19 14:43:57 ----D---- C:\Documents and Settings\Racek\Data aplikací\U3
2010-03-19 14:42:16 ----D---- C:\WINDOWS\pss
2010-03-07 20:00:54 ----D---- C:\Program Files\Alex Kočičák
2010-03-07 15:20:19 ----D---- C:\Program Files\Veselá kuřata
2010-03-05 18:20:06 ----D---- C:\Documents and Settings\Racek\Data aplikací\V-Games
2010-03-05 18:19:09 ----D---- C:\Program Files\Alenka 2 - Kouzelná země

======List of files/folders modified in the last 1 months======

2010-03-20 22:52:47 ----HD---- C:\WINDOWS\system32\CatRoot2
2010-03-20 22:52:12 ----D---- C:\WINDOWS
2010-03-20 22:50:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-20 22:49:48 ----HD---- C:\WINDOWS\Prefetch
2010-03-20 22:42:55 ----AH---- C:\WINDOWS\WINCMD.INI
2010-03-20 22:16:08 ----RD---- C:\Program Files
2010-03-20 21:55:25 ----HD---- C:\WINDOWS\system32\drivers
2010-03-20 21:55:18 ----SHD---- C:\WINDOWS\Installer
2010-03-20 21:55:16 ----HD---- C:\WINDOWS\WinSxS
2010-03-20 21:55:14 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-20 21:55:07 ----D---- C:\WINDOWS\system32
2010-03-20 17:57:28 ----HD---- C:\WINDOWS\inf
2010-03-20 17:55:25 ----HD---- C:\WINDOWS\system32\config
2010-03-20 17:49:09 ----D---- C:\Program Files\totalcmd
2010-03-20 17:20:31 ----HD---- C:\WINDOWS\system32\CatRoot
2010-03-20 17:17:59 ----HD---- C:\WINDOWS\Debug
2010-03-20 17:01:25 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-20 14:39:17 ----SHD---- C:\System Volume Information
2010-03-20 14:39:17 ----HD---- C:\WINDOWS\system32\Restore
2010-03-20 14:32:21 ----A---- C:\WINDOWS\system.ini
2010-03-20 14:28:45 ----HD---- C:\WINDOWS\AppPatch
2010-03-20 14:28:38 ----D---- C:\Program Files\Common Files
2010-03-20 02:51:42 ----D---- C:\WINDOWS\v8120
2010-03-20 02:51:30 ----D---- C:\WINDOWS\v8200
2010-03-20 02:48:52 ----HD---- C:\WINDOWS\EHome
2010-03-20 02:48:51 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-03-20 02:48:51 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-03-20 02:48:50 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2010-03-20 02:48:48 ----HDC---- C:\WINDOWS\$NtUninstallKB929338$
2010-03-20 02:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2010-03-20 02:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2010-03-20 02:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2010-03-20 02:48:46 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2010-03-20 02:48:46 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2010-03-20 02:48:35 ----D---- C:\Program Files\Windows NT
2010-03-20 02:48:34 ----D---- C:\Program Files\Windows Media Player
2010-03-20 02:48:33 ----D---- C:\Program Files\Windows Media Connect 2
2010-03-20 02:48:33 ----D---- C:\Program Files\Winamp
2010-03-20 02:48:15 ----SD---- C:\WINDOWS\Tasks
2010-03-20 02:48:12 ----D---- C:\Program Files\Gutterball 2
2010-03-20 02:48:10 ----D---- C:\Program Files\AvRack
2010-03-20 02:14:32 ----HD---- C:\WINDOWS\Config
2010-03-20 02:03:49 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-03-20 01:16:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-20 00:40:52 ----ASH---- C:\boot.ini
2010-03-19 22:31:40 ----D---- C:\Documents and Settings\Racek\Data aplikací\Skype
2010-03-19 20:23:31 ----HD---- C:\WINDOWS\Help
2010-03-19 20:23:31 ----D---- C:\Program Files\Internet Explorer
2010-03-19 20:19:19 ----HD---- C:\WINDOWS\Media
2010-03-19 20:14:17 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-19 19:49:03 ----D---- C:\BORDEL
2010-03-19 18:15:47 ----D---- C:\Program Files\Java
2010-03-19 17:06:41 ----SD---- C:\Documents and Settings\Racek\Data aplikací\Microsoft
2010-03-19 16:15:14 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-03-19 15:55:25 ----D---- C:\Documents and Settings
2010-03-17 20:59:18 ----D---- C:\Documents and Settings\Racek\Data aplikací\skypePM
2010-02-27 17:49:41 ----AH---- C:\WINDOWS\NeroDigital.ini
2010-02-27 17:49:24 ----A---- C:\WINDOWS\M3JPEG.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 BLKWGU(Belkin);Belkin Wireless G USB Network Adapter(Belkin); C:\WINDOWS\system32\DRIVERS\BLKWGU.sys [2005-11-09 402944]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-01-21 118656]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 ute4nja4;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\ute4nja4.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-24 17664]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-01 691696]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2010-02-13 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2010-02-13 14336]
S4 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
S4 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2008-10-15 439632]

-----------------EOF-----------------

[motji]

rootkit killer? Myslíte GMer?

Pokud používáte Daemon nebo alcohol, udělejte před Gmerem tohle:


odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer



-----------------
A Gmer

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde

[dokken]

porad ta 2 faze Gmeru scanuje

[motji]

Někdy to trvá déle

[dokken]

gmer
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-20 23:05:00
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Racek\LOCALS~1\Temp\ugwiikob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xBAE364FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xBAE36322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xBAE3645C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----


gmer2
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-20 23:53:48
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Racek\LOCALS~1\Temp\ugwiikob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xBAE29C56]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xBAE29B12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xBAE2A0C6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xBAE29FF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xBAE296E8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xBAE29BEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xBAE29628]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xBAE2968C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xBAE29D0C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xBAE2A194]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xBAE29CCC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xBAE29E4C]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xBAE364FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xBAE36322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xBAE3645C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 15C 804E27B8 4 Bytes CALL 8F090A53
PAGE ntoskrnl.exe!ObInsertObject 805643A3 5 Bytes JMP BAE33972 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 8056461B 7 Bytes JMP BAE36326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80581E82 7 Bytes JMP BAE36502 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A10B2 5 Bytes JMP BAE324BA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A407A 7 Bytes JMP BAE36460 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[536] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002
IAT C:\WINDOWS\system32\services.exe[536] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b107a1f0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x93 0xB3 0x2C 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF7 0x23 0x82 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x06 0x98 0xF2 0x35 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x99 0x5D 0xC6 0xB4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA3 0x3B 0xCF 0xFB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x93 0xAC 0x21 0x1F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF5 0xA9 0x2F 0x42 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0011b107a1f0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x93 0xB3 0x2C 0x09 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF7 0x23 0x82 0x43 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x06 0x98 0xF2 0x35 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x99 0x5D 0xC6 0xB4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA3 0x3B 0xCF 0xFB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x93 0xAC 0x21 0x1F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF5 0xA9 0x2F 0x42 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 1ED7CFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74CBA7FD869164D6794B7E9A941A52A203933918841F36C98B49E12AF837C8842767E6AFA62E0862773ABED5A4E0F6AEBAC6B7C2EBB76768CE0D5C4ED1E1FF5F7CE12202D6D08A0EF8BDCF3624959023D6061AC051A647EB9BC61C0F8D1725E1D40ADCACFB3646D28C1EE2C4BB1A8A7157CBFC4465177FC5BBB11BA572F62984AA165D1D37D38C465F5DB4D15A9B356A00C036B9E807AADDE3006E901EB72C1C733A19B1FB9DA45EF71EF903279454AC8FEFE4BAB66CE0E6754388963E0B53A97939D950C78B54EC35CCBB3098ABC87A5A7571384E56862CA42F158DE8AD6A56DCA6830E872C7869245637875EC8FD3843E85F5AE08CFB0157B529B480A926CAEC066E0F77FA357BF9F80A4C6D2C0B668DD592A28F721C583644C1B6924BAB9F8C2CF9E6F1E6DEBE3C1BF013F94EF820507F3E95F068B2F89C5A5217F4234FE1B0230E7787062B6CC65925D17AA4AC6C59B4AF4B9265441CB4BF97EBA71F66F1915673C313CCEED7829BC887735925AC5E3268C0DEF54122706B70740E0920429F42821AB6C95081F8FD65A0178A0D6580AA678A81F777EA96922102AE7A6F7B7FEFB9E6E0CAB4525FE4FAB4658E09A839F3C82C995B

---- EOF - GMER 1.0.15 ----


mbr
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

[motji]

Mbr.exe musíte spustit jinak, jak jsme psala - start - spustit a do přik. řádku napsat ten text.
Gmer vypadá v pořádku. Já už dnes končím, zítra projdu pořádně ten log ze Rsitu

[dokken]

ok, dekuju za vas cas...brou

[motji]

Log z toho Mbr.exe, spuštěného zpřík. řádku, by byl?

Otevřete si Poznámkový blok a zkopírujte do něj text

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]

 

-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.

můžete se prosím podívat, co je v této složce?
C:\WINDOWS\{9044EB87-7F7C-4801-9A35-1481E1017EAE}

[dokken]

bre ranko ))

log z mbr mi po zadani do radku vypada stale stejny, jako v minule odpovedi
ta slozka ve windows obsahovala neco k usb wifi tak jsem to smaznul jako odpad
RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Racek at 2010-03-21 10:49:10
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 127 GB (53%) free of 239 GB
Total RAM: 511 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:27, on 21.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Documents and Settings\Racek\Plocha\RSIT.exe
G:\1_FIRST_ATTACK\Racek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{782162F7-3366-4B2C-916B-037F1C78E488}: NameServer = 10.1.1.1,82.100.17.161
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4888 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe [2006-12-15 75520]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-03-27 24103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-24 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2
"O&O Defrag"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-20 22:53:01 ----D---- C:\rsit
2010-03-20 22:16:08 ----D---- C:\Program Files\trend micro
2010-03-20 21:55:07 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-20 21:55:01 ----D---- C:\Program Files\Alwil Software
2010-03-20 17:20:07 ----D---- C:\Program Files\Belkin
2010-03-20 14:37:12 ----SHD---- C:\RECYCLER
2010-03-20 14:36:25 ----D---- C:\WINDOWS\temp
2010-03-20 02:18:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-03-20 01:45:00 ----D---- C:\Documents and Settings\Racek\Data aplikací\Malwarebytes
2010-03-20 01:44:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-03-20 01:44:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-19 20:19:28 ----D---- C:\WINDOWS\WBEM
2010-03-19 20:19:27 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-19 20:17:44 ----HDC---- C:\WINDOWS\ie7
2010-03-19 20:17:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2010-03-19 20:16:06 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-03-19 20:14:31 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2010-03-19 20:14:11 ----N---- C:\WINDOWS\system32\xmllite.dll
2010-03-19 18:56:18 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-03-19 18:21:17 ----D---- C:\Documents and Settings\Racek\Data aplikací\ESET
2010-03-19 18:20:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-03-19 18:15:47 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-19 18:15:47 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-19 18:15:47 ----A---- C:\WINDOWS\system32\java.exe
2010-03-19 18:15:16 ----D---- C:\Program Files\Common Files\Java
2010-03-19 18:14:26 ----D---- C:\totalcmd
2010-03-19 18:07:45 ----A---- C:\WINDOWS\oodcnt.INI
2010-03-19 18:07:41 ----D---- C:\WINDOWS\system32\oodag
2010-03-19 18:04:59 ----D---- C:\Program Files\OO Software
2010-03-19 17:53:25 ----D---- C:\Program Files\CCleaner
2010-03-19 16:57:59 ----D---- C:\WINDOWS\ERDNT
2010-03-19 16:42:12 ----D---- C:\Program Files\Your Uninstaller 2004
2010-03-19 14:46:41 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2010-03-19 14:46:27 ----D---- C:\Program Files\Registry Mechanic
2010-03-19 14:43:57 ----D---- C:\Documents and Settings\Racek\Data aplikací\U3
2010-03-19 14:42:16 ----D---- C:\WINDOWS\pss
2010-03-07 20:00:54 ----D---- C:\Program Files\Alex Kočičák
2010-03-07 15:20:19 ----D---- C:\Program Files\Veselá kuřata
2010-03-05 18:20:06 ----D---- C:\Documents and Settings\Racek\Data aplikací\V-Games
2010-03-05 18:19:09 ----D---- C:\Program Files\Alenka 2 - Kouzelná země

======List of files/folders modified in the last 1 months======

2010-03-21 10:48:32 ----AH---- C:\WINDOWS\WINCMD.INI
2010-03-21 10:40:09 ----D---- C:\WINDOWS\Downloaded Installations
2010-03-21 10:39:53 ----D---- C:\WINDOWS
2010-03-21 10:37:53 ----HD---- C:\WINDOWS\Prefetch
2010-03-21 10:35:57 ----HD---- C:\WINDOWS\system32\CatRoot2
2010-03-21 10:35:55 ----HD---- C:\WINDOWS\inf
2010-03-21 00:53:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-20 22:16:08 ----RD---- C:\Program Files
2010-03-20 21:55:25 ----HD---- C:\WINDOWS\system32\drivers
2010-03-20 21:55:18 ----SHD---- C:\WINDOWS\Installer
2010-03-20 21:55:16 ----HD---- C:\WINDOWS\WinSxS
2010-03-20 21:55:14 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-20 21:55:07 ----D---- C:\WINDOWS\system32
2010-03-20 17:55:25 ----HD---- C:\WINDOWS\system32\config
2010-03-20 17:49:09 ----D---- C:\Program Files\totalcmd
2010-03-20 17:20:31 ----HD---- C:\WINDOWS\system32\CatRoot
2010-03-20 17:17:59 ----HD---- C:\WINDOWS\Debug
2010-03-20 17:01:25 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-20 14:39:17 ----SHD---- C:\System Volume Information
2010-03-20 14:39:17 ----HD---- C:\WINDOWS\system32\Restore
2010-03-20 14:32:21 ----A---- C:\WINDOWS\system.ini
2010-03-20 14:28:45 ----HD---- C:\WINDOWS\AppPatch
2010-03-20 14:28:38 ----D---- C:\Program Files\Common Files
2010-03-20 02:51:42 ----D---- C:\WINDOWS\v8120
2010-03-20 02:51:30 ----D---- C:\WINDOWS\v8200
2010-03-20 02:48:52 ----HD---- C:\WINDOWS\EHome
2010-03-20 02:48:51 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-03-20 02:48:51 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-03-20 02:48:50 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2010-03-20 02:48:48 ----HDC---- C:\WINDOWS\$NtUninstallKB929338$
2010-03-20 02:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2010-03-20 02:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2010-03-20 02:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2010-03-20 02:48:46 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2010-03-20 02:48:46 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2010-03-20 02:48:35 ----D---- C:\Program Files\Windows NT
2010-03-20 02:48:34 ----D---- C:\Program Files\Windows Media Player
2010-03-20 02:48:33 ----D---- C:\Program Files\Windows Media Connect 2
2010-03-20 02:48:33 ----D---- C:\Program Files\Winamp
2010-03-20 02:48:15 ----SD---- C:\WINDOWS\Tasks
2010-03-20 02:48:12 ----D---- C:\Program Files\Gutterball 2
2010-03-20 02:48:10 ----D---- C:\Program Files\AvRack
2010-03-20 02:14:32 ----HD---- C:\WINDOWS\Config
2010-03-20 02:03:49 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-03-20 01:16:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-20 00:40:52 ----ASH---- C:\boot.ini
2010-03-19 22:31:40 ----D---- C:\Documents and Settings\Racek\Data aplikací\Skype
2010-03-19 20:23:31 ----HD---- C:\WINDOWS\Help
2010-03-19 20:23:31 ----D---- C:\Program Files\Internet Explorer
2010-03-19 20:19:19 ----HD---- C:\WINDOWS\Media
2010-03-19 20:14:17 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-19 19:49:03 ----D---- C:\BORDEL
2010-03-19 18:15:47 ----D---- C:\Program Files\Java
2010-03-19 17:06:41 ----SD---- C:\Documents and Settings\Racek\Data aplikací\Microsoft
2010-03-19 16:15:14 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-03-19 15:55:25 ----D---- C:\Documents and Settings
2010-03-17 20:59:18 ----D---- C:\Documents and Settings\Racek\Data aplikací\skypePM
2010-02-27 17:49:41 ----AH---- C:\WINDOWS\NeroDigital.ini
2010-02-27 17:49:24 ----A---- C:\WINDOWS\M3JPEG.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 BLKWGU(Belkin);Belkin Wireless G USB Network Adapter(Belkin); C:\WINDOWS\system32\DRIVERS\BLKWGU.sys [2005-11-09 402944]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 mbr;mbr; \??\C:\DOCUME~1\Racek\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-01-21 118656]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 ute4nja4;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\ute4nja4.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-24 17664]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-01 691696]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2010-02-13 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2010-02-13 14336]
S4 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
S4 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2008-10-15 439632]

-----------------EOF-----------------

edit

kamarad si to jiz dnes odpo musi odvezt, da se rict, ze je to uz OK?