VIRY.CZ

ComboFix 12-06-27.01 - PC 27.06.2012 18:24:35.20.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.511.265 [GMT 2:00]
Running from: c:\documents and settings\PC\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\PC\Application Data\Dealio
c:\documents and settings\PC\Application Data\Dealio\res\widgets.xml
c:\documents and settings\PC\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN]&lngid=[LANG_ID].xml
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\IE\5.9\config.ini
c:\program files\Dealio Toolbar\IE\5.9\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\facebook.gif
c:\program files\Dealio Toolbar\Res\googleplus.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\Lang\res1031.ini
c:\program files\Dealio Toolbar\Res\Lang\res1033.ini
c:\program files\Dealio Toolbar\Res\Lang\res1034.ini
c:\program files\Dealio Toolbar\Res\Lang\res1036.ini
c:\program files\Dealio Toolbar\Res\Lang\res1040.ini
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\radio-close.gif
c:\program files\Dealio Toolbar\Res\radio-minimize.gif
c:\program files\Dealio Toolbar\Res\radiobeta.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_baidu.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\search_yandex.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\twitter.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\MUI\041b\tourstart.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 15:52 . 2012-06-27 15:53 -------- d-----w- C:\rsit
2012-06-22 15:16 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 13:19 . 2007-06-19 15:30 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2007-06-19 15:30 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2005-04-21 17:37 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2005-04-21 17:37 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2005-04-21 17:37 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-06-19 15:30 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2005-05-26 02:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2005-04-21 17:37 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2005-04-21 12:15 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2002-12-31 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-06-19 15:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2005-04-21 12:15 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2005-04-21 17:37 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2009-06-10 18:35 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2009-06-10 18:35 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2008-10-16 12:07 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2002-12-31 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2002-12-31 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2002-12-31 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2002-12-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2002-12-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2002-12-31 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2002-12-31 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2005-04-21 17:34 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-13 16:40 . 2012-04-13 16:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-13 16:40 . 2010-09-05 08:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-06-13 1088904]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 86016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2002-12-31 208952]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-12-31 455168]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-12-31 455168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13.4.2012 19:03 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.4.2012 19:03 337880]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [13.6.2012 17:27 792512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.4.2012 19:03 20696]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.4.2012 19:04 136176]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys --> c:\windows\system32\DRIVERS\CnxTgNP.sys [?]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.4.2012 19:04 136176]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [11.5.2005 13:12 52384]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 17:03]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 17:03]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-746137067-1343024091-1003Core.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-18 09:54]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-746137067-1343024091-1003UA.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-18 09:54]
.
2011-11-17 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2011-11-17 17:38]
.
2012-06-27 c:\windows\Tasks\User_Feed_Synchronization-{3787E3B6-A63D-4AB9-9BDF-14E7911B7292}.job
- c:\windows\system32\msfeedssync.exe [2009-09-04 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 85.237.225.250 213.151.200.30 213.151.208.161 213.151.200.31 213.151.208.162
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {22371112-FFB4-471E-A2F3-626B864780EE} - hxxp://www.citrid.sk/plugin/MaeCi3D.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Acrobat Reader 3.01 - c:\acrobat3\Reader\DeIsL1.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-27 18:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-06-27 18:43:50
ComboFix-quarantined-files.txt 2012-06-27 16:43
.
Pre-Run: 3 720 970 240 bytes free
Post-Run: 3 724 066 816 voľných bajtov
.
- - End Of File - - 6AFE72D638AC66593E4B9B573D8EAC40

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\Common Files\Spigot

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-746137067-1343024091-1003Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-746137067-1343024091-1003UA.job

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.
Obrázek

toto vybehlo z kombofixu,,,,,len pre kontrolu či všetko vymazalo

ComboFix 12-07-02.01 - PC 03.07.2012 21:47:04.21.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.511.263 [GMT 2:00]
Running from: c:\documents and settings\PC\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\PC\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-746137067-1343024091-1003Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-746137067-1343024091-1003UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\wth.dll
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ie.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-06-27 15:52 . 2012-06-27 15:53 -------- d-----w- C:\rsit
2012-06-22 15:16 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 13:19 . 2007-06-19 15:30 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2007-06-19 15:30 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2005-04-21 17:37 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2005-04-21 17:37 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2005-04-21 17:37 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-06-19 15:30 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2005-05-26 02:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2005-04-21 17:37 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2005-04-21 12:15 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2002-12-31 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-06-19 15:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2005-04-21 12:15 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2005-04-21 17:37 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2009-06-10 18:35 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2009-06-10 18:35 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2008-10-16 12:07 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2002-12-31 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2002-12-31 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2002-12-31 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2002-12-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2002-12-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2002-12-31 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2002-12-31 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2005-04-21 17:34 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-13 16:40 . 2012-04-13 16:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-13 16:40 . 2010-09-05 08:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-27_16.38.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\Installer\6c732.msi
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\Installer\{900670CC-C89D-4CFE-A1A0-01D536DD9665}\ARPPRODUCTICON.exe
+ 2012-07-03 20:00 . 2012-07-03 20:00 16384 c:\windows\temp\Perflib_Perfdata_428.dat
+ 2012-07-03 20:06 . 2012-07-03 20:06 4982360 c:\windows\temp\DealioToolbar.exe
- 2012-06-27 15:04 . 2012-06-27 15:04 1369600 c:\windows\Installer\6c732.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}"= "c:\program files\Dealio Toolbar\IE\6.0\dealioToolbarIE.dll" [2012-06-27 1207176]
.
[HKEY_CLASSES_ROOT\clsid\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
2012-06-27 15:11 1207176 ----a-w- c:\program files\Dealio Toolbar\IE\6.0\dealioToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}"= "c:\program files\Dealio Toolbar\IE\6.0\dealioToolbarIE.dll" [2012-06-27 1207176]
.
[HKEY_CLASSES_ROOT\clsid\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 86016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2002-12-31 208952]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-12-31 455168]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-12-31 455168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-06-27 1090440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13.4.2012 19:03 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.4.2012 19:03 337880]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [27.6.2012 17:01 791488]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.4.2012 19:03 20696]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.4.2012 19:04 136176]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys --> c:\windows\system32\DRIVERS\CnxTgNP.sys [?]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.4.2012 19:04 136176]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [11.5.2005 13:12 52384]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - APPLICATION_UPDATER
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 17:03]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 17:03]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-746137067-1343024091-1003Core.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-18 09:54]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-746137067-1343024091-1003UA.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-18 09:54]
.
2011-11-17 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2011-11-17 17:38]
.
2012-07-03 c:\windows\Tasks\User_Feed_Synchronization-{3787E3B6-A63D-4AB9-9BDF-14E7911B7292}.job
- c:\windows\system32\msfeedssync.exe [2009-09-04 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 85.237.225.250 213.151.200.30 213.151.208.161 213.151.200.31 213.151.208.162
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {22371112-FFB4-471E-A2F3-626B864780EE} - hxxp://www.citrid.sk/plugin/MaeCi3D.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-<NO NAME> - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-03 22:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1580)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Spigot\Search Settings\wth.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
d:\java\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2012-07-03 22:11:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-03 20:11
ComboFix2.txt 2012-06-27 16:43
.
Pre-Run: 3 412 799 488 bytes free
Post-Run: 3 353 595 904 voľných bajtov
.
- - End Of File - - 43F5E8CD1A64E95E98F87DE00FC976DA

Ano, vše bylo smazáno.

No PC ide oveľa lepšie ...... mohli by sme použiť Combofix aj na vyčistenie druhého PC....možnože to pomôže

CF použít můžeme, bude-li třeba, ale nejprve bych chtěl vidět log RSIT z onoho PC.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-07-05 12:25:59
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (45%) free of 20 GB
Total RAM: 511 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:26:16, on 5.7.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
D:\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\RSIT (1).exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EDD9947-FF95-4D7A-9B99-1B6CE6EB1C27}: NameServer = 213.151.200.31 213.151.208.162
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe (file missing)

--
End of file - 6501 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-06-18 329480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-06-18 59144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-06-18 79624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=D:\QuickTime\qttask.exe [2007-10-19 286720]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-06 4241512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
D:\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 954368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OBSWATCH]
C:\PROGRA~1\OrangeBs\Watch.exe [2005-09-07 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\QuickTime\qttask.exe [2007-10-19 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-03-14 16010752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
D:\FINEPI~1\QUICKD~1.EXE [2007-01-30 303104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-12-11 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avasdmft]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avas_service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avss_service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\gozer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdifw]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpavdrw_service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpmgma_service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpsec]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDrives"=0
"NoInstrumentation"=1
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE"
"D:\SopCast\SopCast.exe"="D:\SopCast\SopCast.exe:*:Disabled:SopCast Main Application"
"D:\SopCast\adv\SopAdver.exe"="D:\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.divxa32"=msaud32_divx.acm

======List of files/folders created in the last 1 month======

2012-07-05 12:14:39 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2012-07-05 12:14:39 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-07-05 12:14:38 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-07-05 12:14:38 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-07-05 12:14:37 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2012-07-05 12:14:37 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-07-05 12:14:37 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2012-07-05 12:14:36 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-07-05 12:13:49 ----A---- C:\WINDOWS\avastSS.scr
2012-07-05 12:13:48 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-06-18 12:44:27 ----A---- C:\WINDOWS\system32\npdeployJava1.dll
2012-06-18 12:44:27 ----A---- C:\WINDOWS\system32\javaws.exe
2012-06-18 12:44:27 ----A---- C:\WINDOWS\system32\javaw.exe
2012-06-18 12:44:27 ----A---- C:\WINDOWS\system32\java.exe
2012-06-18 12:44:07 ----D---- C:\Program Files\Java
2012-06-14 23:18:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2707511$
2012-06-14 23:14:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2699988$
2012-06-14 23:11:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2685939$
2012-06-14 23:06:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2709162$
2012-06-07 06:46:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2718704$

======List of files/folders modified in the last 1 month======

2012-07-05 12:26:08 ----D---- C:\Program Files\trend micro
2012-07-05 12:26:05 ----D---- C:\WINDOWS\Prefetch
2012-07-05 12:24:31 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2012-07-05 12:24:06 ----D---- C:\WINDOWS\temp
2012-07-05 12:14:39 ----D---- C:\WINDOWS\system32\drivers
2012-07-05 12:14:30 ----SHD---- C:\WINDOWS\Installer
2012-07-05 12:14:28 ----D---- C:\WINDOWS\WinSxS
2012-07-05 12:13:49 ----D---- C:\WINDOWS
2012-07-05 12:13:48 ----D---- C:\WINDOWS\system32
2012-07-05 12:13:28 ----D---- C:\Program Files\AVAST Software
2012-07-05 12:13:28 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2012-07-05 12:06:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-06-27 09:24:39 ----D---- C:\WINDOWS\system32\dllcache
2012-06-27 09:24:34 ----D---- C:\WINDOWS\system32\CatRoot2
2012-06-26 10:10:07 ----HD---- C:\WINDOWS\inf
2012-06-26 10:10:04 ----D---- C:\WINDOWS\Help
2012-06-24 14:19:31 ----D---- C:\WINDOWS\Debug
2012-06-18 12:44:12 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-06-18 12:44:07 ----RD---- C:\Program Files
2012-06-15 13:53:46 ----RSD---- C:\WINDOWS\assembly
2012-06-15 13:51:53 ----D---- C:\WINDOWS\Microsoft.NET
2012-06-15 13:19:37 ----D---- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2012-06-14 23:18:22 ----HD---- C:\WINDOWS\$hf_mig$
2012-06-14 23:17:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-06-14 23:11:37 ----A---- C:\WINDOWS\system32\MRT.exe
2012-06-12 16:17:06 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-12-18 420920]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-03-06 24920]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-03-06 35672]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-03-06 337880]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-03-06 53848]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-03-06 20696]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-03-06 95704]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-02-18 62336]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-12-11 1414656]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-02-18 138752]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-05-26 100992]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-16 4249088]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-03-06 612184]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ae13v6vv;ae13v6vv; C:\WINDOWS\system32\drivers\ae13v6vv.sys []
S3 ar9hgpsi;ar9hgpsi; C:\WINDOWS\system32\drivers\ar9hgpsi.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GTFFBUS;GT FF BUS; C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2006-01-25 16000]
S3 GTMMDMUSB;GT M 3G+ USB MDM; C:\WINDOWS\system32\DRIVERS\gtmmdmusb.sys [2006-02-01 25472]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS; C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2006-02-01 102784]
S3 GTMSERUSB;GT M 3G+ USB SER; C:\WINDOWS\system32\DRIVERS\gtmserusb.sys [2006-02-01 21760]
S3 GTPTSER;GT PT SER; C:\WINDOWS\system32\DRIVERS\gtptser.sys [2006-01-25 8064]
S3 GTSCSER;GT SC SER; C:\WINDOWS\system32\DRIVERS\gtscser.sys [2005-12-09 19328]
S3 GtVUsb;GlobeTrotter 3G+ Viper Filter Service; C:\WINDOWS\system32\DRIVERS\GtVUsb.sys [2005-12-22 5120]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-10-18 241152]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-06 44768]
R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-06-10 40960]
R2 GtFlashSwitch;GtFlashSwitch; C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 176128]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-06-18 153352]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 StarWindServiceAE;StarWind AE Service; D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-12-11 393216]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Log vypadá OK. Zkuste nejprve PC vyčistit CCleanerem: http://forum.viry.cz/viewtopic.php?f=46&t=7478 a defragmentovat disk. Tento PC vzhledem k tomu, že má pouze 512MB RAM nikdy zvláště rychlý nebude.

ComboFix 12-07-07.04 - Administrator 08.07.2012 9:59.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.511.267 [GMT -5:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\PriceGong
c:\documents and settings\Administrator\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\z.xml
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\MUI\041b\tourstart.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))
.
.
2012-07-05 17:14 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-05 17:14 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-05 17:14 . 2012-03-07 00:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-05 17:14 . 2012-03-07 00:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-05 17:14 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-05 17:14 . 2012-03-07 00:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-05 17:14 . 2012-03-07 00:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-05 17:14 . 2012-03-06 23:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-05 17:13 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
2012-07-05 17:13 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-18 17:44 . 2012-06-18 17:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-18 17:44 . 2012-06-18 17:44 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-18 17:44 . 2012-06-18 17:44 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 17:44 . 2011-10-29 23:12 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 20:19 . 2010-02-13 13:30 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2010-02-13 13:30 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2009-08-23 10:36 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2009-08-23 10:36 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2009-08-23 10:36 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2010-02-13 13:30 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2009-08-23 10:36 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2009-08-23 10:36 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2007-02-18 22:39 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2007-02-18 22:37 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2010-02-13 13:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2009-08-23 10:36 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2009-08-23 10:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2010-02-13 13:30 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2010-02-13 13:30 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2007-02-18 22:38 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-04 00:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:58 . 2007-02-18 22:39 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2007-02-18 22:39 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 23:02 . 2006-12-19 12:12 2069120 ------w- c:\windows\system32\ntkrnlpa.exe
2012-05-04 13:12 . 2007-03-14 23:20 2192640 ------w- c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2009-08-23 10:34 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-20 19:29 . 2004-08-04 00:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-04-20 19:29 . 2004-08-03 22:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-04-19 12:44 . 2004-08-03 22:59 369664 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="d:\quicktime\qttask.exe" [2007-10-20 286720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 99840]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0tpnative
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-11-15 09:42 33120 ----a-w- d:\alcohol soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
2007-04-25 18:28 954368 ----a-w- c:\program files\HP\Dfawep\bin\hpbdfawep.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OBSWATCH]
2005-09-07 15:26 20480 ------w- c:\progra~1\OrangeBs\Watch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 15:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-20 01:16 286720 ----a-w- d:\quicktime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-03-14 09:01 16010752 ------r- c:\windows\RTHDCPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"d:\\SopCast\\SopCast.exe"=
"d:\\SopCast\\adv\\SopAdver.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.11.2010 23:01 420920]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.7.2012 12:14 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.7.2012 12:14 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.7.2012 12:14 20696]
R2 GtFlashSwitch;GtFlashSwitch;c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [9.2.2007 13:48 176128]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.5.2010 15:03 136176]
S3 GTFFBUS;GT FF BUS;c:\windows\system32\drivers\gtffbus.sys [13.2.2010 14:24 16000]
S3 GTMMDMUSB;GT M 3G+ USB MDM;c:\windows\system32\drivers\gtmmdmusb.sys [13.2.2010 14:24 25472]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [13.2.2010 14:24 102784]
S3 GTMSERUSB;GT M 3G+ USB SER;c:\windows\system32\drivers\gtmserusb.sys [13.2.2010 14:24 21760]
S3 GtVUsb;GlobeTrotter 3G+ Viper Filter Service;c:\windows\system32\drivers\GtVUsb.sys [13.2.2010 14:24 5120]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [17.5.2010 15:03 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-08 10:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-07-08 10:08:30
ComboFix-quarantined-files.txt 2012-07-08 15:08
.
Pre-Run: 8 940 986 368 bytes free
Post-Run: 8 975 286 272 voľných bajtov
.
- - End Of File - - CDE51638173942502D698A3D8AED0FE5

Něco CF smazal, zbytek logu vypadá čistý.

ja už neviem....nemam v PC žiadne hry ani nic iné a strašne dlho sa mi pri zapnutí PC zobrazuju ikony na ploche čo inokedy nerobilo....ja viem že je slaba pamäťová karta ale išlo to už aj rýchlejšie....

Start>spustit>(napsat) msconfig>OK. V otevřeném okně na záložkách "Po spuštění" a "služby" zrušte zatržítka u všech položek, které nemusí startovat automaticky. Tj. u takových, které lze v případě potřeby spustit ručně.

VIRY.CZ

spomalený počítač, spomalený internet prosííím o pomoc:)

Re: spomalený počítač, spomalený internet prosííím o pomoc:)

Re: spomalený počítač, spomalený internet prosííím o pomoc:)

Re: spomalený počítač, spomalený internet prosííím o pomoc:)

Re: spomalený počítač, spomalený internet prosííím o pomoc:)

Re: spomalený počítač, spomalený internet prosííím o pomoc:)

Re: spomalený počítač, spomalený internet prosííím o pomoc:)

Re: spomalený počítač, spomalený internet prosííím o pomoc:)

Re: spomalený počítač, spomalený internet prosííím o pomoc:)

Re: spomalený počítač, spomalený internet prosííím o pomoc:)

Re: spomalený počítač, spomalený internet prosííím o pomoc:)

Re: spomalený počítač, spomalený internet prosííím o pomoc:)

Re: spomalený počítač, spomalený internet prosííím o pomoc:)