velmi pomalý počítač

[CX650]

Začal mi blbnout počítač. Start trvá strašně dlouho, někdy se vůbec nejde přihlásit. Na čtyřjádrové mašině trvá start Firefoxu klidně 4 minuty. Někdy vůbec nejde psát adresu - zobrazení každého znaku trvá desítky sekund.
Projel jsem to AVG, nenašlo nic. Spybot našel 14 věcí - všechny jsem odstranil. Před tím jsem samozřejmě postupoval podle návodu na těchto stránkách (zrušení obnovení, vymazání tempů,...).
Prosím, koukněte mi na log z Hijacku a poraďte jak dál. Díky. Tom

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:04, on 22.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\totalcmd\TOTALCMD.EXE
E:\Instalace\Antiviry\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mike\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe

--
End of file - 4768 bytes

[Rudy]

Dejte log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 . Je podrobnější, než HijackThis.

[CX650]

Tady je ten log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Mike at 2010-10-22 20:46:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 174 GB (87%) free of 200 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:46:55, on 22.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\All Users\Data aplikací\Mozilla Firefox\firefox.exe
D:\Stahovani\RSIT.exe
C:\Program Files\trend micro\Mike.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mike\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe

--
End of file - 5097 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-09-20 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-06-25 98304]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-07-20 18670592]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2005-07-22 550912]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-09-29 2067808]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Mike\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-14 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-06-22 12536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Program Files\Quake III Arena\quake3.exe"="C:\Program Files\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe"="C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:*:Enabled:Hellgate: London"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-10-22 20:46:53 ----D---- C:\rsit
2010-10-22 20:46:53 ----D---- C:\Program Files\trend micro
2010-10-22 20:41:48 ----D---- C:\WINDOWS\temp
2010-10-22 20:41:47 ----A---- C:\ComboFix.txt
2010-10-22 20:38:37 ----A---- C:\Boot.bak
2010-10-22 20:38:33 ----RASHD---- C:\cmdcons
2010-10-22 20:28:23 ----A---- C:\WINDOWS\zip.exe
2010-10-22 20:28:23 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-10-22 20:28:23 ----A---- C:\WINDOWS\SWSC.exe
2010-10-22 20:28:23 ----A---- C:\WINDOWS\SWREG.exe
2010-10-22 20:28:23 ----A---- C:\WINDOWS\sed.exe
2010-10-22 20:28:23 ----A---- C:\WINDOWS\PEV.exe
2010-10-22 20:28:23 ----A---- C:\WINDOWS\NIRCMD.exe
2010-10-22 20:28:23 ----A---- C:\WINDOWS\MBR.exe
2010-10-22 20:28:23 ----A---- C:\WINDOWS\grep.exe
2010-10-22 20:28:19 ----D---- C:\WINDOWS\ERDNT
2010-10-22 20:26:56 ----D---- C:\Qoobox
2010-10-21 20:59:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-10-21 20:59:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-10-16 15:33:05 ----D---- C:\found.001
2010-10-16 07:38:59 ----ASH---- C:\hiberfil.sys
2010-10-15 21:08:27 ----A---- C:\WINDOWS\ntbtlog.txt
2010-10-02 15:22:25 ----A---- C:\WINDOWS\compedia.ini
2010-10-02 15:22:24 ----D---- C:\Program Files\Compedia
2010-10-02 15:22:24 ----A---- C:\WINDOWS\system32\Wing32.dll
2010-10-02 15:22:24 ----A---- C:\WINDOWS\system32\LZSCMPRS.DLL

======List of files/folders modified in the last 1 months======

2010-10-22 20:46:53 ----RD---- C:\Program Files
2010-10-22 20:45:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mozilla Firefox
2010-10-22 20:41:48 ----D---- C:\WINDOWS
2010-10-22 20:41:33 ----SD---- C:\WINDOWS\Tasks
2010-10-22 20:40:47 ----A---- C:\WINDOWS\system.ini
2010-10-22 20:39:54 ----D---- C:\WINDOWS\system32\drivers
2010-10-22 20:39:54 ----D---- C:\WINDOWS\system32
2010-10-22 20:39:54 ----D---- C:\WINDOWS\AppPatch
2010-10-22 20:39:52 ----D---- C:\Program Files\Common Files
2010-10-22 20:39:00 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-22 20:38:37 ----RASH---- C:\boot.ini
2010-10-22 20:34:18 ----A---- C:\WINDOWS\hpbafd.ini
2010-10-22 20:28:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-22 20:28:22 ----SHD---- C:\System Volume Information
2010-10-22 20:28:22 ----D---- C:\WINDOWS\system32\Restore
2010-10-22 20:26:52 ----D---- C:\WINDOWS\Prefetch
2010-10-22 19:55:08 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-10-22 19:51:50 ----A---- C:\WINDOWS\wincmd.ini
2010-10-21 20:38:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-16 07:38:18 ----D---- C:\WINDOWS\system32\config
2010-10-16 07:36:45 ----D---- C:\WINDOWS\system32\wbem
2010-10-16 07:36:40 ----D---- C:\WINDOWS\Registration
2010-10-02 16:39:55 ----D---- C:\WINDOWS\system32\Adobe
2010-10-02 15:26:31 ----D---- C:\Program Files\Mozilla Firefox
2010-10-02 15:22:24 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-02 15:22:24 ----D---- C:\WINDOWS\system
2010-10-02 13:39:00 ----D---- C:\Program Files\Mozilla Thunderbird
2010-09-30 14:08:09 ----A---- C:\WINDOWS\NeroDigital.ini
2010-09-29 19:45:08 ----D---- C:\Program Files\Warcraft III

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdide;amdide; C:\WINDOWS\system32\DRIVERS\amdide.sys [2007-10-11 9096]
R0 AVGIDSErHrxpx;AVG9IDSErHr; C:\WINDOWS\System32\Drivers\AVGIDSxx.sys [2010-06-22 25168]
R0 AvgRkx86;avgrkx86.sys; C:\WINDOWS\System32\Drivers\avgrkx86.sys [2010-03-07 52872]
R0 pssnap;Paramount Software Snapshot Filter; C:\WINDOWS\system32\DRIVERS\pssnap.sys [2010-07-29 15328]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-06-22 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-01 29584]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-06-22 243024]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-14 4477440]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-08-19 100368]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-07-20 5795328]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-05-25 142336]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbfilter;AMD USB Filter Driver; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [2009-02-09 22328]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 catchme;catchme; \??\C:\DOCUME~1\Mike\LOCALS~1\Temp\catchme.sys []
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 DynCal;Dynamic Calibration Service; C:\WINDOWS\system32\drivers\Dyncal.sys [2006-04-22 8704]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 mbr;mbr; \??\C:\DOCUME~1\Mike\LOCALS~1\Temp\mbr.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSICDSetup;MSICDSetup; \??\F:\CDriver.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-14 602112]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-20 921952]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
R2 ReflectService;Macrium Reflect Image Mounting Service; C:\Program Files\Macrium\Reflect\ReflectService.exe [2010-07-29 220128]
S2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-06-22 5897808]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------


A ještě jsem udělal log z combofixu:

ComboFix 10-10-22.03 - Mike 22.10.2010 20:39:07.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1348 [GMT 2:00]
Spuštěný z: d:\stahovani\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-09-22 do 2010-10-22 )))))))))))))))))))))))))))))))
.

2010-10-21 18:59 . 2010-10-21 20:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-10-21 18:59 . 2010-10-21 19:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-16 13:33 . 2010-10-16 13:33 -------- d-----w- C:\found.001
2010-10-16 05:36 . 2010-10-16 05:36 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-02 13:22 . 2010-10-02 13:22 -------- d-----w- c:\program files\Compedia
2010-10-02 13:22 . 1998-09-02 09:43 81920 ----a-w- c:\windows\system32\LZSCMPRS.DLL
2010-10-02 13:22 . 1998-03-26 12:25 12800 ----a-w- c:\windows\system32\Wing32.dll
2010-10-02 13:22 . 1996-02-14 11:01 92208 ----a-w- c:\windows\system\Wing.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 11:23 . 2010-08-19 11:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-29 19:28 . 2010-07-29 20:05 12256 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2010-07-29 19:28 . 2010-07-29 20:05 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys
2010-07-29 19:27 . 2010-07-29 20:05 44512 ----a-w- c:\windows\system32\drivers\psmounter.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Mike\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-02-05 135664]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CHotkey"="mHotkey.exe" [2005-07-22 550912]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-29 2067808]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 16:44 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [5.2.2010 11:55 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5.2.2010 11:55 52872]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [29.7.2010 22:05 15328]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5.2.2010 11:55 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5.2.2010 11:55 243024]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [22.6.2010 18:44 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22.6.2010 18:44 308136]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [29.7.2010 22:05 220128]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [5.2.2010 11:55 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [5.2.2010 11:55 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [5.2.2010 11:55 26192]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [5.2.2010 10:44 22328]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [22.6.2010 18:44 5897808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5.2.2010 10:53 1684736]
S3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [22.4.2006 16:08 8704]
S3 MSICDSetup;MSICDSetup;\??\f:\cdriver.sys --> f:\CDriver.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mike\Data aplikací\Mozilla\Firefox\Profiles\s4vy51r6.default\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-NWEReboot - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-22 20:40
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-10-22 20:41:47
ComboFix-quarantined-files.txt 2010-10-22 18:41

Před spuštěním: Volných bajtů: 182 395 015 168
Po spuštění: Volných bajtů: 182 827 868 160

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 5C7FC9414963AFD49E916813455C3225

Díky moc.

[Rudy]

Nepochlubil jste se, že jste dnes dělal sken ComboFix. Po CF RSIT nic nenajde. Dejte log z CF, je uložen v C:\combofix.txt.

[CX650]

Zdravím, moje chyba, koukal jsem na obdobné problémy a všichni dostali doporučený combofix, tak jsem to asi zbytečně uspěchal.
Tady je log:
ComboFix 10-10-22.03 - Mike 22.10.2010 20:39:07.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1348 [GMT 2:00]
Spuštěný z: d:\stahovani\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-09-22 do 2010-10-22 )))))))))))))))))))))))))))))))
.

2010-10-21 18:59 . 2010-10-21 20:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-10-21 18:59 . 2010-10-21 19:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-16 13:33 . 2010-10-16 13:33 -------- d-----w- C:\found.001
2010-10-16 05:36 . 2010-10-16 05:36 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-02 13:22 . 2010-10-02 13:22 -------- d-----w- c:\program files\Compedia
2010-10-02 13:22 . 1998-09-02 09:43 81920 ----a-w- c:\windows\system32\LZSCMPRS.DLL
2010-10-02 13:22 . 1998-03-26 12:25 12800 ----a-w- c:\windows\system32\Wing32.dll
2010-10-02 13:22 . 1996-02-14 11:01 92208 ----a-w- c:\windows\system\Wing.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 11:23 . 2010-08-19 11:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-29 19:28 . 2010-07-29 20:05 12256 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2010-07-29 19:28 . 2010-07-29 20:05 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys
2010-07-29 19:27 . 2010-07-29 20:05 44512 ----a-w- c:\windows\system32\drivers\psmounter.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Mike\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-02-05 135664]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CHotkey"="mHotkey.exe" [2005-07-22 550912]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-29 2067808]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 16:44 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [5.2.2010 11:55 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5.2.2010 11:55 52872]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [29.7.2010 22:05 15328]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5.2.2010 11:55 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5.2.2010 11:55 243024]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [22.6.2010 18:44 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22.6.2010 18:44 308136]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [29.7.2010 22:05 220128]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [5.2.2010 11:55 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [5.2.2010 11:55 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [5.2.2010 11:55 26192]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [5.2.2010 10:44 22328]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [22.6.2010 18:44 5897808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5.2.2010 10:53 1684736]
S3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [22.4.2006 16:08 8704]
S3 MSICDSetup;MSICDSetup;\??\f:\cdriver.sys --> f:\CDriver.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mike\Data aplikací\Mozilla\Firefox\Profiles\s4vy51r6.default\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-NWEReboot - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-22 20:40
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-10-22 20:41:47
ComboFix-quarantined-files.txt 2010-10-22 18:41

Před spuštěním: Volných bajtů: 182 395 015 168
Po spuštění: Volných bajtů: 182 827 868 160

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 5C7FC9414963AFD49E916813455C3225

[Rudy]

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
f:\cdriver.sys

Driver::
MSICDSetup

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[CX650]

tož jsem to provedl, trochu mě překvapilo, že i podruhé stahoval a instaloval konzolu pro zotavení. Taky proběhl restart. Níže přikládám log a díky. Mimochodem, už teď se zdá počítač opět svižný:-)

ComboFix 10-10-22.03 - Mike 22.10.2010 23:25:25.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1398 [GMT 2:00]
Spuštěný z: d:\stahovani\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mike\Plocha\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSICDSETUP
-------\Service_MSICDSetup


((((((((((((((((((((((((( Soubory vytvořené od 2010-09-22 do 2010-10-22 )))))))))))))))))))))))))))))))
.

2010-10-22 18:46 . 2010-10-22 18:46 -------- d-----w- C:\rsit
2010-10-22 18:46 . 2010-10-22 18:46 -------- d-----w- c:\program files\trend micro
2010-10-21 18:59 . 2010-10-21 20:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-10-21 18:59 . 2010-10-21 19:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-16 13:33 . 2010-10-16 13:33 -------- d-----w- C:\found.001
2010-10-16 05:36 . 2010-10-16 05:36 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-02 13:22 . 2010-10-02 13:22 -------- d-----w- c:\program files\Compedia
2010-10-02 13:22 . 1998-09-02 09:43 81920 ----a-w- c:\windows\system32\LZSCMPRS.DLL
2010-10-02 13:22 . 1998-03-26 12:25 12800 ----a-w- c:\windows\system32\Wing32.dll
2010-10-02 13:22 . 1996-02-14 11:01 92208 ----a-w- c:\windows\system\Wing.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 11:23 . 2010-08-19 11:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-29 19:28 . 2010-07-29 20:05 12256 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2010-07-29 19:28 . 2010-07-29 20:05 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys
2010-07-29 19:27 . 2010-07-29 20:05 44512 ----a-w- c:\windows\system32\drivers\psmounter.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Mike\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-02-05 135664]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CHotkey"="mHotkey.exe" [2005-07-22 550912]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-29 2067808]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 16:44 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [5.2.2010 11:55 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5.2.2010 11:55 52872]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [29.7.2010 22:05 15328]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5.2.2010 11:55 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5.2.2010 11:55 243024]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [22.6.2010 18:44 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22.6.2010 18:44 308136]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [29.7.2010 22:05 220128]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [5.2.2010 11:55 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [5.2.2010 11:55 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [5.2.2010 11:55 26192]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [5.2.2010 10:44 22328]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [22.6.2010 18:44 5897808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5.2.2010 10:53 1684736]
S3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [22.4.2006 16:08 8704]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mike\Data aplikací\Mozilla\Firefox\Profiles\s4vy51r6.default\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-22 23:35
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\mHotkey.exe
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2010-10-22 23:37:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-22 21:37
ComboFix2.txt 2010-10-22 18:41

Před spuštěním: Volných bajtů: 182 840 549 376
Po spuštění: Volných bajtů: 182 772 760 576

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 169D607F69F38FDCAA4F0190FA69BC2F

[Rudy]

Log již vypadá čistý. Nastala nějaká změna? Konzolu jste instalovat nemusel, kdyby byla třeba, upozornil bych na to.

[CX650]

Zdravím, byl jsem dva dny pryč, tak jsem se k odpovědi dostal až teď. Zatím se to tváří, že by to mohlo fungovat. Takže mockrát díky a kdyby to blbnulo znovu, tak se s dovolením ozvu.

Ještě jednou díky moc.

[Rudy]

Nemáte zač!

[CX650]

Tak jsem to asi zakřikl. Pořád se chová nějak divně. Napřed zatuhl po zapnutí zezidentního štítu při aktualizaci AVG, potom při spuštění spybota (vím, musím ho vyměnit:-). Po restartu pořád strašně dlouho trvá, než je možné spustit uživatele.
Jak to pozoruju, tak chvíli jede úplně normálně (5-30 min.) a pak najednou zatuhne a několik minut prakticky nereaguje.

Nespouštěl jsem od mého posledního příspěvku žádné programy, kromě AVG a spybota, ani jsem, kromě této stránky, nebyl na interneteu.

Prosím tedy o pomoc ještě jednou. Díky.

[CX650]

Pořád to blbne, potvora. Mám znovu udělat log z Hijacku?

Dík předem za pomoc.

[Rudy]

OK. Udělejte sken IceSword: http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 a dejte logy Process a KernelModule. Nemohu ale vyloučit poškození systému.

[CX650]

Teda, dalo mi to práci, na tohle už jsem kapku blbej, a navíc se mi počítač čém dál víc zpomaluje, ale tady to je:
Process:

System Idle Process
System
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\explorer.exe
E:\Instalace\Antiviry\IceSword122en\IceSword.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Documents and Settings\All Users\Data aplikacˇ\Mozilla Firefox\firefox.exe
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Documents and Settings\Mike\Local Settings\Data aplikacˇ\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

Kernel Module:

\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
amdide.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
pssnap.sys
Mup.sys
avgrkx86.sys
AVGIDSxx.sys
\SystemRoot\system32\DRIVERS\AmdPPM.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\avgtdix.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\avgmfx86.sys
\SystemRoot\System32\Drivers\avgldx86.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\system32\DRIVERS\ndisuio.sys
\??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys
\??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys
\??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\SystemRoot\system32\drivers\kmixer.sys
\WINDOWS\system32\ntdll.dll

Díky.

[Rudy]

Rootkit nemáte. Co jste instaloval těsně před tím, než se problém objevl?