VIRY.CZ

Ahoj,

MiliNess mne posila ze by se mi zde mohla dostat pomoci.

Muj problem je: Bohuzel situace se dnes jeste zhrosila, system uz nelze spustit ani v nouzovem rezimu. Spravce spusteni systemu Windows hlasi ze: Takze nyni se nemuzu zadnym zpusobem dostat do Windows Vista...
Predem dekuji za jakoukoliv odpoved Motji!

/Marduk

Ahoj,
takže se do systému nedostaneš ani v nouzovém režimu?
To vypadá na rootkita, podle toho názvu.
Máš zazálohované svoje data, kdyby se něco stalo?



Stáhni Hirensbootcd
http://www.hirensbootcd.org/hbcd-v103/

- po stažení rozbal a najdi ISO soubor
- v Neru nebo jiném vypalovacím programu vypal Image obrazu
- vypálené cd vlož do pc, restartuja nechz něj nabootovat
(možná budeše muset v Biose změnit, aby se z cd romky bootovalo jako první)
- zvol start miniXP

Teď si na USB přetahej data, která potřebuješ, kdyby se s počítačem něco stalo.

A teď máme dvě možnosti. Buď spustíš rovnou combofix, který je někde v Hirentsbootcd, nebo stahneme další program na cd a podívám se, co tam všechno je a zkusíme něco přes něj pomazat.
Dívám se že v Hirentsboot je i Gmer, takže nějak bychom to mohli vyzkoušet .

Já tu budu dnes asi do 11 hodin a pak večer asi od 21.00


Jen se ptám, máš Inst.cd, kdyby bylo potřeba udělat opravu systému?

Ahoj ted sem se dostal domu ze skoly a ctu tvoji odpoved. Zacinam na tom pracovat.
Dam vedet pokud narazim na nejaky problem.
Bohuzel cd Windowsu na opravu nemam.
Co se tyce ty volby, volil bych spis moznost 2. to jest stahnout nejaky dalsi program podivat se a popripade neco zkusit pomazat.

Dobrý den, až spustíte Hirens Boot CD, překopírujte si někam soubor Windows\System32\Config\system, pak ho zkomprimujte třeba v RARu nebo 7z a někam upněte. (třeba na http://www.leteckaposta.cz)
Kdyby nastal nějaký problém, pokusím se zatím ten ovladač vysekat z registru ručně.

Pro jistotu si stáhněte Vista Recovery Disc (rozbalit a vypálit ISO jako obraz disku na CD)
Ten se vám může hodit i v budoucnu, když nemáte instalační disk. Dá se z něho třeba obnovit systém z nějakého bodu obnovy, opravit spouštění systému atd.)
Počkejte ale na Motji a zatím nic nedělejte.

Dobře, první proveď co psal kolega Miliness,až vypálíš Hirents boot a nabootuješ z něj

Dobrý den, až spustíte Hirens Boot CD, překopírujte si někam soubor Windows\System32\Config\system

Pak zazálohuj ta data na USB nebo si je někde přetáhni z tohoto disku.

-----------------------------------------------------------------------------------
A pak stahni tento program, vypal na cd a nabootuj z něj.
www.itxassociates.com/OT-Tools/OTLPENet.exe
-klikni na ikonku OTL na ploše

-do bílého okna dole skopírujte tento skript: - zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

Nyni potrebne programy a chystam se spustit ten program se skriptem.

Přes Hirents už máš udělanou zálohu svých dat?

Logfile of random's system information tool 1.08 (written by random/random)
Run by Pavla Simoncikova at 2011-02-08 23:36:35
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 60 GB (20%) free of 305 GB
Total RAM: 3070 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:36:37, on 8.2.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\RSIT.exe
C:\Program Files\trend micro\Pavla Simoncikova.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe "C:\Users\PAVLAS~1\AppData\Local\Temp\goqw.tco" vnbyln
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVIDIA driver monitor] c:\windows\nvsvc32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [fybvqslv] C:\Windows\System32\fybvqslv.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [sessoul] C:\Users\Pavla Simoncikova\AppData\Roaming\Microsoft\salek.exe
O4 - HKCU\..\Run: [MSConfig] C:\Users\Pavla Simoncikova\lmohgq.exe \u
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [sessoul] C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\salek.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [sessoul] C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\salek.exe (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Ati HotKey Poller (dieevsicwyo8odya) - Google Inc. - C:\Users\Pavla Simoncikova\AppData\Roaming\Microsoft\fihyceto.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 6825 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Security Scan for Pavla Simoncikova.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-12-22 949376]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-08-19 92704]
"NVIDIA driver monitor"=c:\windows\nvsvc32.exe [2011-02-01 102400]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-08-19 13543968]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2008-06-11 1454080]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-22 6253088]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-15 178712]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"fybvqslv"=C:\Windows\System32\fybvqslv.exe [2011-02-02 58880]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"sessoul"=C:\Users\Pavla Simoncikova\AppData\Roaming\Microsoft\salek.exe [2011-02-02 229888]
"MSConfig"=C:\Users\Pavla Simoncikova\lmohgq.exe \u []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-02-09 05:02:34 ----A---- C:\OTL.Txt
2011-02-09 04:08:08 ----D---- C:\Sdileni
2011-02-08 23:33:10 ----D---- C:\Program Files\trend micro
2011-02-08 23:33:09 ----D---- C:\rsit
2011-02-08 23:33:01 ----A---- C:\RSIT.exe
2011-02-08 23:31:38 ----A---- C:\Windows\system32\MAIFEF6.tmp
2011-02-08 22:55:13 ----SHD---- C:\RECYCLER
2011-02-06 19:22:09 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-02-06 19:22:08 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-02-06 19:22:08 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-02-06 19:22:08 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-02-06 19:22:07 ----A---- C:\Windows\system32\drivers\aswmonflt.sys
2011-02-06 19:20:42 ----A---- C:\Windows\system32\aswBoot.exe
2011-02-06 19:20:32 ----D---- C:\ProgramData\Alwil Software
2011-02-06 19:20:32 ----D---- C:\Program Files\Alwil Software
2011-02-06 18:32:00 ----D---- C:\Program Files\Lavalys
2011-02-06 18:23:23 ----A---- C:\Windows\system32\MAIFCE4.tmp
2011-02-02 18:47:24 ----A---- C:\Windows\system32\fybvqslv.exe
2011-02-02 18:02:24 ----D---- C:\Windows\pss
2011-02-02 17:59:15 ----A---- C:\Windows\ntbtlog.txt
2011-02-02 13:13:55 ----AH---- C:\Users\Pavla Simoncikova\AppData\Roaming\HhdFJl61DD.txt
2011-02-02 02:34:42 ----D---- C:\Windows\Minidump
2011-02-01 15:42:13 ----RSH---- C:\Users\Pavla Simoncikova\AppData\Roaming\juzjf.exe
2011-02-01 15:42:02 ----A---- C:\23.exe
2011-02-01 15:11:34 ----RSH---- C:\Windows\nvsvc32.exe
2011-01-28 18:00:15 ----D---- C:\Program Files\EACOM
2011-01-28 17:58:37 ----D---- C:\Program Files\EA SPORTS
2011-01-25 17:01:28 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-01-18 02:05:28 ----D---- C:\ProgramData\Symantec
2011-01-18 02:05:22 ----D---- C:\Windows\system32\drivers\NSS
2011-01-18 02:05:22 ----D---- C:\ProgramData\Norton
2011-01-18 02:05:22 ----D---- C:\Program Files\Norton Security Scan
2011-01-18 02:05:21 ----D---- C:\ProgramData\NortonInstaller
2011-01-18 02:05:21 ----D---- C:\Program Files\NortonInstaller
2011-01-17 23:04:59 ----D---- C:\Windows\system32\Adobe
2011-01-17 14:12:58 ----A---- C:\Windows\system32\CmdLineExt.dll
2011-01-14 18:25:20 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-01-14 18:25:20 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-01-14 18:25:19 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-01-14 18:25:19 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-01-14 18:25:19 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-01-14 18:25:19 ----A---- C:\Windows\system32\xactengine2_10.dll
2011-01-14 18:25:19 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-01-14 18:25:19 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-01-14 18:25:19 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-01-14 18:25:19 ----A---- C:\Windows\system32\D3DX9_37.dll
2011-01-14 18:25:19 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-01-14 18:25:19 ----A---- C:\Windows\system32\d3dx10_37.dll
2011-01-14 18:25:19 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-01-14 18:25:19 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2011-01-14 18:25:18 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-01-14 18:25:18 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-01-14 18:25:18 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2011-01-14 18:25:18 ----A---- C:\Windows\system32\d3dx9_36.dll
2011-01-14 18:25:18 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-01-14 18:25:18 ----A---- C:\Windows\system32\d3dx10_36.dll
2011-01-14 18:25:18 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-01-14 18:25:18 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2011-01-14 18:25:18 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-01-14 18:23:51 ----A---- C:\Windows\system32\pbsvc.exe
2011-01-14 17:58:39 ----D---- C:\Program Files\Activision
2011-01-13 11:58:57 ----A---- C:\Windows\system32\xinput1_3.dll
2011-01-13 11:58:57 ----A---- C:\Windows\system32\xactengine2_7.dll
2011-01-13 11:58:57 ----A---- C:\Windows\system32\d3dx9_34.dll
2011-01-13 11:58:57 ----A---- C:\Windows\system32\d3dx9_33.dll
2011-01-13 11:58:57 ----A---- C:\Windows\system32\d3dx10_34.dll
2011-01-13 11:58:57 ----A---- C:\Windows\system32\d3dx10_33.dll
2011-01-13 11:58:57 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2011-01-13 11:58:57 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2011-01-13 11:58:56 ----A---- C:\Windows\system32\xactengine2_6.dll
2011-01-13 11:58:56 ----A---- C:\Windows\system32\xactengine2_5.dll
2011-01-13 11:58:56 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-01-13 11:58:56 ----A---- C:\Windows\system32\x3daudio1_1.dll
2011-01-13 11:58:56 ----A---- C:\Windows\system32\d3dx9_32.dll
2011-01-13 11:58:56 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-01-13 11:58:56 ----A---- C:\Windows\system32\d3dx10.dll
2011-01-13 11:58:55 ----A---- C:\Windows\system32\xinput1_2.dll
2011-01-13 11:58:55 ----A---- C:\Windows\system32\xinput1_1.dll
2011-01-13 11:58:55 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-01-13 11:58:55 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-01-13 11:58:55 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-01-13 11:58:52 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-01-13 11:58:52 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-01-13 11:58:52 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-01-13 11:58:52 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-01-13 11:58:51 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-01-13 11:58:51 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-01-13 11:58:51 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-01-13 11:57:17 ----A---- C:\Windows\system32\drivers\PnkBstrK.sys
2011-01-13 11:57:17 ----A---- C:\Users\Pavla Simoncikova\AppData\Roaming\PnkBstrK.sys
2011-01-13 11:57:01 ----A---- C:\Windows\system32\PnkBstrB.exe
2011-01-13 11:56:56 ----A---- C:\Windows\system32\PnkBstrA.exe
2011-01-13 11:56:54 ----A---- C:\Windows\game.ini
2011-01-13 11:31:21 ----SHD---- C:\Windows\ftpcache
2011-01-12 19:38:31 ----A---- C:\Windows\system32\odbc32.dll
2011-01-12 19:38:25 ----A---- C:\Windows\system32\sdclt.exe

======List of files/folders modified in the last 1 months======

2011-02-08 23:35:15 ----D---- C:\Windows\System32
2011-02-08 23:35:15 ----D---- C:\Windows\inf
2011-02-08 23:35:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-08 23:33:10 ----RD---- C:\Program Files
2011-02-08 23:31:50 ----D---- C:\Windows\system32\drivers
2011-02-08 23:27:36 ----AD---- C:\Windows
2011-02-06 19:22:49 ----AD---- C:\Windows\Temp
2011-02-06 19:22:03 ----SHD---- C:\Windows\Installer
2011-02-06 19:22:03 ----HD---- C:\Config.Msi
2011-02-06 19:22:01 ----D---- C:\Windows\winsxs
2011-02-06 19:21:21 ----D---- C:\Windows\Prefetch
2011-02-06 19:20:39 ----SHD---- C:\System Volume Information
2011-02-06 19:20:32 ----HD---- C:\ProgramData
2011-02-06 19:16:26 ----D---- C:\Program Files\Mozilla Firefox
2011-02-06 19:15:51 ----D---- C:\Users\Pavla Simoncikova\AppData\Roaming\DAEMON Tools Lite
2011-02-02 18:47:42 ----SD---- C:\Users\Pavla Simoncikova\AppData\Roaming\Microsoft
2011-02-02 18:44:52 ----D---- C:\Windows\system32\wbem
2011-02-02 18:25:52 ----D---- C:\Windows\Tasks
2011-02-02 18:25:52 ----D---- C:\Windows\system32\spool
2011-02-02 18:25:52 ----D---- C:\Windows\system32\Msdtc
2011-02-02 18:25:52 ----D---- C:\Windows\system32\CodeIntegrity
2011-02-02 18:25:52 ----D---- C:\Windows\system32\catroot2
2011-02-02 18:25:51 ----D---- C:\ProgramData\McAfee Security Scan
2011-02-02 18:25:51 ----D---- C:\Program Files\Scorpions WinCheater
2011-02-02 18:25:51 ----D---- C:\Program Files\Mv2Player
2011-02-02 18:25:50 ----D---- C:\Windows\registration
2011-02-02 13:04:19 ----A---- C:\Windows\NeroDigital.ini
2011-01-31 21:43:10 ----RSD---- C:\Windows\assembly
2011-01-30 12:45:53 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-29 23:08:41 ----D---- C:\Program Files\ICQ6.5
2011-01-29 23:08:40 ----D---- C:\Users\Pavla Simoncikova\AppData\Roaming\ICQ
2011-01-28 17:58:12 ----D---- C:\Program Files\Common Files\InstallShield
2011-01-25 17:01:28 ----D---- C:\Program Files\Common Files
2011-01-18 02:05:28 ----D---- C:\Windows\system32\Tasks
2011-01-17 23:05:24 ----D---- C:\Windows\system32\Macromed
2011-01-14 18:24:24 ----D---- C:\Windows\Logs
2011-01-13 11:58:53 ----D---- C:\Windows\Microsoft.NET
2011-01-13 11:56:56 ----D---- C:\Windows\system32\LogFiles
2011-01-13 00:27:04 ----A---- C:\Windows\system32\mrt.exe
2011-01-12 19:38:18 ----D---- C:\Windows\system32\catroot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-04-15 312344]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-01-13 23632]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-07-28 919552]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-04-28 54784]
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2008-07-15 51288]
R3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-07-22 123904]
S0 ijttdk;ijttdk; C:\Windows\system32\drivers\kyvkijprwscq.sys []
S0 rcvzwpknvibyw;rcvzwpknvibyw; C:\Windows\system32\drivers\ovvqqx.sys []
S0 retxciyef;retxciyef; C:\Windows\system32\drivers\retxciyef.sys []
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-31 691696]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-01-13 294608]
S1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-01-13 47440]
S1 bovowfpq;bovowfpq; \??\C:\Windows\system32\drivers\bovowfpq.sys []
S1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
S1 nod32drv;nod32drv; C:\Windows\system32\drivers\nod32drv.sys [2008-12-22 15424]
S1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2008-05-13 64000]
S2 AMON;AMON; C:\Windows\system32\drivers\amon.sys [2008-12-22 512096]
S2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
S2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S3 awyfudwy;awyfudwy; \??\C:\Windows\System32\Drivers\awyfudwy.sys []
S3 cehfelws;cehfelws; \??\C:\Windows\System32\Drivers\cehfelws.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 gcddyjhe;gcddyjhe; \??\C:\Windows\System32\Drivers\gcddyjhe.sys []
S3 gyelzjoq;gyelzjoq; \??\C:\Windows\System32\Drivers\gyelzjoq.sys []
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-22 2158040]
S3 kgcbxohg;kgcbxohg; \??\C:\Windows\System32\Drivers\kgcbxohg.sys []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nigfxmca;nigfxmca; \??\C:\Windows\System32\Drivers\nigfxmca.sys []
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-08-19 44576]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-08-19 7545824]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S3 silcbgoh;silcbgoh; \??\C:\Windows\System32\Drivers\silcbgoh.sys []
S3 skqnjdbg;skqnjdbg; \??\C:\Windows\System32\Drivers\skqnjdbg.sys []
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2008-06-11 1097856]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-19 9216]
S3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2008-04-23 131712]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2008-03-19 74112]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2008-01-22 54144]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2008-06-27 41728]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 wbqkwije;wbqkwije; \??\C:\Windows\System32\Drivers\wbqkwije.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 dieevsicwyo8odya;Ati HotKey Poller; C:\Users\Pavla Simoncikova\AppData\Roaming\Microsoft\fihyceto.exe [2011-02-02 229888]
S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-12-22 552064]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-08-19 196608]
S2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-12 65536]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-02-01 66872]
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2008-05-22 120168]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

Soubor info.txt :

info.txt logfile of random's system information tool 1.08 2011-02-08 23:33:26

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
123 Free Solitaire-->C:\PROGRA~1\123FRE~1\UNWISE.EXE C:\PROGRA~1\123FRE~1\INSTALL.LOG
32 Bit HP CIO Components Installer-->MsiExec.exe /I{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A80000000000}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Antivirový systém NOD32-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
Atheros Client Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe -runfromtemp -l0x0005 -removeonly
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0405
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Camera Recorder-->MsiExec.exe /I{3BDDA587-7CDE-430C-90A4-E2C4E48D3AE9}
Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
Croc 2-->C:\Windows\IsUninst.exe -f"c:\program files\fox\Uninst.isu"
EA.com Matchup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F173C40-563E-11D4-89C5-0010ADDAAC33}\setup.exe" -l0x0 Uninstall
EA.com Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB97F52-512B-43EF-AAEC-4825C17B32ED}\setup.exe" -l0x0 Uninstall
Euro Truck Simulator 1.00-->C:\Program Files\Euro Truck Simulator\uninst.exe
EVEREST Ultimate Edition v5.50-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Fotbalový manažer verze 1.41-->"C:\Program Files\Fotbalový manažer\unins000.exe"
Governor of Poker 2 Premium Edition v1.0 Multi-->"C:\Program Files\Governor of Poker 2 Premium Edition\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 13.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Imaging Device Functions 13.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Wireless B109n-z All-In-One Driver Software 13.0 Rel .6-->C:\Program Files\HP\Digital Imaging\{722B4A13-F24D-43AE-8813-5DB82C0B23C2}\setup\hpzscr01.exe -datfile hposcr39.dat -onestop -forcereboot
HP Print Projects 1.0-->C:\Program Files\HP\Digital Imaging\HPPrintProjects\hpzscr01.exe -datfile hpqbud19.dat
HP Smart Web Printing 4.5-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
IKEA Home Planner-->MsiExec.exe /I{B3276CB1-20B6-4AF9-AAEC-E72C83816495}
Intel(R) Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Karaoke 5 ver. 36.1-->"C:\Program Files\Karaoke5\unins000.exe"
K-Lite Codec Pack 4.4.2 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co85.dll,SM56UnInstaller
Mozilla Firefox (3.5.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MV2Player (remove only)-->C:\Program Files\Mv2Player\uninst.exe
Nero 7 Premium-->MsiExec.exe /I{4F2CE68F-EDBB-4592-BF07-5AC930A51029}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Security Scan-->C:\Program Files\Norton Security Scan\Engine\3.0.0.103\InstWrap.exe
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
O2Micro Flash Memory Card Reader Driver (x86)-->MsiExec.exe /X{0F667427-AD37-4089-A4A2-15AF5E44CACD}
Pro Evolution Soccer 2010-->MsiExec.exe /X{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Rayman Raving Rabbids 2 -->"C:\Program Files\InstallShield Installation Information\{B864EBC6-9DB8-4A5E-9F08-B0CE286785EC}\setup.exe" -runfromtemp -l0x0005 -removeonly
Rayman Raving Rabbids-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{111E336D-30BF-4CD4-8D69-4541732AFB27}\setup.exe" -l0x5 -removeonly
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installatio

než dopíšu skript na mazání

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu a spusťte
-vytvoří se log s názvem mbr.log, vložte ho zde

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: FUJITSU_ rev.0000 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Tak to už se ale vůbec nedivím, že systém nechěl naběhnoutl. Je tam zoo i s babkou pokladní .
Jen pro vysvětlení - Hirentsboot cd jsme řešili online přes icq, mazali jsme asi 6 rootkitů ručně, pak disk nabootoval.

Začneme mazat polehoučku, mám docela strach, aby nebyl systém nabořený a při použití combofixu nebo avengeru nespadl.


Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3592.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3A41.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81CC.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP862F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD6AF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE4F1.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE792.tmp folder moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RAC2D28.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RAC444.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RACAFAF.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RACD29A.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RACF8A.tmp moved successfully.
C:\WINDOWS\System32\MAIFCE4.tmp moved successfully.
C:\WINDOWS\System32\MAIFEF6.tmp moved successfully.
C:\WINDOWS\Temp\23213b71ab37fa6a1c34d0b6.tmp moved successfully.
C:\WINDOWS\Temp\491171a0f6a817f2e93bf0f1.tmp moved successfully.
C:\WINDOWS\Temp\57425ee49ed53d956d24a1e8.tmp moved successfully.
C:\WINDOWS\Temp\61c107e1ef37918d908a11ed.tmp moved successfully.
C:\WINDOWS\Temp\62089e86f65359a29df60020.tmp moved successfully.
C:\WINDOWS\Temp\73b3e80bce3582b4c354a5fb.tmp moved successfully.
C:\WINDOWS\Temp\87fd06786451d03484112bf0.tmp moved successfully.
C:\WINDOWS\Temp\axuud20139536.tmp moved successfully.
C:\WINDOWS\Temp\bc1942d0b3b02aff6931e54f.tmp moved successfully.
C:\WINDOWS\Temp\dbca70179c049221edb5273b.tmp moved successfully.
C:\WINDOWS\Temp\DMI3929.tmp moved successfully.
C:\WINDOWS\Temp\DMI444F.tmp moved successfully.
C:\WINDOWS\Temp\DMI45F4.tmp moved successfully.
C:\WINDOWS\Temp\DMI91E5.tmp moved successfully.
C:\WINDOWS\Temp\DMI9443.tmp moved successfully.
C:\WINDOWS\Temp\DMIC419.tmp moved successfully.
C:\WINDOWS\Temp\DMIF008.tmp moved successfully.
C:\WINDOWS\Temp\DWD424D.tmp folder moved successfully.
C:\WINDOWS\Temp\DWDCBC6.tmp folder moved successfully.
C:\WINDOWS\Temp\exp3CD2.tmp moved successfully.
C:\WINDOWS\Temp\exp7B79.tmp moved successfully.
C:\WINDOWS\Temp\expCEC5.tmp moved successfully.
C:\WINDOWS\Temp\expE526.tmp moved successfully.
C:\WINDOWS\Temp\ffc5cb1b8d26c8148cbc22b4.tmp moved successfully.
C:\WINDOWS\Temp\IH75EB.tmp moved successfully.
C:\WINDOWS\Temp\IH7E06.tmp moved successfully.
C:\WINDOWS\Temp\IH87D.tmp moved successfully.
C:\WINDOWS\Temp\IHADE9.tmp moved successfully.
C:\WINDOWS\Temp\IHF282.tmp moved successfully.
C:\WINDOWS\Temp\NSF5A9A.tmp moved successfully.
C:\WINDOWS\Temp\NSF6140.tmp moved successfully.
C:\WINDOWS\Temp\NSF62D8.tmp moved successfully.
C:\WINDOWS\Temp\NUP343A.tmp moved successfully.
C:\WINDOWS\Temp\NUP5A89.tmp moved successfully.
C:\WINDOWS\Temp\NUP613F.tmp moved successfully.
C:\WINDOWS\Temp\NUP62D7.tmp moved successfully.
C:\WINDOWS\Temp\NUP6375.tmp moved successfully.
C:\WINDOWS\Temp\WFVAC1C.tmp moved successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp moved successfully.
File\Folder C:\Users\PAVLAS~1\AppData\Local\Temp\goqw.tco not found.
C:\Windows\tasks\Norton Security Scan for Pavla Simoncikova.job moved successfully.
C:\Windows\System32\fybvqslv.exe moved successfully.
C:\Users\Pavla Simoncikova\AppData\Roaming\Microsoft\salek.exe moved successfully.
File\Folder C:\Users\Pavla Simoncikova\lmohgq.exe not found.
File\Folder C:\Windows\system32\MAIFEF6.tmp not found.
File\Folder C:\Windows\system32\MAIFCE4.tmp not found.
C:\23.exe moved successfully.
C:\Users\Pavla Simoncikova\AppData\Roaming\HhdFJl61DD.txt moved successfully.
C:\Users\Pavla Simoncikova\AppData\Roaming\juzjf.exe moved successfully.
File\Folder C:\Windows\system32\drivers\kyvkijprwscq.sys not found.
File\Folder C:\Windows\system32\drivers\ovvqqx.sys not found.
File\Folder C:\Windows\system32\drivers\retxciyef.sys not found.
File\Folder C:\Windows\system32\drivers\bovowfpq.sys not found.
File\Folder c:\Windows\System32\Drivers\awyfudwy.sys not found.
File\Folder C:\Windows\System32\Drivers\cehfelws.sys not found.
File\Folder C:\Windows\System32\Drivers\gcddyjhe.sys not found.
File\Folder C:\Windows\System32\Drivers\gyelzjoq.sys not found.
File\Folder C:\Windows\System32\Drivers\kgcbxohg.sys not found.
File\Folder C:\Windows\System32\Drivers\nigfxmca.sys not found.
File\Folder C:\Windows\System32\Drivers\silcbgoh.sys not found.
File\Folder C:\Windows\System32\Drivers\skqnjdbg.sys not found.
File\Folder C:\Windows\System32\Drivers\wbqkwije.sys not found.
C:\Users\Pavla Simoncikova\AppData\Roaming\Microsoft\fihyceto.exe moved successfully.
c:\windows\nvsvc32.exe moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fybvqslv deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\sessoul deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSConfig deleted successfully.
========== SERVICES/DRIVERS ==========
Error: No service named ijttdk was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ijttdk deleted successfully.
Service rcvzwpknvibyw stopped successfully!
Service rcvzwpknvibyw deleted successfully!
Service retxciyef stopped successfully!
Service retxciyef deleted successfully!
Service bovowfpq stopped successfully!
Service bovowfpq deleted successfully!
Service awyfudwy stopped successfully!
Service awyfudwy deleted successfully!
Service cehfelws stopped successfully!
Service cehfelws deleted successfully!
Service gcddyjhe stopped successfully!
Service gcddyjhe deleted successfully!
Service gyelzjoq stopped successfully!
Service gyelzjoq deleted successfully!
Service kgcbxohg stopped successfully!
Service kgcbxohg deleted successfully!
Service nigfxmca stopped successfully!
Service nigfxmca deleted successfully!
Service silcbgoh stopped successfully!
Service silcbgoh deleted successfully!
Service skqnjdbg stopped successfully!
Service skqnjdbg deleted successfully!
Service wbqkwije stopped successfully!
Service wbqkwije deleted successfully!
Service dieevsicwyo8odya stopped successfully!
Service dieevsicwyo8odya deleted successfully!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Pavla Simoncikova
->Temp folder emptied: 1409602261 bytes
->Temporary Internet Files folder emptied: 14716464 bytes
->Java cache emptied: 1321027 bytes
->FireFox cache emptied: 57605116 bytes
->Flash cache emptied: 2124777 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 221466982 bytes
RecycleBin emptied: 9425955996 bytes

Total Files Cleaned = 10 617,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Pavla Simoncikova
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02092011_001731

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Fajn, riskneme combofix, ale rovnou Tě upozornuji, že může systém uplně kleknout . Pokud bys ho nechtěl dělat, napiš.

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix


Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Ahoj,

Combofix sem spustil, system se nastesti nezhroutil a pracuje normalne.
Prikladam log:

ComboFix 11-02-11.02 - Pavla Simoncikova 12.02.2011 15:40:08.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.3070.1612 [GMT 1:00]
Spuštěný z: c:\users\Pavla Simoncikova\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Pavla Simoncikova\AppData\Roaming\Microsoft\vojoot.exe
c:\users\Pavla Simoncikova\exmo.exe
c:\users\Pavla Simoncikova\fybvqslv.exe
c:\users\Pavla Simoncikova\odexxc.exe
c:\users\Pavla Simoncikova\secupdat.dat
c:\windows\system32\drivers\str.sys
c:\windows\system32\secupdat.dat
c:\windows\system32\Temp
c:\windows\system32\Temp\Kara_K5V.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-12 do 2011-02-12 )))))))))))))))))))))))))))))))
.

2011-02-12 14:51 . 2011-02-12 14:52 -------- d-----w- c:\users\Pavla Simoncikova\AppData\Local\temp
2011-02-12 14:51 . 2011-02-12 14:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-09 03:08 . 2011-02-09 03:08 -------- d-----w- C:\Sdileni
2011-02-08 23:31 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BECE0BE-22F9-488F-9B41-6E6AB9153077}\mpengine.dll
2011-02-08 23:17 . 2011-02-08 23:17 -------- d-----w- C:\_OTL
2011-02-08 22:33 . 2011-02-08 22:36 -------- d-----w- c:\program files\trend micro
2011-02-08 22:33 . 2011-02-08 22:33 -------- d-----w- C:\rsit
2011-02-08 22:33 . 2011-02-08 22:32 339991 ----a-w- C:\RSIT.exe
2011-02-06 18:22 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-06 18:22 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-06 18:22 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-06 18:22 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-06 18:22 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2011-02-06 18:20 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-06 18:20 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-06 18:20 . 2011-02-06 18:20 -------- d-----w- c:\programdata\Alwil Software
2011-02-06 18:20 . 2011-02-06 18:20 -------- d-----w- c:\program files\Alwil Software
2011-02-06 17:32 . 2011-02-06 17:32 -------- d-----w- c:\program files\Lavalys
2011-02-06 17:24 . 2011-02-06 17:34 -------- d-----w- c:\users\Pavla Simoncikova\BSOD
2011-01-28 17:00 . 2011-01-28 17:00 -------- d-----w- c:\program files\EACOM
2011-01-28 16:58 . 2011-01-28 16:58 -------- d-----w- c:\program files\EA SPORTS
2011-01-28 16:58 . 2000-10-05 14:55 77824 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2011-01-28 16:58 . 2000-10-05 14:55 221184 ------w- c:\program files\Common Files\InstallShield\IScript\IScript.dll
2011-01-28 16:58 . 2000-10-05 14:50 221184 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2011-01-28 16:58 . 2000-10-05 14:49 32768 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2011-01-28 16:58 . 2000-01-04 05:39 212992 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2011-01-25 16:01 . 2011-02-06 17:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-01-18 01:05 . 2011-01-18 01:05 -------- d-----w- c:\programdata\Symantec
2011-01-18 01:05 . 2011-01-18 01:05 -------- d-----w- c:\windows\system32\drivers\NSS
2011-01-18 01:05 . 2011-01-18 01:05 -------- d-----w- c:\programdata\Norton
2011-01-18 01:05 . 2011-01-18 01:05 -------- d-----w- c:\program files\Norton Security Scan
2011-01-18 01:05 . 2011-01-18 01:05 -------- d-----w- c:\program files\NortonInstaller
2011-01-17 22:04 . 2011-01-17 22:08 -------- d-----w- c:\windows\system32\Adobe
2011-01-17 13:12 . 2011-01-17 13:12 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-01-14 17:26 . 2011-02-01 10:41 -------- d-----w- c:\users\Pavla Simoncikova\AppData\Local\PunkBuster
2011-01-14 17:23 . 2011-01-14 17:23 682280 ----a-w- c:\windows\system32\pbsvc.exe
2011-01-14 16:58 . 2011-01-31 20:16 -------- d-----w- c:\program files\Activision

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-01 10:42 . 2011-01-13 10:57 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-02-01 10:42 . 2011-01-13 10:56 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-01 10:41 . 2011-01-13 10:57 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-31 20:39 . 2011-01-13 10:57 22328 ----a-w- c:\users\Pavla Simoncikova\AppData\Roaming\PnkBstrK.sys
2010-12-28 15:55 . 2011-01-12 18:38 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 18:38 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-13 20:00 . 2010-12-13 19:59 6274424 ----a-w- c:\program files\Silverlight.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-19 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-19 13543968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-06-11 1454080]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-22 6253088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-31 691696]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-28 54784]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-19 44576]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-07-15 51288]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Pavla Simoncikova\AppData\Roaming\Mozilla\Firefox\Profiles\kiwszz21.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
AddRemove-Fotbalový manažer_is1 - c:\program files\Fotbalový manažer\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-12 15:51
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-02-12 15:57:12
ComboFix-quarantined-files.txt 2011-02-12 14:57

Před spuštěním: Volných bajtů: 67 514 961 920
Po spuštění: Volných bajtů: 65 949 642 752

Current=2 Default=2 Failed=1 LastKnownGood=2 Sets=1,2,3,4,5
- - End Of File - - 6754438D1839FBAAF60062306957E2CD


Log z MBanu prilozim pozdeji, scan stale bezi.