VIRY.CZ

Dobrý den, potřeboval bych pomoci s PC. Už pár dni se mi stále seká PC, při otevření i pouhé složky se počítač na 5 sec sekne. Nic nejde , na nic nereaguje. Projel jsem to Combofixem a ten mi hlásil , že mam zapnutý COMODO antivirus. Ten nemám na pc vůbec nainstalovaný. PC jsem ještě nechal otestoval MWAV.exe. Ten našel 27 kritických objektů a již zmíněny vir NULL.Corrupted a to v adobe reader, ten jsem odinstaloval ale v pc je stále. V přidat odebrat sowt, už sice neni ale v programech v pc stále je . Oba logy sem přidávám ještě dodam RSIT . Prosím poradte co s tím díky

ComboFix 11-03-08.09 - administrátor 09.03.2011 18:34:36.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1565 [GMT 1:00]
Spuštěný z: c:\documents and settings\administrátor\Plocha\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
FW: Sunbelt Personal Firewall *Disabled* {F61A549E-9C8A-4859-8BFE-2A4A018BBA4A}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\audiograbber\audiograbber.exe
c:\windows\system32\auto.exe
c:\windows\VM305Cap.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-09 do 2011-03-09 )))))))))))))))))))))))))))))))
.
.
2011-03-08 19:40 . 2011-02-02 07:58 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll
2011-03-08 19:40 . 2011-01-27 11:57 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe
2011-03-08 19:40 . 2011-02-09 13:53 186880 -c----w- c:\windows\system32\dllcache\encdec.dll
2011-03-08 10:50 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{F0C33581-35CC-470F-9FFA-225377BD6F0A}\mpengine.dll
2011-03-06 16:21 . 2009-07-27 23:19 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
2011-02-28 15:59 . 2011-03-08 19:02 -------- d-----w- c:\documents and settings\int
2011-02-28 15:11 . 2011-02-28 15:11 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\Temp
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\Mozilla
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\Microsoft
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\ATI
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\ApplicationHistory
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\Adobe
2011-02-28 15:10 . 2011-02-28 15:10 -------- d--h--w- c:\documents and settings\Default User
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací
2011-02-28 15:10 . 2011-03-02 00:39 -------- d-sh--w- c:\documents and settings\LocalService
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2011-02-15 12:21 . 2011-02-15 12:21 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2011-02-15 12:18 . 2011-02-15 12:18 -------- d-----w- c:\program files\Futuremark
2011-02-09 13:53 . 2011-02-09 13:53 270848 -c----w- c:\windows\system32\dllcache\sbe.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-11 06:54 . 2010-04-17 09:36 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2006-03-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 16:11 . 2009-10-03 13:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58 . 2008-12-29 20:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-12-29 20:43 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-02 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2006-03-02 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2006-03-02 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2006-03-02 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2008-12-30 00:14 806912 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk.disabled]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk.disabled
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk.disabled]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk.disabled
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^raid_tool.exe.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\raid_tool.exe.lnk
backup=c:\windows\pss\raid_tool.exe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-06-26 13:56 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-12-20 15:16 37376 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"WinFast Schedule"=c:\program files\WinFast\WFDTV\WFWIZ.exe
"WinFastDTV"=c:\program files\WinFast\WFDTV\DTVSchdl.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFCl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [29.12.2008 22:29 77056]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [30.12.2008 12:44 15424]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [16.2.2009 16:26 269736]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [18.9.2010 14:42 9856]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 9:04 735960]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [30.7.2008 10:36 95528]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [18.9.2010 14:44 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [18.9.2010 14:40 167040]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [16.2.2009 16:26 65576]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [18.9.2010 14:45 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [18.9.2010 14:43 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [18.9.2010 14:43 10368]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys --> c:\windows\system32\DRIVERS\cmdguard.sys [?]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys --> c:\windows\system32\DRIVERS\cmdhlp.sys [?]
S1 OADevice;OADriver;\??\c:\windows\system32\drivers\OADriver.sys --> c:\windows\system32\drivers\OADriver.sys [?]
S1 OAmon;OAmon;\??\c:\windows\system32\drivers\OAmon.sys --> c:\windows\system32\drivers\OAmon.sys [?]
S1 OAnet;OAnet;\??\c:\windows\system32\drivers\OAnet.sys --> c:\windows\system32\drivers\OAnet.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 OAcat;Online Armor Helper Service;"c:\program files\Tall Emu\Online Armor\OAcat.exe" --> c:\program files\Tall Emu\Online Armor\OAcat.exe [?]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [30.7.2008 10:36 1361192]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe --> c:\program files\Tall Emu\Online Armor\oasrv.exe [?]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [18.9.2010 14:40 9446]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2.3.2006 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S3 ZSMC0305;A4Tech PC Camera;c:\windows\system32\drivers\usbVM305.sys [30.12.2008 1:28 391688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-03-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: {28007708-7FEA-47C2-8CA4-5F52B81F40C0} = 192.168.0.1,194.228.2.1
FF - ProfilePath - c:\documents and settings\administrátor\Data aplikací\Mozilla\Firefox\Profiles\x3rsn3gj.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
MSConfigStartUp-FTweakFCleaner - c:\program files\FCleaner\FCleaner.exe
MSConfigStartUp-OPSE reminder - c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe
MSConfigStartUp-OpwareSE2 - c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
MSConfigStartUp-Orb - c:\program files\Winamp Remote\bin\OrbTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-09 18:41
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-03-09 18:45:40
ComboFix-quarantined-files.txt 2011-03-09 17:45
.
Před spuštěním: 7 629 086 720
Po spuštění: 7 779 319 808
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6CFC7D5C8CFFC3AE5D19BDE53882248E




MWAV.exe.
Informace o nalezených hrozbách
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{DF76B188-11DB-43DC-A389-10422995A979}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{ECD82B28-48BE-426C-B55B-6EC022616285}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{F0B7330E-24B8-43EA-8CD6-D114428A1CEC}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{F4D03C19-DCA0-4B09-83E7-BE3B06C8D4DC}". Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Adobe\Reader 10.0\Reader\AcroBroker(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32Info(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Adobe\Reader 10.0\Reader\AcroTextExtractor(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Adobe\Reader 10.0\Reader\Eula(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Adobe\Reader 10.0\Reader\PDFPrevHndlrShim(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{D9233D1E-BEB2-43D9-8BCF-DDA4027B5C54}\RP603\A0176386.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{D9233D1E-BEB2-43D9-8BCF-DDA4027B5C54}\RP603\A0176387.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{D9233D1E-BEB2-43D9-8BCF-DDA4027B5C54}\RP603\A0176388.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{D9233D1E-BEB2-43D9-8BCF-DDA4027B5C54}\RP603\A0176393.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{D9233D1E-BEB2-43D9-8BCF-DDA4027B5C54}\RP603\A0176394.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{D9233D1E-BEB2-43D9-8BCF-DDA4027B5C54}\RP603\A0176399.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{D9233D1E-BEB2-43D9-8BCF-DDA4027B5C54}\RP603\A0176400.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{D9233D1E-BEB2-43D9-8BCF-DDA4027B5C54}\RP603\A0176401.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.

Dalši log

Logfile of random's system information tool 1.08 (written by random/random)
Run by administrátor at 2011-03-09 20:10:08
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (29%) free of 25 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:10:33, on 9.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\administrátor\Plocha\RSIT.exe
C:\Program Files\trend micro\administrátor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0589192097
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-be ... canner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28007708-7FEA-47C2-8CA4-5F52B81F40C0}: NameServer = 192.168.0.1,194.228.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe (file missing)
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5069 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
Burn4Free Toolbar Helper - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll [2008-12-30 806912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
"BigDog305"=C:\WINDOWS\VM305_STI.EXE [2005-08-05 61440]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-06-26 25604904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2007-12-20 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk.disabled]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk.disabled []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk.disabled]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk.disabled []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^raid_tool.exe.lnk]
C:\PROGRA~1\VIA\RAID\RAID_T~1.EXE [2003-08-05 561152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\WinFast\WFDTV\DVBTAP.exe"="C:\Program Files\WinFast\WFDTV\DVBTAP.exe:*:Enabled:WinFast DTV Application"
"C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-03-09 20:10:09 ----D---- C:\Program Files\trend micro
2011-03-09 20:10:08 ----D---- C:\rsit
2011-03-09 19:37:40 ----SHD---- C:\Config.Msi
2011-03-09 19:16:29 ----AD---- C:\WINDOWS\zts2.exe
2011-03-09 19:16:29 ----AD---- C:\WINDOWS\system32\vcmgcd32.dll
2011-03-09 19:16:29 ----AD---- C:\WINDOWS\system32\systems.txt
2011-03-09 19:16:29 ----AD---- C:\WINDOWS\system32\iifgfgf.dll
2011-03-09 19:16:29 ----AD---- C:\WINDOWS\rundll16.exe
2011-03-09 19:16:29 ----AD---- C:\WINDOWS\rundl132.dll
2011-03-09 19:16:29 ----AD---- C:\WINDOWS\logo1_.exe
2011-03-09 19:01:54 ----SHD---- C:\RECYCLER
2011-03-09 18:48:17 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2011-03-09 18:48:17 ----A---- C:\WINDOWS\system32\T.COM
2011-03-09 18:48:17 ----A---- C:\WINDOWS\REGEDIT.COM
2011-03-09 18:48:17 ----A---- C:\WINDOWS\R.COM
2011-03-09 18:45:47 ----D---- C:\WINDOWS\temp
2011-03-09 18:45:43 ----A---- C:\ComboFix.txt
2011-03-09 18:32:56 ----A---- C:\Boot.bak
2011-03-09 18:32:51 ----RASHD---- C:\cmdcons
2011-03-09 18:29:42 ----A---- C:\WINDOWS\zip.exe
2011-03-09 18:29:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-03-09 18:29:42 ----A---- C:\WINDOWS\SWSC.exe
2011-03-09 18:29:42 ----A---- C:\WINDOWS\SWREG.exe
2011-03-09 18:29:42 ----A---- C:\WINDOWS\sed.exe
2011-03-09 18:29:42 ----A---- C:\WINDOWS\PEV.exe
2011-03-09 18:29:42 ----A---- C:\WINDOWS\NIRCMD.exe
2011-03-09 18:29:42 ----A---- C:\WINDOWS\MBR.exe
2011-03-09 18:29:42 ----A---- C:\WINDOWS\grep.exe
2011-03-09 18:29:27 ----D---- C:\WINDOWS\ERDNT
2011-03-09 18:24:08 ----D---- C:\Qoobox
2011-03-08 20:41:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-03-08 20:41:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-06 17:21:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2011-02-28 16:56:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-25 20:01:20 ----D---- C:\Documents and Settings\administrátor\Data aplikací\Mozilla
2011-02-25 20:01:06 ----D---- C:\Program Files\Mozilla Firefox
2011-02-15 13:21:01 ----D---- C:\Program Files\Common Files\Futuremark Shared
2011-02-15 13:18:58 ----D---- C:\Program Files\Futuremark

======List of files/folders modified in the last 1 months======

2011-03-09 20:10:15 ----D---- C:\WINDOWS\Prefetch
2011-03-09 20:10:09 ----RD---- C:\Program Files
2011-03-09 19:45:36 ----SD---- C:\WINDOWS\Tasks
2011-03-09 19:38:47 ----D---- C:\Program Files\Common Files
2011-03-09 19:38:46 ----SHD---- C:\WINDOWS\Installer
2011-03-09 19:38:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-03-09 19:37:59 ----D---- C:\Program Files\Common Files\Adobe
2011-03-09 19:36:36 ----D---- C:\WINDOWS\system32
2011-03-09 19:16:29 ----D---- C:\WINDOWS
2011-03-09 19:10:03 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-09 18:41:52 ----A---- C:\WINDOWS\system.ini
2011-03-09 18:41:32 ----D---- C:\WINDOWS\system32\drivers\etc
2011-03-09 18:40:53 ----D---- C:\audiograbber
2011-03-09 18:37:57 ----D---- C:\WINDOWS\system32\drivers
2011-03-09 18:37:57 ----D---- C:\WINDOWS\AppPatch
2011-03-09 18:32:56 ----RASH---- C:\boot.ini
2011-03-08 20:41:37 ----HD---- C:\WINDOWS\inf
2011-03-08 20:41:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-08 20:41:30 ----A---- C:\WINDOWS\imsins.BAK
2011-03-08 20:13:44 ----A---- C:\WINDOWS\system32\MRT.exe
2011-03-08 20:13:30 ----D---- C:\WINDOWS\system32\CatRoot
2011-03-08 20:12:17 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-07 16:29:45 ----D---- C:\Documents and Settings\administrátor\Data aplikací\OpenOffice.org2
2011-03-06 18:47:41 ----D---- C:\Program Files\PokerStars
2011-03-06 18:14:41 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-06 18:13:15 ----D---- C:\Documents and Settings\administrátor\Data aplikací\Smart PC Solutions
2011-02-28 16:59:03 ----D---- C:\Documents and Settings
2011-02-28 16:42:37 ----A---- C:\WINDOWS\wininit.ini
2011-02-28 16:11:27 ----D---- C:\WINDOWS\system32\config
2011-02-28 16:11:05 ----D---- C:\WINDOWS\system32\wbem
2011-02-28 16:11:05 ----D---- C:\WINDOWS\Registration
2011-02-28 14:53:25 ----D---- C:\Program Files\Unlocker
2011-02-25 19:54:43 ----D---- C:\Program Files\Mozilla Firefox 3.6 Beta 2
2011-02-16 17:11:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-02-16 16:37:55 ----D---- C:\Program Files\Microsoft Silverlight
2011-02-16 16:37:51 ----D---- C:\Program Files\Internet Explorer
2011-02-16 16:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-02-16 16:33:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-02-16 16:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-02-16 16:33:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-02-16 16:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-02-16 16:32:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-02-16 16:32:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-02-16 15:43:27 ----D---- C:\WINDOWS\network diagnostic
2011-02-15 16:17:49 ----D---- C:\Documents and Settings\administrátor\Data aplikací\Skype
2011-02-15 15:50:53 ----D---- C:\Documents and Settings\administrátor\Data aplikací\skypePM
2011-02-15 13:21:31 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 viasraid;viasraid; C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-08-05 77056]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-12-30 15424]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver; C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2007-09-19 9856]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-12-18 135048]
R2 wfcxatun;WinFast TV Analog Tuner Driver; C:\WINDOWS\system32\drivers\wfcxatun.sys [2007-09-19 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver; C:\WINDOWS\system32\drivers\wfcxvcap.sys [2007-09-19 167040]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-15 462684]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-01-08 33096]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-05-24 11392]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver; C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-01-26 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver; C:\WINDOWS\system32\drivers\wfcxtcap.sys [2007-09-19 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver; C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-01-26 10368]
S0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys []
S1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys []
S1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys []
S1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
S1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
S1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
S2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-12-30 512096]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-04-24 41984]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC0305;A4Tech PC Camera; C:\WINDOWS\System32\Drivers\usbVM305.sys [2006-05-08 391688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe []
S2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe []
S2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\Repair\cmdagent.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Dobrý večer
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
FW: Sunbelt Personal Firewall *Disabled* {F61A549E-9C8A-4859-8BFE-2A4A018BBA4A}

Z toho máte jen Eset a Sunbelt?

Ano jen NOD a Sunbelt, kdysi tam ten COMODO byl ale jen že jsem ho zkoušel, nevím proč se tam ted ukazuje, neni ani nikde v Program files. Ještě mam dotaz, combofix mi smazal audiograber.exe na ploše mi zůstal odkaz a v program files všechny soubory jen ten exe je smazaný, když dám soubor odinstalovat co tam zůstal tak to hlási že cesta neni platná , co s tou složkou a souborama . Mam je jentak smazat ?

Zitra potřebuju udělat platbu v internet bankingu , myslíte že je to bezpečné ?

Myslím že ano. Určitě platbu potvrzujete sms.

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci




Jinak mwaw Vám našel halvně viry v obnově systému, to pak opravíme, a vir NULL.Corrupted - to znamená že soubor je asi poškozený. Nemusíte se nijak bát

Doufám , že jsem vše provedl jak jsem měl.

ComboFix 11-03-09.03 - administrátor 10.03.2011 10:28:57.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1565 [GMT 1:00]
Spuštěný z: c:\documents and settings\administrátor\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\administrátor\Plocha\CFScript.txt.txt
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
FW: Sunbelt Personal Firewall *Disabled* {F61A549E-9C8A-4859-8BFE-2A4A018BBA4A}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CMDAGENT
-------\Legacy_OACAT
-------\Legacy_OADEVICE
-------\Legacy_OAMON
-------\Legacy_OANET
-------\Legacy_SVCONLINEARMOR
-------\Service_cmdAgent
-------\Service_cmdGuard
-------\Service_cmdHlp
-------\Service_Inspect
-------\Service_OAcat
-------\Service_OADevice
-------\Service_OAmon
-------\Service_OAnet
-------\Service_SvcOnlineArmor
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-10 do 2011-03-10 )))))))))))))))))))))))))))))))
.
.
2011-03-09 19:10 . 2011-03-09 19:10 -------- d-----w- c:\program files\trend micro
2011-03-09 19:10 . 2011-03-09 19:10 -------- d-----w- C:\rsit
2011-03-09 18:16 . 2011-03-09 18:16 -------- d---a-w- c:\windows\zts2.exe
2011-03-09 18:16 . 2011-03-09 18:16 -------- d---a-w- c:\windows\system32\vcmgcd32.dll
2011-03-09 18:16 . 2011-03-09 18:16 -------- d---a-w- c:\windows\system32\systems.txt
2011-03-09 18:16 . 2011-03-09 18:16 -------- d---a-w- c:\windows\system32\iifgfgf.dll
2011-03-09 18:16 . 2011-03-09 18:16 -------- d---a-w- c:\windows\rundll16.exe
2011-03-09 18:16 . 2011-03-09 18:16 -------- d---a-w- c:\windows\rundl132.dll
2011-03-09 18:16 . 2011-03-09 18:16 -------- d---a-w- c:\windows\logo1_.exe
2011-03-09 17:48 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2011-03-09 17:48 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2011-03-08 19:40 . 2011-02-02 07:58 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll
2011-03-08 19:40 . 2011-01-27 11:57 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe
2011-03-08 19:40 . 2011-02-09 13:53 186880 -c----w- c:\windows\system32\dllcache\encdec.dll
2011-03-08 10:50 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{F0C33581-35CC-470F-9FFA-225377BD6F0A}\mpengine.dll
2011-03-06 16:21 . 2009-07-27 23:19 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
2011-02-28 15:59 . 2011-03-08 19:02 -------- d-----w- c:\documents and settings\int
2011-02-28 15:11 . 2011-02-28 15:11 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\Temp
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\Mozilla
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\Microsoft
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\ATI
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\ApplicationHistory
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\Adobe
2011-02-28 15:10 . 2011-02-28 15:10 -------- d--h--w- c:\documents and settings\Default User
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací
2011-02-28 15:10 . 2011-03-02 00:39 -------- d-sh--w- c:\documents and settings\LocalService
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2011-02-15 12:21 . 2011-02-15 12:21 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2011-02-15 12:18 . 2011-02-15 12:18 -------- d-----w- c:\program files\Futuremark
2011-02-09 13:53 . 2011-02-09 13:53 270848 -c----w- c:\windows\system32\dllcache\sbe.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-11 06:54 . 2010-04-17 09:36 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2006-03-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 16:11 . 2009-10-03 13:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58 . 2008-12-29 20:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-12-29 20:43 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-02 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2006-03-02 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2006-03-02 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2006-03-02 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2008-12-30 00:14 806912 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk.disabled]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk.disabled
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk.disabled]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk.disabled
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^raid_tool.exe.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\raid_tool.exe.lnk
backup=c:\windows\pss\raid_tool.exe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-06-26 13:56 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-12-20 15:16 37376 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"WinFast Schedule"=c:\program files\WinFast\WFDTV\WFWIZ.exe
"WinFastDTV"=c:\program files\WinFast\WFDTV\DTVSchdl.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFCl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [29.12.2008 22:29 77056]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [30.12.2008 12:44 15424]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [16.2.2009 16:26 269736]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [18.9.2010 14:42 9856]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 9:04 735960]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [30.7.2008 10:36 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [30.7.2008 10:36 1361192]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [18.9.2010 14:44 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [18.9.2010 14:40 167040]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [16.2.2009 16:26 65576]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [18.9.2010 14:45 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [18.9.2010 14:43 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [18.9.2010 14:43 10368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [18.9.2010 14:40 9446]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2.3.2006 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S3 ZSMC0305;A4Tech PC Camera;c:\windows\system32\drivers\usbVM305.sys [30.12.2008 1:28 391688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-03-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: {28007708-7FEA-47C2-8CA4-5F52B81F40C0} = 192.168.0.1,194.228.2.1
FF - ProfilePath - c:\documents and settings\administrátor\Data aplikací\Mozilla\Firefox\Profiles\x3rsn3gj.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-10 10:42
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3284)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Celkový čas: 2011-03-10 10:46:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-10 09:46
ComboFix2.txt 2011-03-09 17:45
.
Před spuštěním: Volných bajtů: 10 014 642 176
Po spuštění: Volných bajtů: 10 131 824 640
.
- - End Of File - - 872A4FF4115650067A54B88649FAF377





Moc Vám děkuji za pomoc. Jakej je další postup paní šefová

Ještě je to pořád v seccenter, ale podíváme se, zda tam ještě zbytky po antivirech nezůstali.
Jinak jak to vypadá s počítačem?

Stáhněte SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe
-program spusťte a postupujte podle instrukcí. Log vložte zde

Results of screen317's Security Check version 0.99.9
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
ESET Smart Security
Sunbelt Personal Firewall
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Windows Defender
CCleaner
Adobe Flash Player 10.2.152.32
Mozilla Firefox (3.6.15)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Sunbelt Software Personal Firewall SbPFLnch.exe
Sunbelt Software Personal Firewall SbPFSvc.exe
Sunbelt Software Personal Firewall SbPFCl.exe
Windows Defender MsMpEng.exe
``````````End of Log````````````

No myslým že se to mrznutí už zlepšílo , neni to aspon pokaždé

U ESETU máte aktiovovaný i firewall, bud ho deaktivujte, nebo odinstalujte Sunbelt firewall

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Firewall jsem vypnul v NODU



ComboFix 11-03-09.03 - administrátor 10.03.2011 16:24:41.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1509 [GMT 1:00]
Spuštěný z: c:\documents and settings\administrátor\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\administrátor\Plocha\CFScript.txt.txt
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Sunbelt Personal Firewall *Disabled* {F61A549E-9C8A-4859-8BFE-2A4A018BBA4A}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-10 do 2011-03-10 )))))))))))))))))))))))))))))))
.
.
2011-03-10 11:28 . 2011-03-10 11:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-10 11:15 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-10 11:08 . 2011-03-10 11:08 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2011-03-10 11:08 . 2011-03-10 11:08 -------- d-----w- c:\program files\Lavasoft
2011-03-10 09:58 . 2011-03-10 09:58 -------- d-----w- c:\program files\CCleaner
2011-03-09 19:10 . 2011-03-09 19:10 -------- d-----w- c:\program files\trend micro
2011-03-09 19:10 . 2011-03-09 19:10 -------- d-----w- C:\rsit
2011-03-09 18:16 . 2011-03-09 18:16 -------- d---a-w- c:\windows\zts2.exe
2011-03-09 18:16 . 2011-03-09 18:16 -------- d---a-w- c:\windows\system32\vcmgcd32.dll
2011-03-09 18:16 . 2011-03-09 18:16 -------- d---a-w- c:\windows\system32\systems.txt
2011-03-09 18:16 . 2011-03-09 18:16 -------- d---a-w- c:\windows\system32\iifgfgf.dll
2011-03-09 18:16 . 2011-03-09 18:16 -------- d---a-w- c:\windows\rundll16.exe
2011-03-09 18:16 . 2011-03-09 18:16 -------- d---a-w- c:\windows\rundl132.dll
2011-03-09 18:16 . 2011-03-09 18:16 -------- d---a-w- c:\windows\logo1_.exe
2011-03-09 17:48 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2011-03-09 17:48 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2011-03-08 19:40 . 2011-02-02 07:58 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll
2011-03-08 19:40 . 2011-01-27 11:57 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe
2011-03-08 19:40 . 2011-02-09 13:53 186880 -c----w- c:\windows\system32\dllcache\encdec.dll
2011-03-08 10:50 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{F0C33581-35CC-470F-9FFA-225377BD6F0A}\mpengine.dll
2011-03-06 16:21 . 2009-07-27 23:19 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
2011-02-28 15:59 . 2011-03-08 19:02 -------- d-----w- c:\documents and settings\int
2011-02-28 15:11 . 2011-02-28 15:11 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\Temp
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\Mozilla
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\Microsoft
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\ATI
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\ApplicationHistory
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\Adobe
2011-02-28 15:10 . 2011-02-28 15:10 -------- d--h--w- c:\documents and settings\Default User
2011-02-28 15:10 . 2011-03-10 11:52 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací
2011-02-28 15:10 . 2011-03-02 00:39 -------- d-sh--w- c:\documents and settings\LocalService
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2011-02-15 12:21 . 2011-02-15 12:21 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2011-02-15 12:18 . 2011-02-15 12:18 -------- d-----w- c:\program files\Futuremark
2011-02-09 13:53 . 2011-02-09 13:53 270848 -c----w- c:\windows\system32\dllcache\sbe.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-11 06:54 . 2010-04-17 09:36 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2006-03-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 16:11 . 2009-10-03 13:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58 . 2008-12-29 20:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-12-29 20:43 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-02 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2006-03-02 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2006-03-02 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2006-03-02 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-10_09.42.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-10 11:15 . 2009-09-23 12:55 64288 c:\windows\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
+ 2010-11-13 17:49 . 2011-03-10 09:58 4644864 c:\windows\system32\config\systemprofile\ntuser.dat
- 2010-11-13 17:49 . 2010-11-13 17:49 4644864 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2011-03-10 11:08 . 2011-03-10 11:08 1861120 c:\windows\Installer\3e60d8.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2008-12-30 00:14 806912 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk.disabled]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk.disabled
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk.disabled]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk.disabled
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^raid_tool.exe.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\raid_tool.exe.lnk
backup=c:\windows\pss\raid_tool.exe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-06-26 13:56 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-12-20 15:16 37376 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"WinFast Schedule"=c:\program files\WinFast\WFDTV\WFWIZ.exe
"WinFastDTV"=c:\program files\WinFast\WFDTV\DTVSchdl.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFCl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10.3.2011 12:15 64288]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [29.12.2008 22:29 77056]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [30.12.2008 12:44 15424]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [16.2.2009 16:26 269736]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [18.9.2010 14:42 9856]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 9:04 735960]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [30.7.2008 10:36 95528]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [18.9.2010 14:44 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [18.9.2010 14:40 167040]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [16.2.2009 16:26 65576]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [18.9.2010 14:45 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [18.9.2010 14:43 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [18.9.2010 14:43 10368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1181328]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [30.7.2008 10:36 1361192]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [18.9.2010 14:40 9446]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2.3.2006 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S3 ZSMC0305;A4Tech PC Camera;c:\windows\system32\drivers\usbVM305.sys [30.12.2008 1:28 391688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-10 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:14]
.
2011-03-10 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:14]
.
2011-03-10 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:14]
.
2011-03-10 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:14]
.
2011-03-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:14]
.
2011-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-03-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
TCP: {28007708-7FEA-47C2-8CA4-5F52B81F40C0} = 192.168.0.1,194.228.2.1
FF - ProfilePath - c:\documents and settings\administrátor\Data aplikací\Mozilla\Firefox\Profiles\x3rsn3gj.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-10 16:32
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(532)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-03-10 16:36:29
ComboFix-quarantined-files.txt 2011-03-10 15:36
ComboFix2.txt 2011-03-10 09:46
ComboFix3.txt 2011-03-09 17:45
.
Před spuštěním: 9 292 386 304
Po spuštění: 9 278 754 816
.
- - End Of File - - E49DADCD4156E48E9008C2FFF735C45B

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://tharifas.sweb.cz/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

Vše jsem udělal podle Vás.

Ten OTC restartoval PC pak zmizel z plochy , mělo to tak být ?

Počítač po restartu zase zamrznul na asi 3 min , po otevřeni Firefoxu zase na nic doboru minutu nereagoval. Až na ten start se zdá vpořádku.

Ještě bych se Vás prosím zeptal, po použití MWAV.exe jsem odinstaloval Adobe reader 10 přes přidat a odebrat ve win.
V program files tenhle program ,ale dál je jen už není v nabítce odinstalovat. Další věc po prvním použití COMBOFIX se smazal audiograber , ale jen jeho soubor exe . Můžu ty soubory co po nem zůstaly smazat ? soubor uninstal nefunguje




Logfile of random's system information tool 1.08 (written by random/random)
Run by administrátor at 2011-03-10 17:34:26
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (36%) free of 25 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:34:51, on 10.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Documents and Settings\administrátor\Plocha\RSIT.exe
C:\Program Files\trend micro\administrátor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0589192097
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-be ... canner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28007708-7FEA-47C2-8CA4-5F52B81F40C0}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4878 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
Burn4Free Toolbar Helper - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll [2008-12-30 806912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
"BigDog305"=C:\WINDOWS\VM305_STI.EXE [2005-08-05 61440]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-06-26 25604904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2007-12-20 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk.disabled]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk.disabled []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk.disabled]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk.disabled []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^raid_tool.exe.lnk]
C:\PROGRA~1\VIA\RAID\RAID_T~1.EXE [2003-08-05 561152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\WinFast\WFDTV\DVBTAP.exe"="C:\Program Files\WinFast\WFDTV\DVBTAP.exe:*:Enabled:WinFast DTV Application"
"C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-03-10 17:34:26 ----D---- C:\rsit
2011-03-10 17:26:47 ----SHD---- C:\RECYCLER
2011-03-10 12:28:02 ----A---- C:\WINDOWS\system32\lsdelete.exe
2011-03-10 12:15:25 ----A---- C:\WINDOWS\system32\drivers\Lbd.sys
2011-03-10 12:08:47 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2011-03-10 12:08:40 ----D---- C:\Program Files\Lavasoft
2011-03-10 10:58:37 ----D---- C:\Program Files\CCleaner
2011-03-10 10:46:58 ----D---- C:\WINDOWS\temp
2011-03-09 20:10:09 ----D---- C:\Program Files\trend micro
2011-03-09 19:16:29 ----AD---- C:\WINDOWS\rundl132.dll
2011-03-09 18:32:56 ----A---- C:\Boot.bak
2011-03-09 18:32:51 ----RASHD---- C:\cmdcons
2011-03-08 20:41:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-03-08 20:41:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-06 17:21:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2011-02-28 16:56:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-25 20:01:20 ----D---- C:\Documents and Settings\administrátor\Data aplikací\Mozilla
2011-02-25 20:01:06 ----D---- C:\Program Files\Mozilla Firefox
2011-02-15 13:21:01 ----D---- C:\Program Files\Common Files\Futuremark Shared
2011-02-15 13:18:58 ----D---- C:\Program Files\Futuremark

======List of files/folders modified in the last 1 months======

2011-03-10 17:34:32 ----D---- C:\WINDOWS\Prefetch
2011-03-10 17:34:04 ----SD---- C:\WINDOWS\Tasks
2011-03-10 17:31:15 ----D---- C:\WINDOWS
2011-03-10 17:25:47 ----SHD---- C:\System Volume Information
2011-03-10 17:25:47 ----D---- C:\WINDOWS\system32\Restore
2011-03-10 17:25:15 ----D---- C:\WINDOWS\system32
2011-03-10 17:23:40 ----D---- C:\WINDOWS\system32\drivers
2011-03-10 16:32:40 ----A---- C:\WINDOWS\system.ini
2011-03-10 16:28:42 ----D---- C:\WINDOWS\AppPatch
2011-03-10 16:28:40 ----D---- C:\Program Files\Common Files
2011-03-10 16:22:51 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-10 12:15:51 ----HD---- C:\WINDOWS\inf
2011-03-10 12:15:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-03-10 12:08:45 ----SHD---- C:\WINDOWS\Installer
2011-03-10 12:08:40 ----RD---- C:\Program Files
2011-03-10 10:59:15 ----D---- C:\WINDOWS\Debug
2011-03-10 10:59:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-03-10 10:41:51 ----D---- C:\WINDOWS\system32\drivers\etc
2011-03-10 10:37:02 ----D---- C:\WINDOWS\system32\config
2011-03-09 19:38:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-03-09 19:37:59 ----D---- C:\Program Files\Common Files\Adobe
2011-03-09 18:40:53 ----D---- C:\audiograbber
2011-03-09 18:32:56 ----RASH---- C:\boot.ini
2011-03-08 20:41:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-08 20:13:44 ----A---- C:\WINDOWS\system32\MRT.exe
2011-03-08 20:13:30 ----D---- C:\WINDOWS\system32\CatRoot
2011-03-08 20:12:17 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-07 16:29:45 ----D---- C:\Documents and Settings\administrátor\Data aplikací\OpenOffice.org2
2011-03-06 18:47:41 ----D---- C:\Program Files\PokerStars
2011-03-06 18:14:41 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-06 18:13:15 ----D---- C:\Documents and Settings\administrátor\Data aplikací\Smart PC Solutions
2011-02-28 16:59:03 ----D---- C:\Documents and Settings
2011-02-28 16:42:37 ----A---- C:\WINDOWS\wininit.ini
2011-02-28 16:11:05 ----D---- C:\WINDOWS\system32\wbem
2011-02-28 16:11:05 ----D---- C:\WINDOWS\Registration
2011-02-28 14:53:25 ----D---- C:\Program Files\Unlocker
2011-02-25 19:54:43 ----D---- C:\Program Files\Mozilla Firefox 3.6 Beta 2
2011-02-16 16:37:55 ----D---- C:\Program Files\Microsoft Silverlight
2011-02-16 16:37:51 ----D---- C:\Program Files\Internet Explorer
2011-02-16 16:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-02-16 16:33:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-02-16 16:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-02-16 16:33:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-02-16 16:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-02-16 16:32:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-02-16 16:32:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-02-16 15:43:27 ----D---- C:\WINDOWS\network diagnostic
2011-02-15 16:17:49 ----D---- C:\Documents and Settings\administrátor\Data aplikací\Skype
2011-02-15 15:50:53 ----D---- C:\Documents and Settings\administrátor\Data aplikací\skypePM
2011-02-15 13:21:31 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 viasraid;viasraid; C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-08-05 77056]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-12-30 15424]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver; C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2007-09-19 9856]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-12-18 135048]
R2 wfcxatun;WinFast TV Analog Tuner Driver; C:\WINDOWS\system32\drivers\wfcxatun.sys [2007-09-19 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver; C:\WINDOWS\system32\drivers\wfcxvcap.sys [2007-09-19 167040]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-15 462684]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-05-24 11392]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver; C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-01-26 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver; C:\WINDOWS\system32\drivers\wfcxtcap.sys [2007-09-19 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver; C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-01-26 10368]
S2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-12-30 512096]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-04-24 41984]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC0305;A4Tech PC Camera; C:\WINDOWS\System32\Drivers\usbVM305.sys [2006-05-08 391688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-03-10 1181328]
S2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Tak bych řekl , že je to o mnoho lepší. Neni to, ale stále ještě to co byvalo
Zkusil jsem projet znova ten MWAV a už to teda neukazuje těch 27 ale už jen 20

Můžete dát log z toho co mwaw našel? Jinak mwaw už není co býval, takže na něj zase moc nedejte