VIRY.CZ

Dobrý večer. Prosím o pomoc.
Nainstaloval jsem Bitdefender internet security 2011 (podivná instalace). Pak došlo ke zpomalení počítače a hlavně problémy s firewallem. Firefox mi prakticky nechce načíst většinu stránek. Odinstaloval jsem Bitdefender ale problém přetrvává. Asi ten firewall tam stále nějak visí. Teď jsem na síti jen v nouzovém režimu.
Po zpuštění Ccleaneru i RSITU mi napíše Win. hlášku System nemá přístup k určenému zařízení. Co mám dělat ? Děkuji.

Zkuste obnovu systému k datu před instalací BitDefenderu.

promiňte...ale nevim jak

Jo a toto je maximum, co jsem dostal z RSITU, než mi to napsalo přístup odepřen
---------------------------------------------------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by mark at 2011-07-15 23:33:03
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (7%) free of 191 GB
Total RAM: 511 MB (18% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\SmartDefrag_Startup.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\mark\Data aplikací\Mozilla\Firefox\Profiles\h1z4mdbl.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1, {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8, {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2, {1cff04ef-0c75-4621-ba2a-2efb77346996}:2.3, {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8, {00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15, {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0"
prefs.js - "keyword.URL" - "http://www.google.com/search?ie=UTF-8&o ... &gfns=1&q="

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"Cetrumcz@igeared"=C:\Program Files\CentrumczToolbar\Firefox\Cetrumcz@igeared
"{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}"=C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\mark\Data aplikací\Mozilla\Firefox\Profiles\h1z4mdbl.default\extensions\
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
{20a82645-c095-46ed-80e3-08825760534b}
{aff87fa2-a58e-4edd-b852-0a20203c1e17}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
{D46E8522-6E86-44b1-A622-58C0668AD78E}
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

C:\Documents and Settings\mark\Data aplikací\Mozilla\Firefox\Profiles\h1z4mdbl.default\searchplugins\
firmycz.xml
flickr.xml
mapycz.xml
zbocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21A88CB9-84D2-4020-A2D1-B25A21034884}]
HistoryTriggerBHO Class - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll [2011-07-10 35688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431}
{D5D47440-0750-463D-BAEF-A47D02414806}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"anvshell"=C:\WINDOWS\anvshell.exe [2003-07-24 380928]
"MULTIMEDIA KEYBOARD"=C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe [2002-01-31 151552]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"nwiz"=nwiz.exe /install []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-04-06 26102056]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\StrongDC++\StrongDC.exe"="C:\Program Files\StrongDC++\StrongDC.exe:*:Enabled:StrongDC"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe"="C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe:*:Enabled:Adobe Reader "
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\mark\Plocha\RSIT.exe"="C:\Documents and Settings\mark\Plocha\RSIT.exe:*:Enabled:RSIT"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.IV50"=ir50_32.dll
"VIDC.WMV3"=wmv9vcm.dll
"msacm.iac2"=C:\WINDOWS\System32\iac25_32.ax
"VIDC.IV41"=IR41_32.AX
"vidc.DIV3"=DivXc32.dll
"vidc.DIV4"=DivXc32f.dll
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"vidc.VP60"=vp6vfw.dll
"vidc.VP61"=vp6vfw.dll
"vidc.VP62"=vp6vfw.dll
"VIDC.I420"=msh263.drv
"msacm.l3codec"=l3codecp.acm
"vidc.tscc"=tsccvid.dll
"VIDC.HFYU"=huffyuv.dll
"msacm.voxacm160"=vct3216.acm
"vidc.ffds"=ff_vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm

======List of files/folders created in the last 1 month======

2011-07-15 23:30:44 ----D---- C:\rsit
2011-07-15 23:21:25 ----ASH---- C:\pagefile.sys
2011-07-15 22:39:04 ----D---- C:\WINDOWS\CSC
2011-07-15 22:38:54 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-15 22:09:11 ----SHD---- C:\Config.Msi
2011-07-15 21:53:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\bdch
2011-07-15 21:43:17 ----A---- C:\WINDOWS\system32\drivers\serial.sys
2011-07-15 21:09:04 ----A---- C:\bdlog.txt
2011-07-15 20:25:00 ----D---- C:\Documents and Settings\mark\Data aplikací\QuickScan
2011-07-14 01:58:59 ----A---- C:\WINDOWS\system32\drivers\1107381471.sys
2011-07-13 22:31:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\TomTom
2011-07-13 22:30:34 ----D---- C:\Documents and Settings\mark\Data aplikací\TomTom
2011-07-13 14:36:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-13 14:32:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-09 23:53:31 ----A---- C:\WINDOWS\system32\msvcr90.dll
2011-07-09 23:53:31 ----A---- C:\WINDOWS\system32\msvcp90.dll
2011-07-09 23:53:31 ----A---- C:\WINDOWS\system32\msvcm90.dll
2011-07-09 23:46:15 ----A---- C:\WINDOWS\system32\wdfcoinstaller01005.dll
2011-06-30 00:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
2011-06-29 22:22:07 ----D---- C:\Program Files\PoselSmrti
2011-06-29 08:25:43 ----D---- C:\2d1b0d0ae58c5731d9d8bb452c46
2011-06-21 20:20:18 ----D---- C:\Program Files\Asseco
2011-06-21 20:15:42 ----D---- C:\Documents and Settings\mark\Data aplikací\CSAS
2011-06-21 20:10:25 ----D---- C:\Program Files\CryptoPlus
2011-06-21 20:06:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\SmartCard Reader Installation
2011-06-21 20:06:33 ----A---- C:\WINDOWS\system32\drivers\GemCCID.sys
2011-06-17 00:37:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2011-06-17 00:37:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2503665$
2011-06-17 00:37:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2011-06-17 00:37:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276$
2011-06-17 00:35:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893$

======List of files/folders modified in the last 1 month======

2011-07-15 23:33:59 ----D---- C:\Program Files\trend micro
2011-07-15 23:32:13 ----A---- C:\WINDOWS\Msiosd.ini
2011-07-15 23:25:21 ----RD---- C:\Program Files
2011-07-15 23:22:51 ----D---- C:\Documents and Settings\mark\Data aplikací\skypePM
2011-07-15 23:22:38 ----D---- C:\Documents and Settings\mark\Data aplikací\Skype
2011-07-15 23:22:37 ----D---- C:\WINDOWS\TEMP
2011-07-15 23:21:21 ----D---- C:\WINDOWS\system32\drivers
2011-07-15 22:53:45 ----D---- C:\Program Files\Common Files
2011-07-15 22:53:27 ----D---- C:\WINDOWS\system32
2011-07-15 22:39:04 ----D---- C:\WINDOWS
2011-07-15 22:16:32 ----SHD---- C:\WINDOWS\Installer
2011-07-15 22:14:24 ----D---- C:\Documents and Settings\mark\Data aplikací\uTorrent
2011-07-15 22:14:23 ----D---- C:\WINDOWS\Debug
2011-07-15 22:09:18 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-15 21:58:23 ----D---- C:\Program Files\Spyware Terminator
2011-07-15 21:43:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-15 21:11:50 ----D---- C:\Documents and Settings
2011-07-15 21:09:16 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-07-15 20:36:24 ----HD---- C:\WINDOWS\inf
2011-07-15 20:22:58 ----D---- C:\WINDOWS\Prefetch
2011-07-15 20:13:29 ----D---- C:\Documents and Settings\mark\Data aplikací\ESET
2011-07-14 01:37:33 ----D---- C:\Program Files\Mozilla Thunderbird
2011-07-13 14:32:26 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-13 13:28:31 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-11 22:26:45 ----D---- C:\LGP500
2011-07-11 22:23:29 ----A---- C:\WINDOWS\system32\lgAxconfig.ini
2011-07-10 23:43:59 ----D---- C:\Program Files\Google
2011-07-10 23:41:19 ----SD---- C:\WINDOWS\Tasks
2011-07-10 01:04:33 ----D---- C:\WINDOWS\system32\CatRoot
2011-07-10 01:02:37 ----D---- C:\Program Files\LG Electronics
2011-07-09 23:53:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\LGMOBILEAX
2011-07-09 23:49:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-09 23:47:19 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-09 23:35:23 ----D---- C:\sdílení -markalous
2011-07-07 19:14:49 ----D---- C:\WINDOWS\Microsoft.NET
2011-07-07 19:14:40 ----RSD---- C:\WINDOWS\assembly
2011-07-07 19:00:12 ----D---- C:\WINDOWS\WinSxS
2011-06-28 23:00:55 ----D---- C:\Program Files\Defraggler
2011-06-28 22:54:45 ----D---- C:\Documents and Settings\mark\Data aplikací\Media Player Classic
2011-06-28 22:54:45 ----D---- C:\Documents and Settings\mark\Data aplikací\Free Download Manager
2011-06-28 22:54:31 ----D---- C:\WINDOWS\Logs
2011-06-28 17:19:48 ----D---- C:\Program Files\Opera
2011-06-24 07:30:53 ----D---- C:\Program Files\Mozilla Firefox
2011-06-18 19:03:52 ----D---- C:\Program Files\Common Files\Adobe
2011-06-18 19:02:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-06-18 19:01:25 ----D---- C:\Program Files\Adobe
2011-06-17 00:36:40 ----D---- C:\Program Files\Internet Explorer

P.S. Spustil jsem postupně všechny antispywary i RSIT a HiJack(i v nouzovém režimu) a všechny se mi po chvíli zablokovaly hláškou ,,Systém Windows nemá přístup k určenému zařízení..'' (např.SUPERAntiSpyware mi našel nějakého trojana, ale než to doběhlo do konce, tak spadl a od té doby nelze spustit)...Co mám dělat ?

Tak obnova nepomohla, resp. mi to sdělilo, že nebyly provedeny žádné změny, tudíž se nic neobnovuje.

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Log z Combofixu:
----------------------------------------------------------------
ComboFix 11-07-15.03 - mark 16.07.2011 14:54:14.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.310 [GMT 2:00]
Spuštěný z: c:\documents and settings\mark\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\mark\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\IsUn0407.exe
c:\windows\system32\c_62410.nls
c:\windows\system32\drivers\1107381471.sys
c:\windows\unin0405.exe
C:\zip(2).exe
.
Nakažená kopie c:\windows\system32\drivers\serial.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it
Nakažená kopie c:\windows\system32\wuauclt.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\wuauclt.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_1107381471
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-16 do 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-16 12:35 . 2008-04-14 02:21 64256 -c--a-w- c:\windows\system32\dllcache\serial.sys
2011-07-16 12:35 . 2008-04-14 02:21 64256 ----a-w- c:\windows\system32\drivers\serial.sys
2011-07-16 11:21 . 2011-07-16 11:21 -------- d-----w- c:\program files\ESET
2011-07-16 11:21 . 2011-07-16 11:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-07-16 05:40 . 2011-07-16 05:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2011-07-16 05:40 . 2011-07-16 05:40 -------- d-----w- c:\program files\IObit
2011-07-16 00:01 . 2011-07-16 00:01 -------- d-----w- C:\rsit
2011-07-15 22:59 . 2011-07-15 22:59 1028 ----a-w- C:\backup(2).reg
2011-07-15 22:59 . 2011-07-15 22:59 61440 ----a-w- c:\windows\system32\drivers\dbxryv(2).sys
2011-07-15 22:59 . 2011-07-15 22:59 574 ----a-w- C:\cleanup(2).bat
2011-07-15 22:59 . 2011-07-15 22:59 19286 ----a-w- C:\cleanup(2).exe
2011-07-15 19:53 . 2011-07-15 19:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\bdch
2011-07-15 19:24 . 2011-07-15 19:24 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\QuickScan
2011-07-15 19:11 . 2011-07-15 19:12 -------- d-----w- c:\documents and settings\Administrator
2011-07-15 18:25 . 2011-07-15 18:25 -------- d-----w- c:\documents and settings\mark\Data aplikací\QuickScan
2011-07-15 18:22 . 2011-07-16 00:27 237936 ----a-w- c:\documents and settings\All Users\Data aplikací\bdinstall.bin
2011-07-13 20:31 . 2011-07-13 20:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TomTom
2011-07-13 20:30 . 2011-07-13 20:30 -------- d-----w- c:\documents and settings\mark\Local Settings\Data aplikací\TomTom
2011-07-13 20:30 . 2011-07-13 20:30 -------- d-----w- c:\documents and settings\mark\Data aplikací\TomTom
2011-07-09 21:53 . 2011-05-10 11:37 655872 ----a-w- c:\windows\system32\msvcr90.dll
2011-07-09 21:53 . 2011-05-10 11:37 568832 ----a-w- c:\windows\system32\msvcp90.dll
2011-07-09 21:53 . 2011-05-10 11:37 224768 ----a-w- c:\windows\system32\msvcm90.dll
2011-07-09 21:46 . 2010-08-06 07:21 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2011-06-29 20:22 . 2011-06-29 20:59 -------- d-----w- c:\program files\PoselSmrti
2011-06-29 06:25 . 2011-06-29 06:28 -------- d-----w- C:\2d1b0d0ae58c5731d9d8bb452c46
2011-06-24 05:30 . 2011-06-24 05:30 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 05:30 . 2011-06-24 05:30 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-21 18:20 . 2011-06-21 18:20 -------- d-----w- c:\program files\Asseco
2011-06-21 18:15 . 2011-06-21 18:15 -------- d-----w- c:\documents and settings\mark\Data aplikací\CSAS
2011-06-21 18:10 . 2011-06-21 18:10 -------- d-----w- c:\program files\CryptoPlus
2011-06-21 18:06 . 2011-06-21 18:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SmartCard Reader Installation
2011-06-21 18:06 . 2009-10-09 10:00 87424 ----a-w- c:\windows\system32\drivers\GemCCID.sys
2011-06-16 21:56 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 19:48 . 2011-06-15 19:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 11:35 . 2002-09-20 15:41 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2005-02-02 21:06 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2002-09-20 16:04 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2002-08-28 23:59 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2002-09-20 16:05 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2002-09-20 16:03 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2004-11-11 18:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2002-09-20 16:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:06 . 2002-09-20 16:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2007-07-30 21:19 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2002-08-29 00:12 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2010-07-08 08:37 . 2010-07-08 08:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
2011-06-24 05:30 . 2011-03-22 18:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"anvshell"="anvshell.exe" [2003-07-24 380928]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-01-31 151552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 14:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2008-07-23 14:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LiveNote"=livenote.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\StrongDC++\\StrongDC.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Adobe\\Reader 10.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\IObit\\IObit Unlocker\\IObitUnlocker.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.Exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23348:TCP"= 23348:TCP:BitComet 23348 TCP
"23348:UDP"= 23348:UDP:BitComet 23348 UDP
"6881:TCP"= 6881:TCP:BitComet 6881 TCP
"6881:UDP"= 6881:UDP:BitComet 6881 UDP
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [20.2.2005 15:16 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [20.2.2005 15:16 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.8.2006 21:20 721904]
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2.2.2005 23:14 231064]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2.2.2005 23:31 6656]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [19.8.2008 23:34 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [19.8.2008 23:34 55024]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [28.10.2008 21:19 164992]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [28.10.2008 21:19 12544]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 8:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 8:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 8:11 12928]
R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [8.4.2005 11:46 162176]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [15.8.2006 21:54 223128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 14:23 727720]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2011 23:41 136176]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe --> c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [?]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe --> c:\program files\TomTom HOME 2\TomTomHOMEService.exe [?]
S2 xmengine service;CryptoPlus XME Engine Service;c:\windows\system32\xmesrv.exe --> c:\windows\system32\xmesrv.exe [?]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [7.12.2010 14:22 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [7.12.2010 14:23 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [7.12.2010 14:23 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [7.12.2010 14:23 25088]
S3 AndNetDiag;LG AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys --> c:\windows\system32\DRIVERS\lgandnetdiag.sys [?]
S3 AndNetGps;LG AndroidNet USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandnetgps.sys --> c:\windows\system32\DRIVERS\lgandnetgps.sys [?]
S3 ANDNetModem;LG AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys --> c:\windows\system32\DRIVERS\lgandnetmodem.sys [?]
S3 andnetndis;LG AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis.sys --> c:\windows\system32\DRIVERS\lgandnetndis.sys [?]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\lgandadb.sys [2.8.2010 16:19 25728]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [21.6.2011 20:06 87424]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2011 23:41 136176]
S3 IObitUnlocker;IObitUnlocker;c:\program files\IObit\IObit Unlocker\IObitUnlocker.sys [16.7.2011 7:40 26248]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [19.8.2008 23:34 7408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe --> c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 21:40]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 21:40]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: Interfaces\{75EC42F3-115F-4D2A-9B1D-58ABFFDBFF50}: NameServer = 212.96.161.6,212.96.160.7
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\mark\Data aplikací\Mozilla\Firefox\Profiles\h1z4mdbl.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - prefs.js: network.proxy.type - 4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-CTFMON - (no file)
AddRemove-HijackThis - c:\documents and settings\mark\Plocha\Antiviry\HijackThis.exe
AddRemove-{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} - c:\program files\SUPERAntiSpyware\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-16 15:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\$NtUninstallKB49884$:SummaryInformation 0 bytes hidden from API
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"735\" expireTime=\"1313346721\" productStatus=\"1\" obSize=\"0\" InstallIS=\"1310775221\" isSubsc=\"0\" authStat_is=\"0\" version=\"14.1\" keyType=\"195\" prodId=\"2\" moduleId1=\"8\" moduleId2=\"0\" relType=\"0\" />\0a"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:e7,0e,8f,4d,8f,58,34,af,09,5e,07,54,7e,28,71,3f,a3,47,f2,3b,c0,
45,a9,63,72,2e,26,0a,44,c5,3f,92,9d,40,d7,6c,df,e0,15,78,53,d9,1d,f4,28,50,\
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"AppDataDir"="c:\\Documents and Settings\\All Users\\Data aplikací\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000405
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{C22F45F8-3BDF-4D0A-99FC-C901E4303E41}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.314.0"
"UniqueId"="0017E4264E2174EB"
"ScannerBuild"=dword:00001124
"ScannerVersionId"=dword:00000ef8
"ScannerVersion"="Open window for status."
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="37904441372EA8A9621195501FDF594684BB1173E6349F31E3BA2A762B47EA69153082F03F5AB816BFBF3BC5A37551CF48321DB1D206537C3E240C74D7199038193E4AFEB4A438D0CC098DB79ED5D8D228CDE44C03FEA69C07FC6A92638B1B1151354B7F7B05634FCA4A19A538AA967AB7E97048859BCA974845EA00E1876A75DB55E7EA49F5E3AA90239CEF6B21A59B23FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB3452A9C6AECB7A5D140720C63FED3FFE7C0774FE26E54081A059F408BDB7776A102CE1C9B1ABB8B5DE8BABBADA8D192E92CB3C6F816847E52667D501B18CEE81A83384C1A0E8B05A645718C117B1AA619DAC38A07C5C8AE7D9D0FA35626437A13A1A1F022EE6870668DCBC77440A867E8F791F8B5034CDDAE4359D191216E5A8C87A0B9AC783C148674834AB1899C5DB7B906FDA1BB8D983174EBAD467CF9369F8FD6751BB70EB9F7F595DDD2AB583499BE7686F5D077C1E5F6411446C12602C976595203E329300F563DC47F58BDE07CB8A0DDAFC0C06D55555A9F911326CAA13023CB366A3CAD033D097D05D977C4A8E15A866438DC9CEB3944B38A4585C147D3C45ED2EF3A96E411CBB9A242E82BB8737438DDEA3229E562804F8DF81DB0C8E90DE6577A2CA2A5256B5F5F2751E7700B7B07FDE386B4E412A24685D7D97A9A18CFBE18405CBC6B72339E8D568FD11E46F029EB98C855D9949C0E5997241F634D251E17CC7CF7C6B3C3EAF3DD4D60BC54C1203C934D43CA7C6358879588D736A1D5916EA667D7609EB00B6FDDF5E5F59CD7B79CA9643535B791C96C07CB8928AB45465BF347FD6CE147C23CF7D52FA798A1E7FDF70BCF946CB570D1CFE7D3B7F7AC0684D55043123A8F6C84F7A723F202D1F4B0D4FB1009D3C0C1D18D5204958DF68ED4D43BE8B8CB1F8B37D748001EFEFE641BB199726BB5DA32A29486409C7ED53F4D74EE5E3B64B4A22BD5E450A2DA6A07FBA0566A49ED34CCE24F3144125BDCF35ED17B32972A6FC865A800C1541B5BC543A1F1B23E75BF4D444C9FD25EB8170187412E7C0B286E1087D73255539956FC3CFC6B5C05DC2D33F278D73E239798B39AF8A43808F441180392763EF45543105F4AEBB8EE8E9E241CFD9C897D17FBA6C4E9D0E36C6CB66FD005E1F7B3B933E830761B59419C9DE44A499D9D69A7DDCB65CBC12A2351D8044ACAE34089208165EC73830CA206B47E36F8E02A8A0F21350D02F9EF6DF4E42497A0501956A7BFB6A5CE3BB20D16CE3F0DE4DA48690724428800D865E70055337889E6997814A7A2ECE686CF6A900BB6F073F26DFBFA59ADE28C41F7230FE9D6D5D0F56F83D675C660B1CDB25466C9D195B9F7197244504CA6598C3C491"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:e7,0e,8f,4d,8f,58,34,af,09,5e,07,54,7e,28,71,3f,a3,47,f2,3b,c0,
45,a9,63,72,2e,26,0a,44,c5,3f,92,9d,40,d7,6c,df,e0,15,78,53,d9,1d,f4,28,50,\
.
[HKEY_LOCAL_MACHINE\System\MountedDevices]
@Denied: (Read) (Administrators)
"\\??\\Volume{2f0c57ac-7565-11d9-bb68-806d6172696f}"=hex:f6,0b,f7,0b,00,7e,00,
00,00,00,00,00
"\\DosDevices\\C:"=hex:f6,0b,f7,0b,00,7e,00,00,00,00,00,00
"\\??\\Volume{fa4346c2-7565-11d9-9294-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,5f,00,4e,00,45,00,\
"\\??\\Volume{fa4346c3-7565-11d9-9294-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\
"\\DosDevices\\A:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,
45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\
"\\DosDevices\\D:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,
64,00,52,00,6f,00,6d,00,5f,00,4e,00,45,00,43,00,5f,00,44,00,56,00,44,00,5f,\
"\\??\\Volume{6f75c582-7b6d-11d9-92a9-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{edc8d3a0-828e-11d9-92b9-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{117bf233-aa17-11da-94ea-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\F:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{490636b8-2bca-11db-960f-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{d86dafb9-2c97-11db-9613-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\DosDevices\\G:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{f21fe05f-4815-11db-9645-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{2399fdaa-95cf-11db-9708-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\H:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{4a521345-2d87-11dc-984c-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{6acd3b74-4b58-11dc-9882-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{c1ca7a3c-6abe-11dc-98bb-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{e8472cea-c93e-11dc-99af-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{d60cf25e-dff8-11dc-99f1-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{6d665a9d-ec71-11dc-9a11-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{514ea494-03db-11dd-9797-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{fb41e9e6-4e9b-11dd-9842-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2cb77d58-68a8-11dd-9877-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{18b607d8-d4c0-11dd-996f-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{c0d5c82c-e965-11dd-9995-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2f41e9a6-0740-11de-99d5-0011092459b2}"=hex:5f,00,3f,00,3f,00,5f,
00,55,00,53,00,42,00,53,00,54,00,4f,00,52,00,23,00,44,00,69,00,73,00,6b,00,\
"\\DosDevices\\E:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,
43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,4b,00,55,00,36,\
"\\??\\Volume{ad0329b9-d9fd-11de-9b9e-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{ad0329c3-d9fd-11de-9b9e-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{ad0329c9-d9fd-11de-9b9e-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{ad0329d0-d9fd-11de-9b9e-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{8fcdc554-1767-11e0-9d69-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{58c00462-1782-11e0-9d6a-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{3bf8023e-39b1-11e0-9db4-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{3c700cf3-3a17-11e0-9db5-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{0f1ac73a-3ad8-11e0-9db6-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{fc6a45e4-aa6e-11e0-9e51-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2b6e40ba-aa75-11e0-9e52-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2b6e40bd-aa75-11e0-9e52-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2b6e40c0-aa75-11e0-9e52-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1332)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(2160)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\Ahead\lib\NeroDigitalExt.dll
c:\windows\system32\webcheck.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Netropa\Multimedia Keyboard\TrayMon.exe
c:\program files\Netropa\Onscreen Display\OSD.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2011-07-16 15:21:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-16 13:21
ComboFix2.txt 2009-11-24 20:44
ComboFix3.txt 2009-11-24 18:48
ComboFix4.txt 2009-11-24 18:12
ComboFix5.txt 2011-07-16 12:15
.
Před spuštěním: Volných bajtů: 11 468 570 624
Po spuštění: Volných bajtů: 12 771 676 160
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 90FA1C30993C82E183E2778F6DBDEBCE

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
C:\backup(2).reg
c:\windows\system32\drivers\dbxryv(2).sys
C:\cleanup(2).bat
C:\cleanup(2).exe

Driver::
dbxryv(2)

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Po spuštění a provedení scriptu trvalo asi 5 minut, než se vubec CF rozjel. Našel rootkit .ZeroAccess, ale nevím, jestli jej fixnul.
Přetrvávající problémy:
1) Stále nemohu spustit většinu antispywarů, CCleaner nebo Spybot, po přeinstalaci chvili pracujou, pak spadnou a od té doby hláška Systém nemá přístup k určenému zařízení.
2) Ve Firefoxu, hlavně v Googlu vyhledávači (ale i jinde), se stránky přesměrovávají na 100ksearches.com a bloknou se.
3) Pokusil jsem se vrátit Eset smart security 4, ale nespustí se kvuli chybě s komunikaci s jádrem systému. Přesto ComboFix hlásil zapnutý AV

CF Log:
-------------------------------------------------------------------
ComboFix 11-07-15.03 - mark 16.07.2011 19:57:43.9.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.309 [GMT 2:00]
Spuštěný z: c:\documents and settings\mark\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB49884$
c:\windows\$NtUninstallKB49884$\2230958554\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB49884$\2230958554\click.tlb
c:\windows\$NtUninstallKB49884$\2230958554\L\bkpgermq
c:\windows\$NtUninstallKB49884$\2230958554\loader(2).tlb
c:\windows\$NtUninstallKB49884$\2230958554\loader(3).tlb
c:\windows\$NtUninstallKB49884$\2230958554\loader(4).tlb
c:\windows\$NtUninstallKB49884$\2230958554\loader(5).tlb
c:\windows\$NtUninstallKB49884$\2230958554\loader(6).tlb
c:\windows\$NtUninstallKB49884$\2230958554\loader.tlb
c:\windows\$NtUninstallKB49884$\2230958554\U\@00000001
c:\windows\$NtUninstallKB49884$\2230958554\U\@000000c0
c:\windows\$NtUninstallKB49884$\2230958554\U\@000000cb
c:\windows\$NtUninstallKB49884$\2230958554\U\@000000cf
c:\windows\$NtUninstallKB49884$\2230958554\U\@80000000
c:\windows\$NtUninstallKB49884$\2230958554\U\@800000c0
c:\windows\$NtUninstallKB49884$\2230958554\U\@800000cb
c:\windows\$NtUninstallKB49884$\2230958554\U\@800000cf
c:\windows\$NtUninstallKB49884$\726346017
c:\windows\system32\c_62410.nls
c:\windows\system32\config\bkpgermq
.
Nakažená kopie c:\windows\system32\drivers\mrxsmb.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-16 do 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-16 17:49 . 2011-04-29 16:47 457856 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys
2011-07-16 17:49 . 2011-04-29 16:47 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-16 12:35 . 2008-04-14 02:21 64256 -c--a-w- c:\windows\system32\dllcache\serial.sys
2011-07-16 12:35 . 2008-04-14 02:21 64256 ----a-w- c:\windows\system32\drivers\serial.sys
2011-07-16 11:21 . 2011-07-16 11:21 -------- d-----w- c:\program files\ESET
2011-07-16 11:21 . 2011-07-16 11:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-07-16 05:40 . 2011-07-16 05:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2011-07-16 05:40 . 2011-07-16 05:40 -------- d-----w- c:\program files\IObit
2011-07-16 00:01 . 2011-07-16 00:01 -------- d-----w- C:\rsit
2011-07-15 22:59 . 2011-07-15 22:59 61440 ----a-w- c:\windows\system32\drivers\dbxryv(2).sys
2011-07-15 19:53 . 2011-07-15 19:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\bdch
2011-07-15 19:24 . 2011-07-15 19:24 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\QuickScan
2011-07-15 19:11 . 2011-07-15 19:12 -------- d-----w- c:\documents and settings\Administrator
2011-07-15 18:25 . 2011-07-15 18:25 -------- d-----w- c:\documents and settings\mark\Data aplikací\QuickScan
2011-07-15 18:22 . 2011-07-16 00:27 237936 ----a-w- c:\documents and settings\All Users\Data aplikací\bdinstall.bin
2011-07-13 20:31 . 2011-07-13 20:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TomTom
2011-07-13 20:30 . 2011-07-13 20:30 -------- d-----w- c:\documents and settings\mark\Local Settings\Data aplikací\TomTom
2011-07-13 20:30 . 2011-07-13 20:30 -------- d-----w- c:\documents and settings\mark\Data aplikací\TomTom
2011-07-09 21:53 . 2011-05-10 11:37 655872 ----a-w- c:\windows\system32\msvcr90.dll
2011-07-09 21:53 . 2011-05-10 11:37 568832 ----a-w- c:\windows\system32\msvcp90.dll
2011-07-09 21:53 . 2011-05-10 11:37 224768 ----a-w- c:\windows\system32\msvcm90.dll
2011-07-09 21:46 . 2010-08-06 07:21 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2011-06-29 20:22 . 2011-06-29 20:59 -------- d-----w- c:\program files\PoselSmrti
2011-06-29 06:25 . 2011-06-29 06:28 -------- d-----w- C:\2d1b0d0ae58c5731d9d8bb452c46
2011-06-24 05:30 . 2011-06-24 05:30 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 05:30 . 2011-06-24 05:30 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-21 18:20 . 2011-06-21 18:20 -------- d-----w- c:\program files\Asseco
2011-06-21 18:15 . 2011-06-21 18:15 -------- d-----w- c:\documents and settings\mark\Data aplikací\CSAS
2011-06-21 18:10 . 2011-06-21 18:10 -------- d-----w- c:\program files\CryptoPlus
2011-06-21 18:06 . 2011-06-21 18:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SmartCard Reader Installation
2011-06-21 18:06 . 2009-10-09 10:00 87424 ----a-w- c:\windows\system32\drivers\GemCCID.sys
2011-06-16 21:56 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 19:48 . 2011-06-15 19:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 11:35 . 2002-09-20 15:41 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2005-02-02 21:06 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2002-09-20 16:04 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-26 11:07 . 2002-09-20 16:05 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2002-09-20 16:03 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2004-11-11 18:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2002-09-20 16:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:06 . 2002-09-20 16:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2007-07-30 21:19 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2002-08-29 00:12 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2010-07-08 08:37 . 2010-07-08 08:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
2011-06-24 05:30 . 2011-03-22 18:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-16_13.15.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\temp\Perflib_Perfdata_c9c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"anvshell"="anvshell.exe" [2003-07-24 380928]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-01-31 151552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 14:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2008-07-23 14:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LiveNote"=livenote.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\StrongDC++\\StrongDC.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Adobe\\Reader 10.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\IObit\\IObit Unlocker\\IObitUnlocker.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.Exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23348:TCP"= 23348:TCP:BitComet 23348 TCP
"23348:UDP"= 23348:UDP:BitComet 23348 UDP
"6881:TCP"= 6881:TCP:BitComet 6881 TCP
"6881:UDP"= 6881:UDP:BitComet 6881 UDP
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [20.2.2005 15:16 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [20.2.2005 15:16 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.8.2006 21:20 721904]
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2.2.2005 23:14 231064]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2.2.2005 23:31 6656]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [19.8.2008 23:34 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [19.8.2008 23:34 55024]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [28.10.2008 21:19 164992]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [28.10.2008 21:19 12544]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 8:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 8:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 8:11 12928]
R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [8.4.2005 11:46 162176]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [15.8.2006 21:54 223128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 14:23 727720]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2011 23:41 136176]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe --> c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [?]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe --> c:\program files\TomTom HOME 2\TomTomHOMEService.exe [?]
S2 xmengine service;CryptoPlus XME Engine Service;c:\windows\system32\xmesrv.exe --> c:\windows\system32\xmesrv.exe [?]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [7.12.2010 14:22 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [7.12.2010 14:23 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [7.12.2010 14:23 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [7.12.2010 14:23 25088]
S3 AndNetDiag;LG AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys --> c:\windows\system32\DRIVERS\lgandnetdiag.sys [?]
S3 AndNetGps;LG AndroidNet USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandnetgps.sys --> c:\windows\system32\DRIVERS\lgandnetgps.sys [?]
S3 ANDNetModem;LG AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys --> c:\windows\system32\DRIVERS\lgandnetmodem.sys [?]
S3 andnetndis;LG AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis.sys --> c:\windows\system32\DRIVERS\lgandnetndis.sys [?]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\lgandadb.sys [2.8.2010 16:19 25728]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [21.6.2011 20:06 87424]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2011 23:41 136176]
S3 IObitUnlocker;IObitUnlocker;c:\program files\IObit\IObit Unlocker\IObitUnlocker.sys [16.7.2011 7:40 26248]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [19.8.2008 23:34 7408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe --> c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 21:40]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 21:40]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: Interfaces\{75EC42F3-115F-4D2A-9B1D-58ABFFDBFF50}: NameServer = 212.96.161.6,212.96.160.7
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\mark\Data aplikací\Mozilla\Firefox\Profiles\h1z4mdbl.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-16 20:32
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"735\" expireTime=\"1313346721\" productStatus=\"1\" obSize=\"0\" InstallIS=\"1310775221\" isSubsc=\"0\" authStat_is=\"0\" version=\"14.1\" keyType=\"195\" prodId=\"2\" moduleId1=\"8\" moduleId2=\"0\" relType=\"0\" />\0a"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:e7,0e,8f,4d,8f,58,34,af,09,5e,07,54,7e,28,71,3f,a3,47,f2,3b,c0,
45,a9,63,72,2e,26,0a,44,c5,3f,92,9d,40,d7,6c,df,e0,15,78,53,d9,1d,f4,28,50,\
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"AppDataDir"="c:\\Documents and Settings\\All Users\\Data aplikací\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000405
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{C22F45F8-3BDF-4D0A-99FC-C901E4303E41}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.314.0"
"UniqueId"="0017E4264E2174EB"
"ScannerBuild"=dword:00001124
"ScannerVersionId"=dword:00000ef8
"ScannerVersion"="Open window for status."
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="37904441372EA8A9621195501FDF594684BB1173E6349F31E3BA2A762B47EA69153082F03F5AB816BFBF3BC5A37551CF48321DB1D206537C3E240C74D7199038193E4AFEB4A438D0CC098DB79ED5D8D228CDE44C03FEA69C07FC6A92638B1B1151354B7F7B05634FCA4A19A538AA967AB7E97048859BCA974845EA00E1876A75DB55E7EA49F5E3AA90239CEF6B21A59B23FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB3452A9C6AECB7A5D140720C63FED3FFE7C0774FE26E54081A059F408BDB7776A102CE1C9B1ABB8B5DE8BABBADA8D192E92CB3C6F816847E52667D501B18CEE81A83384C1A0E8B05A645718C117B1AA619DAC38A07C5C8AE7D9D0FA35626437A13A1A1F022EE6870668DCBC77440A867E8F791F8B5034CDDAE4359D191216E5A8C87A0B9AC783C148674834AB1899C5DB7B906FDA1BB8D983174EBAD467CF9369F8FD6751BB70EB9F7F595DDD2AB583499BE7686F5D077C1E5F6411446C12602C976595203E329300F563DC47F58BDE07CB8A0DDAFC0C06D55555A9F911326CAA13023CB366A3CAD033D097D05D977C4A8E15A866438DC9CEB3944B38A4585C147D3C45ED2EF3A96E411CBB9A242E82BB8737438DDEA3229E562804F8DF81DB0C8E90DE6577A2CA2A5256B5F5F2751E7700B7B07FDE386B4E412A24685D7D97A9A18CFBE18405CBC6B72339E8D568FD11E46F029EB98C855D9949C0E5997241F634D251E17CC7CF7C6B3C3EAF3DD4D60BC54C1203C934D43CA7C6358879588D736A1D5916EA667D7609EB00B6FDDF5E5F59CD7B79CA9643535B791C96C07CB8928AB45465BF347FD6CE147C23CF7D52FA798A1E7FDF70BCF946CB570D1CFE7D3B7F7AC0684D55043123A8F6C84F7A723F202D1F4B0D4FB1009D3C0C1D18D5204958DF68ED4D43BE8B8CB1F8B37D748001EFEFE641BB199726BB5DA32A29486409C7ED53F4D74EE5E3B64B4A22BD5E450A2DA6A07FBA0566A49ED34CCE24F3144125BDCF35ED17B32972A6FC865A800C1541B5BC543A1F1B23E75BF4D444C9FD25EB8170187412E7C0B286E1087D73255539956FC3CFC6B5C05DC2D33F278D73E239798B39AF8A43808F441180392763EF45543105F4AEBB8EE8E9E241CFD9C897D17FBA6C4E9D0E36C6CB66FD005E1F7B3B933E830761B59419C9DE44A499D9D69A7DDCB65CBC12A2351D8044ACAE34089208165EC73830CA206B47E36F8E02A8A0F21350D02F9EF6DF4E42497A0501956A7BFB6A5CE3BB20D16CE3F0DE4DA48690724428800D865E70055337889E6997814A7A2ECE686CF6A900BB6F073F26DFBFA59ADE28C41F7230FE9D6D5D0F56F83D675C660B1CDB25466C9D195B9F7197244504CA6598C3C491"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:e7,0e,8f,4d,8f,58,34,af,09,5e,07,54,7e,28,71,3f,a3,47,f2,3b,c0,
45,a9,63,72,2e,26,0a,44,c5,3f,92,9d,40,d7,6c,df,e0,15,78,53,d9,1d,f4,28,50,\
.
[HKEY_LOCAL_MACHINE\System\MountedDevices]
@Denied: (Read) (Administrators)
"\\??\\Volume{2f0c57ac-7565-11d9-bb68-806d6172696f}"=hex:f6,0b,f7,0b,00,7e,00,
00,00,00,00,00
"\\DosDevices\\C:"=hex:f6,0b,f7,0b,00,7e,00,00,00,00,00,00
"\\??\\Volume{fa4346c2-7565-11d9-9294-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,5f,00,4e,00,45,00,\
"\\??\\Volume{fa4346c3-7565-11d9-9294-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\
"\\DosDevices\\A:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,
45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\
"\\DosDevices\\D:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,
64,00,52,00,6f,00,6d,00,5f,00,4e,00,45,00,43,00,5f,00,44,00,56,00,44,00,5f,\
"\\??\\Volume{6f75c582-7b6d-11d9-92a9-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{edc8d3a0-828e-11d9-92b9-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{117bf233-aa17-11da-94ea-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\F:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{490636b8-2bca-11db-960f-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{d86dafb9-2c97-11db-9613-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\DosDevices\\G:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{f21fe05f-4815-11db-9645-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{2399fdaa-95cf-11db-9708-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\H:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{4a521345-2d87-11dc-984c-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{6acd3b74-4b58-11dc-9882-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{c1ca7a3c-6abe-11dc-98bb-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{e8472cea-c93e-11dc-99af-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{d60cf25e-dff8-11dc-99f1-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{6d665a9d-ec71-11dc-9a11-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{514ea494-03db-11dd-9797-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{fb41e9e6-4e9b-11dd-9842-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2cb77d58-68a8-11dd-9877-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{18b607d8-d4c0-11dd-996f-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{c0d5c82c-e965-11dd-9995-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2f41e9a6-0740-11de-99d5-0011092459b2}"=hex:5f,00,3f,00,3f,00,5f,
00,55,00,53,00,42,00,53,00,54,00,4f,00,52,00,23,00,44,00,69,00,73,00,6b,00,\
"\\DosDevices\\E:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,
43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,4b,00,55,00,36,\
"\\??\\Volume{ad0329b9-d9fd-11de-9b9e-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{ad0329c3-d9fd-11de-9b9e-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{ad0329c9-d9fd-11de-9b9e-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{ad0329d0-d9fd-11de-9b9e-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{8fcdc554-1767-11e0-9d69-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{58c00462-1782-11e0-9d6a-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{3bf8023e-39b1-11e0-9db4-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{3c700cf3-3a17-11e0-9db5-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{0f1ac73a-3ad8-11e0-9db6-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{fc6a45e4-aa6e-11e0-9e51-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2b6e40ba-aa75-11e0-9e52-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2b6e40bd-aa75-11e0-9e52-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2b6e40c0-aa75-11e0-9e52-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1300)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(3104)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Netropa\Multimedia Keyboard\TrayMon.exe
c:\program files\Netropa\Onscreen Display\OSD.exe
c:\windows\system32\rundll32.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2011-07-16 20:38:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-16 18:38
ComboFix2.txt 2009-11-24 20:44
ComboFix3.txt 2009-11-24 18:48
ComboFix4.txt 2009-11-24 18:12
ComboFix5.txt 2011-07-16 12:15
.
Před spuštěním: Volných bajtů: 12 735 610 880
Po spuštění: Volných bajtů: 12 728 639 488
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 5D2C19E41B1AD5B6EFD47117DDA4E471

Ještě jednou spusťte CF tímto skriptem:

Collect::
c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
c:\windows\system32\drivers\dbxryv(2).sys

Driver::
Update Server
dbxryv

Tak změna..
Odhlašování a start systému do 20-30ti sekund, což je oproti minulym měsícům velký úspěch. Zdá se, že PC šlape, jak má, zatím žádné přesměrovávání, CCleaner funguje.
Jen ten antivir a firewall...
Po odinstalaci Esetu EsetEliminátorem tam stále něco visí v systému. Mohli byste mi doporučit nějaký spolehlivý a free AV system s firewallem (nebo kombinaci), ať tam nervu zase trojany?...Díky.

CF log:
------------------------------------------------------------
ComboFix 11-07-15.03 - mark 16.07.2011 21:13:37.10.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.217 [GMT 2:00]
Spuštěný z: c:\documents and settings\mark\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\mark\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
file zipped: c:\windows\system32\drivers\dbxryv(2).sys
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\mark\Dokumenty\cc_20110716_205936.reg
c:\windows\system32\drivers\dbxryv(2).sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-16 do 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-16 18:58 . 2011-07-16 18:58 -------- d-----w- c:\program files\CCleaner
2011-07-16 17:49 . 2011-04-29 16:47 457856 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys
2011-07-16 17:49 . 2011-04-29 16:47 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-16 12:35 . 2008-04-14 02:21 64256 -c--a-w- c:\windows\system32\dllcache\serial.sys
2011-07-16 12:35 . 2008-04-14 02:21 64256 ----a-w- c:\windows\system32\drivers\serial.sys
2011-07-16 11:21 . 2011-07-16 18:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-07-16 05:40 . 2011-07-16 05:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2011-07-16 05:40 . 2011-07-16 05:40 -------- d-----w- c:\program files\IObit
2011-07-16 00:01 . 2011-07-16 00:01 -------- d-----w- C:\rsit
2011-07-15 19:53 . 2011-07-15 19:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\bdch
2011-07-15 19:24 . 2011-07-15 19:24 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\QuickScan
2011-07-15 19:11 . 2011-07-15 19:12 -------- d-----w- c:\documents and settings\Administrator
2011-07-15 18:25 . 2011-07-15 18:25 -------- d-----w- c:\documents and settings\mark\Data aplikací\QuickScan
2011-07-15 18:22 . 2011-07-16 00:27 237936 ----a-w- c:\documents and settings\All Users\Data aplikací\bdinstall.bin
2011-07-13 20:31 . 2011-07-13 20:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TomTom
2011-07-13 20:30 . 2011-07-13 20:30 -------- d-----w- c:\documents and settings\mark\Local Settings\Data aplikací\TomTom
2011-07-13 20:30 . 2011-07-13 20:30 -------- d-----w- c:\documents and settings\mark\Data aplikací\TomTom
2011-07-09 21:53 . 2011-05-10 11:37 655872 ----a-w- c:\windows\system32\msvcr90.dll
2011-07-09 21:53 . 2011-05-10 11:37 568832 ----a-w- c:\windows\system32\msvcp90.dll
2011-07-09 21:53 . 2011-05-10 11:37 224768 ----a-w- c:\windows\system32\msvcm90.dll
2011-07-09 21:46 . 2010-08-06 07:21 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2011-06-29 20:22 . 2011-06-29 20:59 -------- d-----w- c:\program files\PoselSmrti
2011-06-29 06:25 . 2011-06-29 06:28 -------- d-----w- C:\2d1b0d0ae58c5731d9d8bb452c46
2011-06-24 05:30 . 2011-06-24 05:30 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 05:30 . 2011-06-24 05:30 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-21 18:20 . 2011-06-21 18:20 -------- d-----w- c:\program files\Asseco
2011-06-21 18:15 . 2011-06-21 18:15 -------- d-----w- c:\documents and settings\mark\Data aplikací\CSAS
2011-06-21 18:10 . 2011-06-21 18:10 -------- d-----w- c:\program files\CryptoPlus
2011-06-21 18:06 . 2011-06-21 18:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SmartCard Reader Installation
2011-06-21 18:06 . 2009-10-09 10:00 87424 ----a-w- c:\windows\system32\drivers\GemCCID.sys
2011-06-16 21:56 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 19:48 . 2011-06-15 19:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 11:35 . 2002-09-20 15:41 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2005-02-02 21:06 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2002-09-20 16:04 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-26 11:07 . 2002-09-20 16:05 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2002-09-20 16:03 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2004-11-11 18:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2002-09-20 16:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:06 . 2002-09-20 16:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2007-07-30 21:19 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2002-08-29 00:12 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2010-07-08 08:37 . 2010-07-08 08:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
2011-06-24 05:30 . 2011-03-22 18:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"anvshell"="anvshell.exe" [2003-07-24 380928]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-01-31 151552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 14:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2008-07-23 14:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LiveNote"=livenote.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\StrongDC++\\StrongDC.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Adobe\\Reader 10.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\IObit\\IObit Unlocker\\IObitUnlocker.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.Exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23348:TCP"= 23348:TCP:BitComet 23348 TCP
"23348:UDP"= 23348:UDP:BitComet 23348 UDP
"6881:TCP"= 6881:TCP:BitComet 6881 TCP
"6881:UDP"= 6881:UDP:BitComet 6881 UDP
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [20.2.2005 15:16 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [20.2.2005 15:16 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.8.2006 21:20 721904]
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2.2.2005 23:14 231064]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2.2.2005 23:31 6656]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [19.8.2008 23:34 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [19.8.2008 23:34 55024]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [28.10.2008 21:19 164992]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [28.10.2008 21:19 12544]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 8:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 8:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 8:11 12928]
R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [8.4.2005 11:46 162176]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [15.8.2006 21:54 223128]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2011 23:41 136176]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe --> c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [?]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [7.12.2010 14:22 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [7.12.2010 14:23 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [7.12.2010 14:23 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [7.12.2010 14:23 25088]
S3 AndNetDiag;LG AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys --> c:\windows\system32\DRIVERS\lgandnetdiag.sys [?]
S3 AndNetGps;LG AndroidNet USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandnetgps.sys --> c:\windows\system32\DRIVERS\lgandnetgps.sys [?]
S3 ANDNetModem;LG AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys --> c:\windows\system32\DRIVERS\lgandnetmodem.sys [?]
S3 andnetndis;LG AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis.sys --> c:\windows\system32\DRIVERS\lgandnetndis.sys [?]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\lgandadb.sys [2.8.2010 16:19 25728]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [21.6.2011 20:06 87424]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2011 23:41 136176]
S3 IObitUnlocker;IObitUnlocker;c:\program files\IObit\IObit Unlocker\IObitUnlocker.sys [16.7.2011 7:40 26248]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [19.8.2008 23:34 7408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 21:40]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 21:40]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: Interfaces\{75EC42F3-115F-4D2A-9B1D-58ABFFDBFF50}: NameServer = 212.96.161.6,212.96.160.7
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\mark\Data aplikací\Mozilla\Firefox\Profiles\h1z4mdbl.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-16 21:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"735\" expireTime=\"1313346721\" productStatus=\"1\" obSize=\"0\" InstallIS=\"1310775221\" isSubsc=\"0\" authStat_is=\"0\" version=\"14.1\" keyType=\"195\" prodId=\"2\" moduleId1=\"8\" moduleId2=\"0\" relType=\"0\" />\0a"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:e7,0e,8f,4d,8f,58,34,af,09,5e,07,54,7e,28,71,3f,a3,47,f2,3b,c0,
45,a9,63,72,2e,26,0a,44,c5,3f,92,9d,40,d7,6c,df,e0,15,78,53,d9,1d,f4,28,50,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="37904441372EA8A9621195501FDF594684BB1173E6349F31E3BA2A762B47EA69153082F03F5AB816BFBF3BC5A37551CF48321DB1D206537C3E240C74D7199038193E4AFEB4A438D0CC098DB79ED5D8D228CDE44C03FEA69C07FC6A92638B1B1151354B7F7B05634FCA4A19A538AA967AB7E97048859BCA974845EA00E1876A75DB55E7EA49F5E3AA90239CEF6B21A59B23FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB3452A9C6AECB7A5D140720C63FED3FFE7C0774FE26E54081A059F408BDB7776A102CE1C9B1ABB8B5DE8BABBADA8D192E92CB3C6F816847E52667D501B18CEE81A83384C1A0E8B05A645718C117B1AA619DAC38A07C5C8AE7D9D0FA35626437A13A1A1F022EE6870668DCBC77440A867E8F791F8B5034CDDAE4359D191216E5A8C87A0B9AC783C148674834AB1899C5DB7B906FDA1BB8D983174EBAD467CF9369F8FD6751BB70EB9F7F595DDD2AB583499BE7686F5D077C1E5F6411446C12602C976595203E329300F563DC47F58BDE07CB8A0DDAFC0C06D55555A9F911326CAA13023CB366A3CAD033D097D05D977C4A8E15A866438DC9CEB3944B38A4585C147D3C45ED2EF3A96E411CBB9A242E82BB8737438DDEA3229E562804F8DF81DB0C8E90DE6577A2CA2A5256B5F5F2751E7700B7B07FDE386B4E412A24685D7D97A9A18CFBE18405CBC6B72339E8D568FD11E46F029EB98C855D9949C0E5997241F634D251E17CC7CF7C6B3C3EAF3DD4D60BC54C1203C934D43CA7C6358879588D736A1D5916EA667D7609EB00B6FDDF5E5F59CD7B79CA9643535B791C96C07CB8928AB45465BF347FD6CE147C23CF7D52FA798A1E7FDF70BCF946CB570D1CFE7D3B7F7AC0684D55043123A8F6C84F7A723F202D1F4B0D4FB1009D3C0C1D18D5204958DF68ED4D43BE8B8CB1F8B37D748001EFEFE641BB199726BB5DA32A29486409C7ED53F4D74EE5E3B64B4A22BD5E450A2DA6A07FBA0566A49ED34CCE24F3144125BDCF35ED17B32972A6FC865A800C1541B5BC543A1F1B23E75BF4D444C9FD25EB8170187412E7C0B286E1087D73255539956FC3CFC6B5C05DC2D33F278D73E239798B39AF8A43808F441180392763EF45543105F4AEBB8EE8E9E241CFD9C897D17FBA6C4E9D0E36C6CB66FD005E1F7B3B933E830761B59419C9DE44A499D9D69A7DDCB65CBC12A2351D8044ACAE34089208165EC73830CA206B47E36F8E02A8A0F21350D02F9EF6DF4E42497A0501956A7BFB6A5CE3BB20D16CE3F0DE4DA48690724428800D865E70055337889E6997814A7A2ECE686CF6A900BB6F073F26DFBFA59ADE28C41F7230FE9D6D5D0F56F83D675C660B1CDB25466C9D195B9F7197244504CA6598C3C491"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:e7,0e,8f,4d,8f,58,34,af,09,5e,07,54,7e,28,71,3f,a3,47,f2,3b,c0,
45,a9,63,72,2e,26,0a,44,c5,3f,92,9d,40,d7,6c,df,e0,15,78,53,d9,1d,f4,28,50,\
.
[HKEY_LOCAL_MACHINE\System\MountedDevices]
@Denied: (Read) (Administrators)
"\\??\\Volume{2f0c57ac-7565-11d9-bb68-806d6172696f}"=hex:f6,0b,f7,0b,00,7e,00,
00,00,00,00,00
"\\DosDevices\\C:"=hex:f6,0b,f7,0b,00,7e,00,00,00,00,00,00
"\\??\\Volume{fa4346c2-7565-11d9-9294-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,5f,00,4e,00,45,00,\
"\\??\\Volume{fa4346c3-7565-11d9-9294-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\
"\\DosDevices\\A:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,
45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\
"\\DosDevices\\D:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,
64,00,52,00,6f,00,6d,00,5f,00,4e,00,45,00,43,00,5f,00,44,00,56,00,44,00,5f,\
"\\??\\Volume{6f75c582-7b6d-11d9-92a9-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{edc8d3a0-828e-11d9-92b9-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{117bf233-aa17-11da-94ea-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\F:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{490636b8-2bca-11db-960f-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{d86dafb9-2c97-11db-9613-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\DosDevices\\G:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{f21fe05f-4815-11db-9645-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{2399fdaa-95cf-11db-9708-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\H:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{4a521345-2d87-11dc-984c-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{6acd3b74-4b58-11dc-9882-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{c1ca7a3c-6abe-11dc-98bb-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{e8472cea-c93e-11dc-99af-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{d60cf25e-dff8-11dc-99f1-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{6d665a9d-ec71-11dc-9a11-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{514ea494-03db-11dd-9797-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{fb41e9e6-4e9b-11dd-9842-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2cb77d58-68a8-11dd-9877-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{18b607d8-d4c0-11dd-996f-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{c0d5c82c-e965-11dd-9995-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2f41e9a6-0740-11de-99d5-0011092459b2}"=hex:5f,00,3f,00,3f,00,5f,
00,55,00,53,00,42,00,53,00,54,00,4f,00,52,00,23,00,44,00,69,00,73,00,6b,00,\
"\\DosDevices\\E:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,
43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,4b,00,55,00,36,\
"\\??\\Volume{ad0329b9-d9fd-11de-9b9e-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{ad0329c3-d9fd-11de-9b9e-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{ad0329c9-d9fd-11de-9b9e-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{ad0329d0-d9fd-11de-9b9e-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{8fcdc554-1767-11e0-9d69-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{58c00462-1782-11e0-9d6a-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{3bf8023e-39b1-11e0-9db4-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{3c700cf3-3a17-11e0-9db5-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{0f1ac73a-3ad8-11e0-9db6-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{fc6a45e4-aa6e-11e0-9e51-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2b6e40ba-aa75-11e0-9e52-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2b6e40bd-aa75-11e0-9e52-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2b6e40c0-aa75-11e0-9e52-0011092459b2}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1268)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(2388)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Netropa\Multimedia Keyboard\TrayMon.exe
c:\program files\Netropa\Onscreen Display\OSD.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2011-07-16 21:33:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-16 19:33
ComboFix2.txt 2011-07-16 18:38
ComboFix3.txt 2009-11-24 20:44
ComboFix4.txt 2009-11-24 18:48
ComboFix5.txt 2011-07-16 19:12
.
Před spuštěním: Volných bajtů: 12 834 521 088
Po spuštění: Volných bajtů: 12 814 950 400
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 9EC98A40BBA3CF5E536C1152562BDE1A
Nahr nˇ probŘhlo ŁspŘçnŘ

Log již vypadá čistý. Vyzkoušejte AV Avira: http://www.avira.com/en/avira-free-antivirus , ke kterému můžete přidat fw Comodo: http://www.avira.com/en/avira-free-antivirus . Antivir Comodo ponechte vypnutý. Případně můžete jako fw použít ZoneAlarm: http://www.stahuj.centrum.cz/internet_a ... zonealarm/ .

Díky za Váš čas.Kdyby se něco objevilo, přihlásím se.
Aviru znám, Zone Alarm jsem měl na starém PC a zdálo se mi, že zpomaloval cmp.
Ten Eset už asi z PC nedostanu..

Podle návodu: http://www.viry.cz/forum/viewtopic.php?f=11&t=2791 vyházejte ručně z registry vše, co souvisí s Esetem. Nemáte zač!