Po odinstalování AVG nejde nainstalovat žádný AV

[ondrej.snytr]

Dobrý den! Mám problém s tím, že mi nejde nainstalovat žádný antivir. NTB začal mít divné příznaky: Avg hlásil nepředvídané chyby, NTB se 3x během 2 dnů samovolně restartoval, Windows po spuštění psaly hlášku o obnovení po kritické chybě, nebo něco podobného. Tak jsem chtěl zkusit jiný AV, ale bohužel po odinstalování AVG jsem si ani neškrtnul. Problém může být pravděpodobně i HW, ale já jsem nejprve začal řešit možnou "virózu".
Přikládám log z Combofixu, prosím někoho o kontrolu. Díky a přeji pěkný večer. OndráŠ

ComboFix 11-07-15.03 - Ondras 16.07.2011 9:04.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3001.2441 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ondras\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WSCSVC
-------\Service_wscsvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-16 do 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-16 01:28 . 2011-07-16 01:28 -------- d-----w- c:\documents and settings\Ondras\Data aplikací\QuickScan
2011-07-14 22:52 . 2011-07-16 07:14 44711 ----a-w- c:\windows\cscmondump.bin
2011-07-14 22:51 . 2011-07-14 22:52 -------- d-----w- c:\windows\system32\NtmsData
2011-07-14 18:50 . 2011-07-14 18:50 -------- d-----w- c:\program files\COMODO
2011-07-14 18:50 . 2011-07-14 18:50 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-07-11 18:06 . 2011-07-11 18:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-08 10:14 . 2011-07-08 10:14 -------- d-----w- c:\program files\Common Files\Java
2011-07-02 16:58 . 2011-07-02 16:58 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 02:52 . 2011-01-01 14:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2009-02-18 19:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:32 . 2008-12-24 07:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2004-08-18 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 14:47 . 2004-08-18 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 14:47 . 2004-08-18 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-04-25 14:47 . 2004-08-18 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 14:43 . 2004-08-18 12:00 370176 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-18 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-01-01 11:20 . 2011-01-01 11:20 16896 ----a-w- c:\program files\wmdmhelper.dll
2011-01-01 11:20 . 2011-01-01 11:20 641024 ----a-w- c:\program files\rjbres.dll
2011-01-01 11:20 . 2011-01-01 11:20 45056 ----a-w- c:\program files\ierjplug.dll
2011-01-01 11:20 . 2011-01-01 11:20 360960 ----a-w- c:\program files\rjdlg.dll
2011-01-01 11:20 . 2011-01-01 11:20 34304 ----a-w- c:\program files\rjprog.dll
2011-01-01 11:20 . 2011-01-01 11:20 139264 ----a-w- c:\program files\dunzip32.dll
2011-01-01 11:20 . 2011-01-01 11:20 943344 ----a-w- c:\program files\cddblink.dll
2011-01-01 11:20 . 2011-01-01 11:20 9216 ----a-w- c:\program files\fixrjb.exe
2011-01-01 11:20 . 2011-01-01 11:20 45056 ----a-w- c:\program files\mmcdda32.dll
2011-01-01 11:20 . 2011-01-01 11:20 23552 ----a-w- c:\program files\tnetdtct.dll
2011-01-01 11:20 . 2011-01-01 11:20 2041072 ----a-w- c:\program files\cddbcontrol.dll
2011-01-01 11:20 . 2011-01-01 11:20 1115376 ----a-w- c:\program files\cddbmusicid.dll
2011-01-01 11:20 . 2011-01-01 11:20 74240 ----a-w- c:\program files\tsasdk.dll
2011-01-01 11:20 . 2011-01-01 11:20 67072 ----a-w- c:\program files\rpwa3260.dll
2011-01-01 11:20 . 2011-01-01 11:20 48128 ----a-w- c:\program files\tpasdk.dll
2011-01-01 11:20 . 2011-01-01 11:20 16296 ----a-w- c:\program files\realtfon.fon
2011-01-01 11:20 . 2011-01-01 11:20 46800 ----a-w- c:\program files\rpshellsearch.dll
2011-01-01 11:20 . 2011-01-01 11:20 369320 ----a-w- c:\program files\realconverter.exe
2011-01-01 11:20 . 2011-01-01 11:20 345768 ----a-w- c:\program files\convert.exe
2011-01-01 11:20 . 2011-01-01 11:20 390384 ----a-w- c:\program files\mc_enc_mp4v.dll
2011-01-01 11:20 . 2011-01-01 11:20 371880 ----a-w- c:\program files\realtrimmer.exe
2011-01-01 11:20 . 2011-01-01 11:20 119968 ----a-w- c:\program files\realshare.exe
2011-01-01 11:19 . 2011-01-01 11:19 719360 ----a-w- c:\program files\dbghelp.dll
2011-01-01 11:19 . 2011-01-01 11:19 72192 ----a-w- c:\program files\rjwmapln.dll
2011-01-01 11:19 . 2011-01-01 11:19 46592 ----a-w- c:\program files\rpau3260.dll
2011-01-01 11:19 . 2011-01-01 11:19 88064 ----a-w- c:\program files\hxaudiodevicehook.dll
2011-01-01 11:19 . 2011-01-01 11:19 27824 ----a-w- c:\program files\rndevicedbbuilder.exe
2011-01-01 11:19 . 2011-01-01 11:19 86528 ----a-w- c:\program files\rpplugprot.dll
2011-01-01 11:19 . 2011-01-01 11:19 63168 ----a-w- c:\program files\rpshell.dll
2011-01-01 11:19 . 2011-01-01 11:19 117448 ----a-w- c:\program files\rdsf3260.dll
2011-01-01 11:19 . 2011-01-01 11:19 18120 ----a-w- c:\program files\rphelperapp.exe
2011-01-01 11:19 . 2011-01-01 11:19 9728 ----a-w- c:\program files\realjbox.exe
2011-01-01 11:19 . 2011-01-01 11:19 491168 ----a-w- c:\program files\realplay.exe
2011-01-01 11:19 . 2011-01-01 11:19 415456 ----a-w- c:\program files\recordingmanager.exe
2011-07-02 16:58 . 2011-05-11 12:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-16_00.34.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-16 07:15 . 2011-07-16 07:15 16384 c:\windows\Temp\Perflib_Perfdata_6d0.dat
+ 2010-02-10 05:24 . 2010-02-10 05:24 284048 c:\windows\Downloaded Program Files\rufsi.dll
+ 2011-07-14 22:52 . 2011-07-16 07:14 210700 c:\windows\CSC_ServiceDump.dat
+ 2011-07-14 22:52 . 2011-07-16 07:14 2052524 c:\windows\CSC_ActiveCleanLog.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-03 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-03 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-03 134656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files\update\realsched.exe" [2011-01-01 274608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
.
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [9.12.2010 14:14 66584]
R1 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [9.12.2010 14:15 33232]
R2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [9.12.2010 14:08 305600]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.9.2009 23:44 133104]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.9.2009 23:44 133104]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
FastUserSwitchingCompatibility
HidServ
LanmanServer
LanmanWorkstation
Messenger
Nla
NWCWorkstation
Schedule
Seclogon
SRService
Themes
TrkWks
W32Time
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
napagent
hkmsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-14 c:\windows\Tasks\COMODO Updater.job
- c:\program files\COMODO\COMODO System-Cleaner\Updater.exe [2010-12-09 12:08]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 21:44]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 21:44]
.
2011-07-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-682003330-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-07-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-682003330-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: csob.cz\ib24
FF - ProfilePath - c:\documents and settings\Ondras\Data aplikací\Mozilla\Firefox\Profiles\9c40ghy4.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-16 09:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3012)
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Celkový čas: 2011-07-16 09:18:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-16 07:18
ComboFix2.txt 2011-07-16 01:15
ComboFix3.txt 2011-07-16 00:35
.
Před spuštěním: Volných bajtů: 60 193 480 704
Po spuštění: Volných bajtů: 60 118 786 048
.
- - End Of File - - 713F30CEE5B0A73B93999763932A4B13

[ondrej.snytr]

A ještě log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ondras at 2011-07-16 22:50:59
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 57 GB (72%) free of 80 GB
Total RAM: 3001 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:51:08, on 16.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\program files\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\Ondras\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
D:\Downloads\RSIT.exe
C:\Program Files\trend micro\Ondras.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://email.nature.cz/iNotes6W.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO System - Cleaner Service (Cleaner_Validator) - Unknown owner - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6330 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\COMODO Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-682003330-725345543-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-682003330-725345543-1003.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Ondras\Data aplikací\Mozilla\Firefox\Profiles\9c40ghy4.default

prefs.js - "extensions.enabledItems" - "{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2, {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319, avg@igeared:6.103.018.001, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa2,version=2.0.0]
"Description"=Picasa2 plugin
"Path"=C:\Program Files\Picasa2\npPicasa2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609]
"Description"=12.0.1.609
"Path"=c:\program files\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
browsercomps.dll.moz-backup
nppl3260.xpt
nsjsrealplayerplugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPOFFICE.DLL
nppdf32.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
avg_igeared.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Ondras\Data aplikací\Mozilla\Firefox\Profiles\9c40ghy4.default\extensions\
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
{e001c731-5e37-4538-a5cb-8168736a2360}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-01-01 382720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-06-13 16871936]
"AzMixerSel"=C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [2006-07-17 53248]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-11-03 134656]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-11-03 166912]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-11-03 134656]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"TkBellExe"=C:\program files\update\realsched.exe [2011-01-01 274608]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-06-15 15141768]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-11-03 205312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\real\realplayer\realplay.exe"="C:\Program Files\real\realplayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\realplay.exe"="C:\Program Files\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2011-07-16 22:51:00 ----D---- C:\Program Files\trend micro
2011-07-16 22:50:59 ----D---- C:\rsit
2011-07-16 09:18:12 ----A---- C:\ComboFix.txt
2011-07-16 03:28:11 ----D---- C:\Documents and Settings\Ondras\Data aplikací\QuickScan
2011-07-16 02:15:15 ----A---- C:\WINDOWS\zip.exe
2011-07-16 02:15:15 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-07-16 02:15:15 ----A---- C:\WINDOWS\SWSC.exe
2011-07-16 02:15:15 ----A---- C:\WINDOWS\SWREG.exe
2011-07-16 02:15:15 ----A---- C:\WINDOWS\sed.exe
2011-07-16 02:15:15 ----A---- C:\WINDOWS\PEV.exe
2011-07-16 02:15:15 ----A---- C:\WINDOWS\NIRCMD.exe
2011-07-16 02:15:15 ----A---- C:\WINDOWS\MBR.exe
2011-07-16 02:15:15 ----A---- C:\WINDOWS\grep.exe
2011-07-16 02:15:08 ----D---- C:\WINDOWS\ERDNT
2011-07-16 02:15:03 ----D---- C:\Qoobox
2011-07-15 00:52:47 ----A---- C:\WINDOWS\CSC_ServiceDump.dat
2011-07-15 00:52:47 ----A---- C:\WINDOWS\CSC_ActiveCleanLog.dat
2011-07-15 00:51:32 ----D---- C:\WINDOWS\system32\NtmsData
2011-07-14 21:47:19 ----D---- C:\Config.Msi
2011-07-14 20:50:30 ----D---- C:\Program Files\COMODO
2011-07-14 20:50:02 ----A---- C:\WINDOWS\system32\gdiplus.dll
2011-07-14 08:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-14 08:07:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-08 12:14:32 ----D---- C:\Program Files\Common Files\Java
2011-07-08 12:14:01 ----A---- C:\WINDOWS\system32\javaws.exe
2011-07-08 12:14:01 ----A---- C:\WINDOWS\system32\javaw.exe
2011-07-08 12:14:01 ----A---- C:\WINDOWS\system32\java.exe
2011-07-04 09:47:56 ----D---- C:\WINDOWS\Minidump
2011-06-29 01:04:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$

======List of files/folders modified in the last 1 month======

2011-07-16 22:51:00 ----RD---- C:\Program Files
2011-07-16 22:50:34 ----A---- C:\WINDOWS\wincmd.ini
2011-07-16 22:47:37 ----D---- C:\Documents and Settings\Ondras\Data aplikací\Skype
2011-07-16 21:57:19 ----D---- C:\WINDOWS\Temp
2011-07-16 09:54:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-16 09:18:15 ----D---- C:\WINDOWS\system32\drivers
2011-07-16 09:17:23 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-16 09:15:54 ----D---- C:\WINDOWS
2011-07-16 09:15:54 ----A---- C:\WINDOWS\system.ini
2011-07-16 09:15:43 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-16 09:14:22 ----D---- C:\WINDOWS\system32\config
2011-07-16 09:12:39 ----D---- C:\WINDOWS\system32
2011-07-16 09:12:39 ----D---- C:\WINDOWS\AppPatch
2011-07-16 09:12:33 ----D---- C:\Program Files\Common Files
2011-07-16 09:12:18 ----D---- C:\WINDOWS\system32\wbem
2011-07-16 04:02:55 ----SD---- C:\WINDOWS\Tasks
2011-07-16 03:52:35 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-07-16 02:38:48 ----D---- C:\Program Files\Mozilla Firefox
2011-07-16 02:29:17 ----D---- C:\WINDOWS\Prefetch
2011-07-16 01:22:59 ----SHD---- C:\WINDOWS\Installer
2011-07-16 00:55:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG10
2011-07-16 00:54:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-07-16 00:53:27 ----HD---- C:\WINDOWS\inf
2011-07-16 00:52:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-15 00:51:30 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-07-14 21:06:24 ----D---- C:\Documents and Settings\Ondras\Data aplikací\skypePM
2011-07-14 15:36:47 ----D---- C:\Documents and Settings\Ondras\Data aplikací\XnView
2011-07-14 08:08:27 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-14 08:07:58 ----A---- C:\WINDOWS\imsins.BAK
2011-07-13 19:53:00 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-08 12:13:56 ----D---- C:\Program Files\Java
2011-07-02 21:57:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-02 21:56:24 ----D---- C:\Program Files\SMS-DreamCom
2011-06-30 21:31:46 ----D---- C:\Program Files\Microsoft Office
2011-06-29 09:06:32 ----RD---- C:\Program Files\Skype
2011-06-29 09:06:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-08-01 43872]
R1 CFRMD;CFRMD; C:\WINDOWS\system32\DRIVERS\CFRMD.sys [2010-12-09 66584]
R1 CFRPD;CFRPD; C:\WINDOWS\system32\DRIVERS\CFRPD.sys [2010-12-09 33232]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-23 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-11-03 6273504]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-13 4754944]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-02-21 286336]
S3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-04-08 1309504]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-23 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2007-03-23 37280]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys [2008-06-12 2381312]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 Cleaner_Validator;COMODO System - Cleaner Service; C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [2010-12-09 305600]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-13 133104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-13 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-13 194032]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[motji]

Dobrý večer
Jak to vypadá po použití combofixu?

[ondrej.snytr]

Dobrý večer, zdá se mi to pořád stejné.
AVG: "V aplikaci avgmfapx.exe došlo k problému a je třeba ji zavřít. Omlouváme se za vzniklé potíže."
Avast: "An error 0 has occured. Last performed operation was: spawning."
NOD32: "Průvodce předčasně ukončil ESET Nod32 AV."
Online antivirové scannery se mi vyjma BitDefenderu, který nenašel žádnou infekci, také nedaří spustit.
Díky OŠ

[motji]

Stáhněte SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe
-program spusťte a postupujte podle instrukcí. Log vložte zde


Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[ondrej.snytr]

Dobrý večer!
SecurityCheck se mi nějak nedaří spustit, problikne tam pouze nějaké načítání, ale pak se nic neděje.
MBAM ... OK, log zde.

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7176

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

17.7.2011 22:15:50
mbam-log-2011-07-17 (22-15-50).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 206193
Uplynulý čas: 32 minut, 51 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[motji]

Zkuste ho ještě v nouzovém režimu.

[ondrej.snytr]

SecurityCheck v nouzovém režimu proběhl, log přikládám:

Results of screen317's Security Check version 0.99.17
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
COMODO System-Cleaner
Java(TM) 6 Update 26
Adobe Flash Player 10.3.181.26
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

[motji]

U comoda nemáte zapnutý anitivr, jen firewall?

[ondrej.snytr]

Comodo jsem instalovat kvůli vyčištění systému, firewall ani AV jsem nezapínal. Vlastně jsem ani nevěděl, že v té aplikaci jsou.
OŠ

[motji]

Otestujte na www.virustotal.com
c:\program files\fixrjb.exe
-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

[ondrej.snytr]

Zdravím Vás.
Výsledek je opět negativní: http://www.virustotal.com/file-scan/rep ... 1311015990
Díky OŠ

[motji]

Děkuji. Zkuste antivir nainstalovat v nouzovém režimu.
Ted to s pc vypadá jak?

[ondrej.snytr]

Tak se mi v nouzovém režimu podařilo nainstalovat Avast free, NOD32 z nějakého důvodu nešel (zkusil jsem to pouze 1). Avast se mi potom nedařilo zaktualizovat. Ani v nouzovém režimu s prací v síti ani v normálním. Nakonec se to nějak podařilo a nyní je AV aktuální a testuje počítač (50%). Nechám to běžet a ráno se uvidí. Dobrou noc OŠ

[ondrej.snytr]

Nedalo mi to a počkal jsem si. Avast nenašel při úplném testu žádný virus. OŠ