VIRY.CZ

Moc prosím o pomoc, kamarádky počítač se sám restartuje do nouzoového režimu, vždy tak hodinu funguje a pak hodinu restartuje. Zde je log, moc děkuji.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Andrejka at 2011-08-01 14:18:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 60 GB (48%) free of 125 GB
Total RAM: 2047 MB (67% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Get Styles\enlbrdr.dll [2010-02-11 185856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
VDownloader Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-26 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-26 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files\FaceSmooch Toolbar\tbcore3.dll [2010-02-16 2495488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\20101031150823\ICQToolBar.dll [2010-10-04 1049912]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{D4027C7F-154A-4066-A1AD-4243D8127440} - VDownloader Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]
{338B4DFE-2E2C-4338-9E41-E176D497299E} - FaceSmooch Toolbar - C:\Program Files\FaceSmooch Toolbar\tbcore3.dll [2010-02-16 2495488]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-12 17531392]
"tray_ico0"=C:\WINDOWS\update.tray-3-0\svchost.exe [2011-07-26 1183232]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-26 256000]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-26 256000]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe /WAITSERVICE []
"583884.exe"=C:\WINDOWS\TEMP\583884.exe [2011-07-31 256000]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-31 232960]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-04-28 61440]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min []
"wxpdrv"=C:\WINDOWS\services32.exe []
"tray_ico"= []
"tray_ico1"=C:\WINDOWS\update.tray-12-0\svchost.exe [2011-07-26 1183232]
"tray_ico2"=C:\WINDOWS\update.tray-8-0\svchost.exe [2011-07-26 1183232]
"tray_ico3"= []
"tray_ico4"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-10-09 139264]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4281629.exe]
C:\WINDOWS\TEMP\4281629.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8956875.exe]
C:\WINDOWS\TEMP\8956875.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
C:\Program Files\Ask.com\Updater\Updater.exe [2011-05-17 395144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
C:\PROGRA~1\AVG\AVG9\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-10-09 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-04-28 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico1]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico2]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico3]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico4]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
C:\Program Files\USB Disk Win98 Driver\Res.EXE [2005-09-14 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-04-05 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-05-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-05-28 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hanka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Maukétka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2008-10-25 98696]

C:\Documents and Settings\Andrejka\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-05-25 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-10-09 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=4294967295

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe"="C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:LocalSubNet:Enabled:UltiDev Cassini Web Server for ASP.NET 2.0"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Documents and Settings\Maukétka\Plocha\P17535732.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Documents and Settings\Maukétka\Dokumenty\Stažené soubory\P17535732.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Maukétka\Dokumenty\Downloads\Flash-Player.exe"="C:\Documents and Settings\Maukétka\Dokumenty\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Maukétka\Dokumenty\Downloads\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.tray-12-0\svchost.exe"="C:\WINDOWS\update.tray-12-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-12-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"wavemapper"=msacm32.drv
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"vidc.vcr1"=C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"=C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.yv12"=DivX.dll
"vidc.div3"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll
"msacm.divxa32"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm
"vidc.i263"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv50"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir50_32.dll
"vidc.iyuv"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.ir21"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM
"msacm.msadpcm"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm
"msacm.imaadpcm"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm
"msacm.msg711"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg711.acm
"msacm.msg723"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg723.acm
"msacm.msgsm610"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm
"vidc.m261"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh261.drv
"vidc.m263"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv
"vidc.i420"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv
"vidc.mrle"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll
"vidc.uyvy"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.msvc"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.cram"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.mpg4"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp41"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp42"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp43"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4s"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4v"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.wmv3"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll
"msacm.msaudio1"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.LEAD"=LCODCCMP.DLL
"vidc.mjpg"=pvmjpg30.dll
"vidc.DIVX"=DivX.dll

======List of files/folders created in the last 1 month======

2011-08-01 14:18:52 ----D---- C:\Program Files\trend micro
2011-08-01 14:18:51 ----D---- C:\rsit
2011-07-31 22:19:53 ----HD---- C:\WINDOWS\update.tray-8-0-lnk
2011-07-31 22:19:53 ----HD---- C:\WINDOWS\update.tray-8-0
2011-07-31 22:18:08 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2011-07-31 22:18:06 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2011-07-31 22:18:06 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-07-31 22:18:06 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-07-31 22:18:06 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-07-31 21:44:35 ----D---- C:\Program Files\AMD APP
2011-07-31 21:43:52 ----A---- C:\WINDOWS\system32\ativvamv.dll
2011-07-31 21:43:52 ----A---- C:\WINDOWS\system32\atiapfxx.exe
2011-07-31 21:43:38 ----D---- C:\Program Files\ATI
2011-07-31 21:33:05 ----D---- C:\ATI
2011-07-31 21:28:04 ----D---- C:\WINDOWS\ufa
2011-07-31 21:28:04 ----D---- C:\WINDOWS\rpcminer
2011-07-31 21:28:04 ----D---- C:\WINDOWS\phoenix
2011-07-31 21:24:51 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-31 21:23:40 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-31 21:23:08 ----HD---- C:\WINDOWS\update.5.0
2011-07-31 21:22:35 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2011-07-31 21:22:35 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2011-07-31 21:21:04 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2011-07-31 21:20:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2011-07-31 21:20:10 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2011-07-31 21:19:08 ----A---- C:\WINDOWS\unrar.exe
2011-07-31 21:11:00 ----HD---- C:\WINDOWS\update.tray-3-0-lnk
2011-07-31 21:11:00 ----HD---- C:\WINDOWS\update.tray-3-0
2011-07-31 20:57:36 ----HD---- C:\WINDOWS\update.tray-12-0-lnk
2011-07-31 20:57:36 ----HD---- C:\WINDOWS\update.tray-12-0
2011-07-31 20:57:36 ----HD---- C:\WINDOWS\update.1
2011-07-31 20:57:36 ----D---- C:\WINDOWS\av_ico
2011-07-31 20:56:26 ----D---- C:\5.exe
2011-07-31 20:45:53 ----D---- C:\r.swf
2011-07-31 20:09:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-07-31 20:09:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-07-31 19:27:44 ----D---- C:\WINDOWS\system32\NtmsData
2011-07-31 19:19:26 ----A---- C:\WINDOWS\system32\imon.dll
2011-07-31 19:19:26 ----A---- C:\WINDOWS\system32\drivers\nod32drv.sys
2011-07-31 19:19:26 ----A---- C:\WINDOWS\system32\drivers\amon.sys
2011-07-31 19:08:29 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2011-07-31 19:08:29 ----A---- C:\WINDOWS\system32\T.COM
2011-07-31 19:08:29 ----A---- C:\WINDOWS\REGEDIT.COM
2011-07-31 19:08:29 ----A---- C:\WINDOWS\R.COM
2011-07-31 19:05:15 ----D---- C:\Program Files\Yahoo!
2011-07-31 19:05:08 ----D---- C:\Program Files\CCleaner
2011-07-30 10:17:05 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-29 22:37:28 ----D---- C:\WINDOWS\pss
2011-07-29 22:30:15 ----A---- C:\WINDOWS\system32\hidserv.dll
2011-07-29 22:30:12 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2011-07-27 20:04:38 ----HD---- C:\WINDOWS\update.2
2011-07-26 23:37:00 ----A---- C:\WINDOWS\iplist.txt
2011-07-26 21:32:49 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-26 21:32:35 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-26 21:32:19 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-26 16:27:06 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-26 16:27:06 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-02 19:33:55 ----D---- C:\Program Files\A4Tech

======List of files/folders modified in the last 1 month======

2011-08-01 14:18:52 ----RD---- C:\Program Files
2011-08-01 14:16:43 ----D---- C:\WINDOWS\Temp
2011-08-01 14:16:00 ----D---- C:\WINDOWS
2011-08-01 14:15:32 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-01 14:15:31 ----HD---- C:\WINDOWS\inf
2011-07-31 22:20:10 ----A---- C:\boot.ini
2011-07-31 22:19:15 ----D---- C:\WINDOWS\system32
2011-07-31 22:18:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-31 22:18:08 ----D---- C:\WINDOWS\system32\drivers
2011-07-31 22:00:08 ----SHD---- C:\WINDOWS\Installer
2011-07-31 22:00:08 ----HD---- C:\Config.Msi
2011-07-31 22:00:08 ----D---- C:\WINDOWS\WinSxS
2011-07-31 21:44:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-31 21:43:55 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-07-31 21:43:52 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-07-31 21:43:41 ----D---- C:\Program Files\ATI Technologies
2011-07-31 21:27:30 ----SHD---- C:\System Volume Information
2011-07-31 21:27:30 ----D---- C:\WINDOWS\system32\Restore
2011-07-31 21:19:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-31 21:14:37 ----D---- C:\WINDOWS\system32\drivers\Avg
2011-07-31 21:11:03 ----D---- C:\Program Files\ESET
2011-07-31 21:00:48 ----D---- C:\Program Files\Mozilla Firefox
2011-07-31 20:53:59 ----SHD---- C:\RECYCLER
2011-07-31 20:22:17 ----D---- C:\Documents and Settings
2011-07-31 19:40:43 ----A---- C:\WINDOWS\NeroDigital.ini
2011-07-31 19:27:44 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-07-31 19:05:50 ----D---- C:\WINDOWS\Minidump
2011-07-31 19:05:50 ----D---- C:\WINDOWS\Debug
2011-07-31 19:05:18 ----D---- C:\WINDOWS\Prefetch
2011-07-30 09:58:11 ----A---- C:\WINDOWS\win.ini
2011-07-30 09:58:11 ----A---- C:\WINDOWS\system.ini
2011-07-12 22:53:57 ----D---- C:\Documents and Settings\Andrejka\Data aplikací\Skype
2011-07-12 21:36:11 ----D---- C:\Documents and Settings\Andrejka\Data aplikací\skypePM
2011-07-02 20:06:47 ----A---- C:\WINDOWS\PhotoSnapViewer.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-09-25 43528]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-01-24 8704]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-10-09 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-10-09 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2011-05-06 243152]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-08-02 126856]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2011-07-31 15424]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-08-02 60936]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-05-25 6554624]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-12 5051904]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2009-07-01 66688]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2009-07-01 13824]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2008-08-24 14208]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2009-06-24 3734976]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2011-07-31 512096]
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-04-05 14336]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-05-25 643072]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-26 152984]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-07-31 348672]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-07-27 502272]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-07-26 256000]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0; C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-02-07 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-07-26 1183232]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe []
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe []
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-04-28 593920]
S2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe []
S2 gupdate1ca65dce132fd8a;Služba Google Update (gupdate1ca65dce132fd8a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-15 133104]
S2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-15 133104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Dobré odpoledne,

kamarádka "aktualizovala Flash Player", co?

Stáhněte MBAM a vložte sem jeho log podle návodu zde, při výběru skenu zvolte Úplný sken.

Zatím nic nemažte, MBAM může mít falešné detekce!

Hezké odpoledne a děkuji. Nejspíš aktualizovala (ale ona nic ono samo). Zde je log:
Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1.8.2011 15:26:34
mbam-log-2011-08-01 (15-26-24).txt

Typ: Úplná kontrola (C:\|D:\|)
Kontrolované objekty: 239594
Uplynulý čas: 21 minut, 29 sekund

Infikované procesy v paměti: 11
Infikované moduly v paměti: 0
Infikované klíče v registru: 7
Infikované hodnoty v registru: 8
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 21

Infikované procesy v paměti:
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> 328 -> No action taken.
c:\WINDOWS\update.tray-3-0\svchost.exe (Trojan.Dropper) -> 2952 -> No action taken.
c:\WINDOWS\update.tray-12-0\svchost.exe (Trojan.Dropper) -> 3376 -> No action taken.
c:\WINDOWS\update.tray-8-0\svchost.exe (Trojan.Dropper) -> 3404 -> No action taken.
c:\WINDOWS\update.tray-3-0-lnk\svchost.exe (Trojan.Dropper) -> 1772 -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> 3340 -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> 172 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 1964 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 920 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 1816 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 1984 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico2 (Trojan.Dropper) -> Value: tray_ico2 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Delf) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Delf) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\NVIDIA driver monitor (Backdoor.Agent) -> Value: NVIDIA driver monitor -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-3-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-12-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-8-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-3-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\Andrejka\Plocha\ostatní\stažené soubory\mywebfacesetup2.3.50.56_2.grfox000.exe (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{c276d4d8-4eb3-44ff-9ff1-ddc3b1359206}\RP333\A0144559.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{c276d4d8-4eb3-44ff-9ff1-ddc3b1359206}\RP333\A0144558.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{c276d4d8-4eb3-44ff-9ff1-ddc3b1359206}\RP333\A0144560.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{c276d4d8-4eb3-44ff-9ff1-ddc3b1359206}\RP333\A0144561.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\1337578.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\8962703.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\update.tray-12-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-8-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
d:\andrea plocha\ostatní\stažené soubory\mywebfacesetup2.3.50.56_2.grfox000.exe (Adware.MyWebSearch) -> No action taken.
c:\WINDOWS\Temp\259630085.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> No action taken.
c:\WINDOWS\sysdriver32_.exe (Trojan.Delf) -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.

Infekci nalezenou MBAMem smažte.


Pozor! Tato utilita má velkou schopnost mazat a její použití je určeno výhradně členům týmu tohoto fóra. Svévolné použití může vést ke zboření a reinstalaci systému

Stáhněte ComboFix a uložte jej na Plochu.

Vypněte všechny rezidentní štíty antivirů a všechny programy běžící na pozadí.
Spusťte ComboFix s administrátorským oprávněním.
Potvrďte licenční podmínky a případně i instalaci konzoly pro zotavení
Během skenu nechte počítač naprosto v klidu.
Sken trvá zhruba 15 minut, ale doba se může lišit v závislosti na stavu systému
Po dokončení skenu se zobrazí log (pokud by se neotevřel, lze jej nalézt na systémovém disku jako ComboFix.txt), obsah logu vložte sem
ComboFixu si do dalšího pokynu nevšímejte

Zde je log

ComboFix 11-07-31.04 - Andrejka 01.08.2011 16:54:02.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1327 [GMT 2:00]
Spuštěný z: c:\documents and settings\Andrejka\Plocha\ComboFix.exe

.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FaceSmooch Toolbar\tbHElper.dll
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\iun6002.exe
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\05da178af62f7ddfb145e3abc6060e3e.elf
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\372e6355025d9110f59b3ec0bc3c113c.elf
c:\windows\phoenix\kernels\poclbm\5cc3a2f604e42d2127e1689badd1f5e6.elf
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\regedit.com
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\detoured.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\Ijl11.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\vbpng1.dll
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-12-0\svchost.exe
c:\windows\update.tray-3-0\svchost.exe
c:\windows\update.tray-8-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-01 do 2011-08-01 )))))))))))))))))))))))))))))))
.
.
2011-08-01 13:02 . 2011-08-01 13:02 -------- d-----w- c:\documents and settings\Andrejka\Data aplikací\Malwarebytes
2011-08-01 13:02 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-01 13:02 . 2011-08-01 13:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-08-01 13:02 . 2011-08-01 13:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-01 13:02 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-01 12:18 . 2011-08-01 12:18 -------- d-----w- c:\program files\trend micro
2011-08-01 12:18 . 2011-08-01 12:18 -------- d-----w- C:\rsit
2011-07-31 20:19 . 2011-08-01 14:56 -------- d--h--w- c:\windows\update.tray-8-0
2011-07-31 20:19 . 2011-07-31 20:19 -------- d--h--w- c:\windows\update.tray-8-0-lnk
2011-07-31 20:18 . 2010-08-02 14:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-31 20:18 . 2010-08-02 14:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-31 20:18 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-07-31 20:18 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-07-31 19:58 . 2011-07-31 19:58 -------- d-----w- c:\documents and settings\Andrejka\avira
2011-07-31 19:44 . 2011-07-31 19:44 -------- d-----w- c:\program files\AMD APP
2011-07-31 19:43 . 2011-05-25 03:07 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-07-31 19:43 . 2011-05-25 02:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-31 19:43 . 2011-07-31 19:43 -------- d-----w- c:\program files\ATI
2011-07-31 19:43 . 2011-07-31 19:43 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\ATI
2011-07-31 19:43 . 2011-07-31 19:43 -------- d-----w- c:\documents and settings\Default User\Data aplikací\ATI
2011-07-31 19:33 . 2011-07-31 19:33 -------- d-----w- C:\ATI
2011-07-31 19:28 . 2011-07-31 19:28 -------- d-----w- c:\windows\ufa
2011-07-31 19:22 . 2011-07-31 19:22 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2011-07-31 19:22 . 2011-07-31 19:22 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2011-07-31 19:21 . 2011-07-31 19:21 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2011-07-31 19:20 . 2011-07-31 19:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Yahoo! Companion
2011-07-31 19:20 . 2011-07-31 19:20 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2011-07-31 19:19 . 2011-07-31 19:28 246272 ----a-w- c:\windows\unrar.exe
2011-07-31 19:11 . 2011-08-01 14:56 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-31 19:11 . 2011-07-31 19:11 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-31 18:57 . 2011-08-01 14:56 -------- d--h--w- c:\windows\update.tray-12-0
2011-07-31 18:57 . 2011-08-01 12:16 -------- d-----w- c:\windows\av_ico
2011-07-31 18:57 . 2011-07-31 18:57 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-07-31 18:56 . 2011-07-31 18:57 -------- d-----w- C:\5.exe
2011-07-31 18:45 . 2011-07-31 18:46 -------- d-----w- C:\r.swf
2011-07-31 18:09 . 2011-07-31 18:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-07-31 18:09 . 2011-07-31 18:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-31 17:27 . 2011-07-31 17:29 -------- d-----w- c:\windows\system32\NtmsData
2011-07-31 17:19 . 2011-07-31 17:17 298104 ----a-w- c:\windows\system32\imon.dll
2011-07-31 17:19 . 2011-07-31 17:17 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2011-07-31 17:19 . 2011-07-31 17:17 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2011-07-31 17:08 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2011-07-31 17:08 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2011-07-31 17:05 . 2011-07-31 18:55 -------- d-----w- c:\program files\Yahoo!
2011-07-31 17:05 . 2011-07-31 18:55 -------- d-----w- c:\program files\CCleaner
2011-07-29 20:30 . 2008-04-14 03:21 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-07-29 20:30 . 2008-04-14 03:21 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-29 20:30 . 2008-04-14 02:29 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-07-29 20:30 . 2008-04-14 02:29 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-07-27 13:59 . 2011-07-31 18:55 -------- d-----w- c:\documents and settings\Administrator
2011-07-02 17:33 . 2011-07-02 17:33 -------- d-----w- c:\program files\A4Tech
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 04:21 . 2009-04-29 03:30 6554624 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-05-25 04:15 . 2009-08-25 20:53 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-05-25 03:53 . 2009-04-29 01:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-05-25 03:53 . 2009-04-29 01:20 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-05-25 03:47 . 2009-04-29 01:45 17989632 ----a-w- c:\windows\system32\atioglxx.dll
2011-05-25 03:42 . 2009-04-29 01:18 5922816 ----a-w- c:\windows\system32\aticaldd.dll
2011-05-25 03:14 . 2009-04-29 01:56 4059328 ----a-w- c:\windows\system32\ati3duag.dll
2011-05-25 03:05 . 2009-04-29 01:17 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-05-25 02:58 . 2009-04-29 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:56 . 2009-08-25 20:53 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 02:55 . 2009-04-29 02:17 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-05-25 02:54 . 2009-04-29 01:42 3152384 ----a-w- c:\windows\system32\ativvaxx.dll
2011-05-25 02:39 . 2009-04-29 02:07 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-05-25 02:39 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-05-25 02:39 . 2009-04-29 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-05-25 02:39 . 2009-04-29 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-05-25 02:38 . 2009-04-29 01:26 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-05-25 02:38 . 2009-04-29 01:26 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-05-25 02:38 . 2009-04-29 02:06 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-05-25 02:37 . 2009-04-29 02:04 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-05-25 02:36 . 2009-04-29 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-05-25 02:31 . 2009-04-29 01:22 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-05-25 02:27 . 2009-04-29 01:20 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:27 . 2009-04-29 01:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-05-25 02:22 . 2009-04-29 01:13 856064 ----a-w- c:\windows\system32\ati2cqag.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-06 11:18 . 2010-10-08 08:25 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-10 02:18 . 2010-09-05 15:05 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-12 17531392]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-10-09 08:19 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk
backup=c:\windows\pss\Rychlé spuštění aplikace HP Image Zone.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Andrejka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Andrejka\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Hanka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Hanka\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Maukétka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Maukétka\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2011-05-17 11:29 395144 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-10-09 09:28 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 13:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 11:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.0\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-04-28 19:25 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
2005-09-14 19:44 65536 ----a-w- c:\program files\USB Disk Win98 Driver\Res.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
2007-04-05 12:34 270336 ----a-w- c:\program files\A4Tech\Mouse\Amoumain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8.10.2010 10:25 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8.10.2010 10:25 243152]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [31.7.2011 19:19 15424]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [31.8.2009 9:58 246520]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 0:06 49152]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 avg9wd;AVG Free WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]
S2 gupdate1ca65dce132fd8a;Služba Google Update (gupdate1ca65dce132fd8a);c:\program files\Google\Update\GoogleUpdate.exe [15.11.2009 12:17 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.8.2009 16:13 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15.11.2009 12:17 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1.8.2011 15:02 41272]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 10:17]
.
2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 10:17]
.
2011-08-01 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 11:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.bigseekpro.com/facesmooch3a/{1825E2 ... 62400F53AA}
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-3-0\svchost.exe
HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - c:\windows\update.tray-12-0\svchost.exe
HKLM-Run-tray_ico2 - c:\windows\update.tray-8-0\svchost.exe
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
MSConfigStartUp-4281629 - c:\windows\TEMP\4281629.exe
MSConfigStartUp-8956875 - c:\windows\TEMP\8956875.exe
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-nod32kui - c:\program files\Eset\nod32kui.exe
AddRemove-Avira AntiVir Desktop - c:\program files\Avira\AntiVir Desktop\setup.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-NOD32 - c:\program files\Eset\Setup\setup.exe
AddRemove-NodEnabler - c:\program files\ESET\ESET Smart Security\Uninstaller.exe
AddRemove-{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1 - c:\program files\Eset\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-01 17:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
- - - - - - - > 'explorer.exe'(2864)
c:\windows\system32\webcheck.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2011-08-01 17:03:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-01 15:03
.
Před spuštěním: Volných bajtů: 62 348 349 440
Po spuštění: Volných bajtů: 63 381 958 656
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - B55C957076C40B0F09BF99F9E26F4AB8

Pěkný zvěřinec.

Otevřete Poznámkový blok, vložte do něj následující text a uložte soubor na Plochu jako CFScript.txt. Pak soubor přetáhněte na ikonu ComboFixu (viz obrázek). Po restartu se otevře log, ten sem vložte (už by to mělo jít do normálního režimu).

Tady je, děkuji.

ComboFix 11-08-01.02 - Andrejka 01.08.2011 19:49:40.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1289 [GMT 2:00]
Spuštěný z: c:\documents and settings\Andrejka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Andrejka\Plocha\CFScript.txt
.
FILE ::
"C:\5.exe"
"c:\program files\Common Files\AskToolbarInstaller.exe"
"C:\r.swf"
"c:\windows\R.COM"
"c:\windows\system32\T.COM"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_37.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Thumbs.db
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Common Files\AskToolbarInstaller.exe
c:\program files\Yahoo!
c:\program files\Yahoo!\Common\npyaxmpb.dll
c:\program files\Yahoo!\Common\unyt.exe
c:\program files\Yahoo!\Common\yinst.inf
c:\program files\Yahoo!\Common\yinsthelper.dll
c:\program files\Yahoo!\Common\yverinfo.dll
c:\program files\Yahoo!\Companion\Data\dlg_as.html
c:\program files\Yahoo!\Companion\Data\dlg_atb.html
c:\program files\Yahoo!\Companion\Data\dlg_catb.html
c:\program files\Yahoo!\Companion\Data\dlg_cnf.html
c:\program files\Yahoo!\Companion\Data\dlg_cotb.html
c:\program files\Yahoo!\Companion\Data\dlg_ctb.html
c:\program files\Yahoo!\Companion\Data\dlg_map.html
c:\program files\Yahoo!\Companion\Data\dlg_opt.html
c:\program files\Yahoo!\Companion\Data\dlg_pub.html
c:\program files\Yahoo!\Companion\Data\dlg_upg.html
c:\program files\Yahoo!\Companion\Installs\cpn\pubmod.dll
c:\program files\Yahoo!\Companion\Installs\cpn\YMERemote.dll
c:\program files\Yahoo!\Companion\Installs\cpn\ypubc.dll
c:\program files\Yahoo!\Companion\Installs\cpn\yt.dll
c:\program files\Yahoo!\Companion\Installs\cpn\YTabBar.dll
c:\program files\Yahoo!\Companion\Installs\cpn\YTAntiSpy.dll
c:\program files\Yahoo!\Companion\Installs\cpn\ytinst.log
c:\program files\Yahoo!\Companion\Installs\cpn\YTMsgr.dll
c:\windows\av_ico
c:\windows\av_ico\ico_avira_start.ico
c:\windows\av_ico\ico_NOD_SS_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\R.COM
c:\windows\system32\T.COM
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-12-0-lnk
c:\windows\update.tray-12-0-lnk\svchost.exe
c:\windows\update.tray-12-0
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0-lnk\svchost.exe
c:\windows\update.tray-3-0
c:\windows\update.tray-8-0-lnk
c:\windows\update.tray-8-0-lnk\svchost.exe
c:\windows\update.tray-8-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ICQ_SERVICE
-------\Service_gupdatem
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-01 do 2011-08-01 )))))))))))))))))))))))))))))))
.
.
2011-08-01 13:02 . 2011-08-01 13:02 -------- d-----w- c:\documents and settings\Andrejka\Data aplikací\Malwarebytes
2011-08-01 13:02 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-01 13:02 . 2011-08-01 13:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-08-01 13:02 . 2011-08-01 13:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-01 13:02 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-01 12:18 . 2011-08-01 12:18 -------- d-----w- c:\program files\trend micro
2011-08-01 12:18 . 2011-08-01 12:18 -------- d-----w- C:\rsit
2011-07-31 20:18 . 2010-08-02 14:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-31 20:18 . 2010-08-02 14:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-31 20:18 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-07-31 20:18 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-07-31 19:58 . 2011-07-31 19:58 -------- d-----w- c:\documents and settings\Andrejka\avira
2011-07-31 19:44 . 2011-07-31 19:44 -------- d-----w- c:\program files\AMD APP
2011-07-31 19:43 . 2011-05-25 03:07 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-07-31 19:43 . 2011-05-25 02:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-31 19:43 . 2011-07-31 19:43 -------- d-----w- c:\program files\ATI
2011-07-31 19:43 . 2011-07-31 19:43 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\ATI
2011-07-31 19:43 . 2011-07-31 19:43 -------- d-----w- c:\documents and settings\Default User\Data aplikací\ATI
2011-07-31 19:33 . 2011-07-31 19:33 -------- d-----w- C:\ATI
2011-07-31 19:22 . 2011-07-31 19:22 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2011-07-31 19:22 . 2011-07-31 19:22 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2011-07-31 19:21 . 2011-07-31 19:21 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2011-07-31 19:20 . 2011-07-31 19:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Yahoo! Companion
2011-07-31 19:20 . 2011-07-31 19:20 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2011-07-31 18:56 . 2011-07-31 18:57 -------- d-----w- C:\5.exe
2011-07-31 18:45 . 2011-07-31 18:46 -------- d-----w- C:\r.swf
2011-07-31 18:09 . 2011-07-31 18:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-07-31 18:09 . 2011-07-31 18:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-31 17:27 . 2011-07-31 17:29 -------- d-----w- c:\windows\system32\NtmsData
2011-07-31 17:19 . 2011-07-31 17:17 298104 ----a-w- c:\windows\system32\imon.dll
2011-07-31 17:19 . 2011-07-31 17:17 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2011-07-31 17:19 . 2011-07-31 17:17 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2011-07-31 17:05 . 2011-07-31 18:55 -------- d-----w- c:\program files\CCleaner
2011-07-29 20:30 . 2008-04-14 03:21 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-07-29 20:30 . 2008-04-14 03:21 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-29 20:30 . 2008-04-14 02:29 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-07-29 20:30 . 2008-04-14 02:29 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-07-27 13:59 . 2011-07-31 18:55 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 04:21 . 2009-04-29 03:30 6554624 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-05-25 04:15 . 2009-08-25 20:53 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-05-25 03:53 . 2009-04-29 01:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-05-25 03:53 . 2009-04-29 01:20 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-05-25 03:47 . 2009-04-29 01:45 17989632 ----a-w- c:\windows\system32\atioglxx.dll
2011-05-25 03:42 . 2009-04-29 01:18 5922816 ----a-w- c:\windows\system32\aticaldd.dll
2011-05-25 03:14 . 2009-04-29 01:56 4059328 ----a-w- c:\windows\system32\ati3duag.dll
2011-05-25 03:05 . 2009-04-29 01:17 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-05-25 02:58 . 2009-04-29 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:56 . 2009-08-25 20:53 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 02:55 . 2009-04-29 02:17 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-05-25 02:54 . 2009-04-29 01:42 3152384 ----a-w- c:\windows\system32\ativvaxx.dll
2011-05-25 02:39 . 2009-04-29 02:07 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-05-25 02:39 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-05-25 02:39 . 2009-04-29 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-05-25 02:39 . 2009-04-29 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-05-25 02:38 . 2009-04-29 01:26 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-05-25 02:38 . 2009-04-29 01:26 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-05-25 02:38 . 2009-04-29 02:06 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-05-25 02:37 . 2009-04-29 02:04 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-05-25 02:36 . 2009-04-29 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-05-25 02:31 . 2009-04-29 01:22 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-05-25 02:27 . 2009-04-29 01:20 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:27 . 2009-04-29 01:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-05-25 02:22 . 2009-04-29 01:13 856064 ----a-w- c:\windows\system32\ati2cqag.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-06 11:18 . 2010-10-08 08:25 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-01_15.00.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-01 17:55 . 2011-08-01 17:55 16384 c:\windows\temp\Perflib_Perfdata_798.dat
- 2001-10-25 14:00 . 2011-08-01 14:42 71846 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2011-08-01 15:02 71846 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2011-08-01 14:42 83652 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2011-08-01 15:02 83652 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2011-08-01 15:02 443588 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2011-08-01 14:42 443588 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2011-08-01 14:42 440316 c:\windows\system32\perfh005.dat
+ 2001-10-25 14:00 . 2011-08-01 15:02 440316 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-12 17531392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-10-09 08:19 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk
backup=c:\windows\pss\Rychlé spuštění aplikace HP Image Zone.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Andrejka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Andrejka\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Hanka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Hanka\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Maukétka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Maukétka\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 13:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 11:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.0\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
2005-09-14 19:44 65536 ----a-w- c:\program files\USB Disk Win98 Driver\Res.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
2007-04-05 12:34 270336 ----a-w- c:\program files\A4Tech\Mouse\Amoumain.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8.10.2010 10:25 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8.10.2010 10:25 243152]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [31.7.2011 19:19 15424]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 0:06 49152]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 avg9wd;AVG Free WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]
S2 gupdate1ca65dce132fd8a;Služba Google Update (gupdate1ca65dce132fd8a);c:\program files\Google\Update\GoogleUpdate.exe [15.11.2009 12:17 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.8.2009 16:13 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1.8.2011 15:02 41272]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Yahoo! Companion - c:\progra~1\Yahoo!\Common\unyt.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-01 19:55
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
- - - - - - - > 'explorer.exe'(2276)
c:\windows\system32\webcheck.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-08-01 19:57:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-01 17:57
ComboFix2.txt 2011-08-01 15:03
.
Před spuštěním: Volných bajtů: 63 356 923 904
Po spuštění: Volných bajtů: 63 323 561 984
.
- - End Of File - - A0270FDC8642DDDEF75628FAD6A83395

Otevřete Poznámkový blok, vložte do něj následující text a uložte soubor na Plochu jako CFScript.txt. Pak soubor přetáhněte na ikonu ComboFixu (viz obrázek). Po restartu se otevře log, ten sem vložte (už by to mělo jít do normálního režimu).

Zdravím a děkuji. Pc je v normálním režimu, jen mi Combofix napsal, že jsou spuštěné dva antiviry. Nenašla jsem ale ani jeden nainstalovaný ani spuštěný.

ComboFix 11-08-01.02 - Andrejka 02.08.2011 13:56:19.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1269 [GMT 2:00]
Spuštěný z: c:\documents and settings\Andrejka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Andrejka\Plocha\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Eset NOD32 Antivirus 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
C:\5.exe
C:\r.swf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-02 do 2011-08-02 )))))))))))))))))))))))))))))))
.
.
2011-08-01 13:02 . 2011-08-01 13:02 -------- d-----w- c:\documents and settings\Andrejka\Data aplikací\Malwarebytes
2011-08-01 13:02 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-01 13:02 . 2011-08-01 13:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-08-01 13:02 . 2011-08-01 13:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-01 13:02 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-01 12:18 . 2011-08-01 12:18 -------- d-----w- c:\program files\trend micro
2011-08-01 12:18 . 2011-08-01 12:18 -------- d-----w- C:\rsit
2011-07-31 20:18 . 2010-08-02 14:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-31 20:18 . 2010-08-02 14:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-31 20:18 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-07-31 20:18 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-07-31 19:58 . 2011-07-31 19:58 -------- d-----w- c:\documents and settings\Andrejka\avira
2011-07-31 19:44 . 2011-07-31 19:44 -------- d-----w- c:\program files\AMD APP
2011-07-31 19:43 . 2011-05-25 03:07 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-07-31 19:43 . 2011-05-25 02:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-31 19:43 . 2011-07-31 19:43 -------- d-----w- c:\program files\ATI
2011-07-31 19:43 . 2011-07-31 19:43 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\ATI
2011-07-31 19:43 . 2011-07-31 19:43 -------- d-----w- c:\documents and settings\Default User\Data aplikací\ATI
2011-07-31 19:33 . 2011-07-31 19:33 -------- d-----w- C:\ATI
2011-07-31 19:22 . 2011-07-31 19:22 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2011-07-31 19:22 . 2011-07-31 19:22 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2011-07-31 19:21 . 2011-07-31 19:21 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2011-07-31 19:20 . 2011-07-31 19:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Yahoo! Companion
2011-07-31 19:20 . 2011-07-31 19:20 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2011-07-31 18:09 . 2011-07-31 18:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-07-31 18:09 . 2011-07-31 18:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-31 17:27 . 2011-07-31 17:29 -------- d-----w- c:\windows\system32\NtmsData
2011-07-31 17:19 . 2011-07-31 17:17 298104 ----a-w- c:\windows\system32\imon.dll
2011-07-31 17:19 . 2011-07-31 17:17 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2011-07-31 17:19 . 2011-07-31 17:17 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2011-07-31 17:05 . 2011-07-31 18:55 -------- d-----w- c:\program files\CCleaner
2011-07-29 20:30 . 2008-04-14 03:21 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-07-29 20:30 . 2008-04-14 03:21 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-29 20:30 . 2008-04-14 02:29 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-07-29 20:30 . 2008-04-14 02:29 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-07-27 13:59 . 2011-07-31 18:55 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 04:21 . 2009-04-29 03:30 6554624 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-05-25 04:15 . 2009-08-25 20:53 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-05-25 03:53 . 2009-04-29 01:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-05-25 03:53 . 2009-04-29 01:20 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-05-25 03:47 . 2009-04-29 01:45 17989632 ----a-w- c:\windows\system32\atioglxx.dll
2011-05-25 03:42 . 2009-04-29 01:18 5922816 ----a-w- c:\windows\system32\aticaldd.dll
2011-05-25 03:14 . 2009-04-29 01:56 4059328 ----a-w- c:\windows\system32\ati3duag.dll
2011-05-25 03:05 . 2009-04-29 01:17 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-05-25 02:58 . 2009-04-29 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:56 . 2009-08-25 20:53 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 02:55 . 2009-04-29 02:17 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-05-25 02:54 . 2009-04-29 01:42 3152384 ----a-w- c:\windows\system32\ativvaxx.dll
2011-05-25 02:39 . 2009-04-29 02:07 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-05-25 02:39 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-05-25 02:39 . 2009-04-29 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-05-25 02:39 . 2009-04-29 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-05-25 02:38 . 2009-04-29 01:26 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-05-25 02:38 . 2009-04-29 01:26 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-05-25 02:38 . 2009-04-29 02:06 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-05-25 02:37 . 2009-04-29 02:04 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-05-25 02:36 . 2009-04-29 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-05-25 02:31 . 2009-04-29 01:22 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-05-25 02:27 . 2009-04-29 01:20 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:27 . 2009-04-29 01:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-05-25 02:22 . 2009-04-29 01:13 856064 ----a-w- c:\windows\system32\ati2cqag.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-06 11:18 . 2010-10-08 08:25 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-01_15.00.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-02 11:50 . 2011-08-02 11:50 16384 c:\windows\temp\Perflib_Perfdata_724.dat
- 2001-10-25 14:00 . 2011-08-01 14:42 71846 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2011-08-02 11:54 71846 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2011-08-01 14:42 83652 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2011-08-02 11:54 83652 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2011-08-02 11:54 443588 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2011-08-01 14:42 443588 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2011-08-01 14:42 440316 c:\windows\system32\perfh005.dat
+ 2001-10-25 14:00 . 2011-08-02 11:54 440316 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-12 17531392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-10-09 08:19 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk
backup=c:\windows\pss\Rychlé spuštění aplikace HP Image Zone.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Andrejka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Andrejka\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Hanka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Hanka\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Maukétka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Maukétka\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 13:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 11:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.0\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
2005-09-14 19:44 65536 ----a-w- c:\program files\USB Disk Win98 Driver\Res.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
2007-04-05 12:34 270336 ----a-w- c:\program files\A4Tech\Mouse\Amoumain.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8.10.2010 10:25 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8.10.2010 10:25 243152]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [31.7.2011 19:19 15424]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 0:06 49152]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 avg9wd;AVG Free WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]
S2 gupdate1ca65dce132fd8a;Služba Google Update (gupdate1ca65dce132fd8a);c:\program files\Google\Update\GoogleUpdate.exe [15.11.2009 12:17 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.8.2009 16:13 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1.8.2011 15:02 41272]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-02 13:58
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\imon.dll
.
- - - - - - - > 'explorer.exe'(3496)
c:\windows\system32\webcheck.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-08-02 13:59:34
ComboFix-quarantined-files.txt 2011-08-02 11:59
ComboFix2.txt 2011-08-01 17:57
ComboFix3.txt 2011-08-01 15:03
.
Před spuštěním: Volných bajtů: 63 613 927 424
Po spuštění: Volných bajtů: 63 595 380 736
.
- - End Of File - - F0E3137A3EAF4ECC715607A6085D0CB8

Ano ano, to bude další krok . Je nutné odinstalovat a znovu nainstalovat antivir. V PC ponechte pouze jeden antivir, více AV v jednom PC nedělá dobrotu. Dále doporučuji odinstalovat Spybot (svá nejlepšší léta už má dávno za sebou) a nahradit jej např. SuperAntiSpyware.

Po provedení dejte log z RSIT.

Já tam nikde nemám možnost odinstalovat ani AVG ani Nod32, v nainstalovaných programech nejsou, přes přidat/odebrat programy nejde-v seznamu nejsou. Jak se jich ještě jinak zbavit? Díky moc za rady.

Na AVG použijte AVG Remover, na NOD Nod32removal.

Avg šlo ale Nod ne, nikde v PC není.
Nový log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Andrejka at 2011-08-02 16:28:17
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 63 GB (51%) free of 125 GB
Total RAM: 2047 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:28:24, on 2.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Andrejka\Plocha\RSIT.exe
C:\Program Files\trend micro\Andrejka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\20101031150823\ICQToolBar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\20101031150823\ICQToolBar.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1293896625
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe

--
End of file - 6603 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-26 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-26 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\20101031150823\ICQToolBar.dll [2010-10-04 1049912]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-12 17531392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-08-02 2424192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.0\ICQ.exe [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
C:\Program Files\USB Disk Win98 Driver\Res.EXE [2005-09-14 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-04-05 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-05-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-05-28 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andrejka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hanka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Maukétka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-05-25 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
avgrsstx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe"="C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:LocalSubNet:Enabled:UltiDev Cassini Web Server for ASP.NET 2.0"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"wavemapper"=msacm32.drv
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"vidc.vcr1"=C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"=C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.yv12"=DivX.dll
"vidc.div3"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll
"msacm.divxa32"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm
"vidc.i263"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv50"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir50_32.dll
"vidc.iyuv"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.ir21"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM
"msacm.msadpcm"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm
"msacm.imaadpcm"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm
"msacm.msg711"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg711.acm
"msacm.msg723"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg723.acm
"msacm.msgsm610"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm
"vidc.m261"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh261.drv
"vidc.m263"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv
"vidc.i420"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv
"vidc.mrle"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll
"vidc.uyvy"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.msvc"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.cram"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.mpg4"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp41"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp42"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp43"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4s"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4v"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.wmv3"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll
"msacm.msaudio1"=C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.LEAD"=LCODCCMP.DLL
"vidc.mjpg"=pvmjpg30.dll
"vidc.DIVX"=DivX.dll

======List of files/folders created in the last 1 month======

2011-08-02 16:17:18 ----D---- C:\Documents and Settings\Andrejka\Data aplikací\SUPERAntiSpyware.com
2011-08-02 16:17:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-08-02 16:17:13 ----D---- C:\Program Files\SUPERAntiSpyware
2011-08-02 16:00:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-08-02 15:05:51 ----SHD---- C:\RECYCLER
2011-08-02 13:59:34 ----A---- C:\ComboFix.txt
2011-08-01 19:52:25 ----D---- C:\WINDOWS\temp
2011-08-01 16:49:20 ----A---- C:\Boot.bak
2011-08-01 16:49:17 ----RASHD---- C:\cmdcons
2011-08-01 16:44:58 ----A---- C:\WINDOWS\zip.exe
2011-08-01 16:44:58 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-08-01 16:44:58 ----A---- C:\WINDOWS\SWSC.exe
2011-08-01 16:44:58 ----A---- C:\WINDOWS\SWREG.exe
2011-08-01 16:44:58 ----A---- C:\WINDOWS\sed.exe
2011-08-01 16:44:58 ----A---- C:\WINDOWS\PEV.exe
2011-08-01 16:44:58 ----A---- C:\WINDOWS\NIRCMD.exe
2011-08-01 16:44:58 ----A---- C:\WINDOWS\MBR.exe
2011-08-01 16:44:58 ----A---- C:\WINDOWS\grep.exe
2011-08-01 16:44:34 ----D---- C:\WINDOWS\ERDNT
2011-08-01 16:41:25 ----D---- C:\Qoobox
2011-08-01 15:02:06 ----D---- C:\Documents and Settings\Andrejka\Data aplikací\Malwarebytes
2011-08-01 15:02:04 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-01 15:02:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-08-01 15:02:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-01 15:02:00 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-08-01 14:18:52 ----D---- C:\Program Files\trend micro
2011-08-01 14:18:51 ----D---- C:\rsit
2011-07-31 22:18:08 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2011-07-31 22:18:06 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2011-07-31 22:18:06 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-07-31 21:44:35 ----D---- C:\Program Files\AMD APP
2011-07-31 21:43:52 ----A---- C:\WINDOWS\system32\ativvamv.dll
2011-07-31 21:43:52 ----A---- C:\WINDOWS\system32\atiapfxx.exe
2011-07-31 21:43:38 ----D---- C:\Program Files\ATI
2011-07-31 21:33:05 ----D---- C:\ATI
2011-07-31 21:22:35 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2011-07-31 21:22:35 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2011-07-31 21:21:04 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2011-07-31 21:20:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2011-07-31 21:20:10 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2011-07-31 20:09:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-07-31 20:09:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-07-31 19:27:44 ----D---- C:\WINDOWS\system32\NtmsData
2011-07-31 19:19:26 ----A---- C:\WINDOWS\system32\imon.dll
2011-07-31 19:19:26 ----A---- C:\WINDOWS\system32\drivers\amon.sys
2011-07-31 19:05:08 ----D---- C:\Program Files\CCleaner
2011-07-29 22:37:28 ----D---- C:\WINDOWS\pss
2011-07-29 22:30:15 ----A---- C:\WINDOWS\system32\hidserv.dll
2011-07-29 22:30:12 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys

======List of files/folders modified in the last 1 month======

2011-08-02 16:27:30 ----D---- C:\WINDOWS\Prefetch
2011-08-02 16:26:08 ----D---- C:\WINDOWS
2011-08-02 16:25:51 ----RD---- C:\Program Files
2011-08-02 16:25:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-02 16:18:23 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-02 16:13:11 ----D---- C:\Program Files\Google
2011-08-02 16:13:10 ----SHD---- C:\WINDOWS\Installer
2011-08-02 16:11:58 ----D---- C:\Documents and Settings\Andrejka\Data aplikací\Toolbar4
2011-08-02 16:01:25 ----D---- C:\WINDOWS\system32\drivers
2011-08-02 15:57:52 ----A---- C:\WINDOWS\NeroDigital.ini
2011-08-02 15:47:11 ----D---- C:\WINDOWS\system32
2011-08-02 15:47:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-08-02 13:58:51 ----A---- C:\WINDOWS\system.ini
2011-08-02 13:57:49 ----D---- C:\WINDOWS\AppPatch
2011-08-02 13:57:47 ----D---- C:\Program Files\Common Files
2011-08-01 19:55:15 ----D---- C:\WINDOWS\system32\drivers\etc
2011-08-01 19:52:33 ----D---- C:\WINDOWS\system32\config
2011-08-01 19:52:12 ----SD---- C:\WINDOWS\Tasks
2011-08-01 16:49:20 ----RASH---- C:\boot.ini
2011-08-01 16:37:13 ----A---- C:\WINDOWS\win.ini
2011-08-01 14:15:31 ----HD---- C:\WINDOWS\inf
2011-07-31 22:00:08 ----D---- C:\WINDOWS\WinSxS
2011-07-31 22:00:08 ----D---- C:\Config.Msi
2011-07-31 21:44:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-31 21:43:55 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-07-31 21:43:52 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-07-31 21:43:41 ----D---- C:\Program Files\ATI Technologies
2011-07-31 21:27:30 ----SHD---- C:\System Volume Information
2011-07-31 21:27:30 ----D---- C:\WINDOWS\system32\Restore
2011-07-31 21:00:48 ----D---- C:\Program Files\Mozilla Firefox
2011-07-31 20:22:17 ----D---- C:\Documents and Settings
2011-07-31 19:27:44 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-07-31 19:05:50 ----D---- C:\WINDOWS\Minidump
2011-07-31 19:05:50 ----D---- C:\WINDOWS\Debug
2011-07-12 22:53:57 ----D---- C:\Documents and Settings\Andrejka\Data aplikací\Skype
2011-07-12 21:36:11 ----D---- C:\Documents and Settings\Andrejka\Data aplikací\skypePM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-09-25 43528]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-01-24 8704]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-08-02 126856]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-08-02 60936]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-05-25 6554624]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-12 5051904]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2009-07-01 66688]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2009-07-01 13824]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2008-08-24 14208]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2009-06-24 3734976]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys []
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2011-07-31 512096]
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-04-05 14336]
S3 catchme;catchme; \??\C:\DOCUME~1\Andrejka\LOCALS~1\Temp\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-05-25 643072]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-26 152984]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0; C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-02-07 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe []
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe []
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-04-28 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Omnlouvám se za prodlevu,
mohu se zeptat, jaký antivir používáte teď?

Spusťte znovu HijackThis (najdete jej ve svém počítači jako C:\Program Files\trend micro\Andrejka.exe), z nabídky vyberte Do a system scan only. Po provedení skenu u následujících položek zaškrtněte políčko vlevo a klikněte na Fix Checked.

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\20101031150823\ICQToolBar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\20101031150823\ICQToolBar.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

Stáhněte a spusťte OTM, do okna vložte následující skript a stiskněte tlačítko MoveIt! Po restartu počítače vložte log z OTM, který se vám automaticky otevře, a nový log z RSIT.

Teď momentálně není žádný (žádný funkční). Kdysi měla AVG ale vypršela licence a nenašla jsem žádný jiný funkční (nejspíš se odinstalovalo smazáním složky). Pokud se podaří vyčistit tak bych nainstalovala avast.
Zde je log z OTM

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Andrejka
->Temp folder emptied: 1363058 bytes
->Temporary Internet Files folder emptied: 407280 bytes
->Java cache emptied: 2640613 bytes
->FireFox cache emptied: 50423488 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134153 bytes
%systemroot%\System32 .tmp files removed: 2950600 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 57,00 mb

========== FILES ==========
C:\Program Files\ICQ6Toolbar\20101031150823 folder moved successfully.
C:\Program Files\ICQ6Toolbar folder moved successfully.
========== SERVICES/DRIVERS ==========
Service NOD32krn stopped successfully!
Service NOD32krn deleted successfully!
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
Service nod32drv stopped successfully!
Service nod32drv deleted successfully!
Service NBService stopped successfully!
Service NBService deleted successfully!

OTM by OldTimer - Version 3.1.18.0 log created on 08032011_112912

Files moved on Reboot...

Registry entries deleted on Reboot...