odstranenej trojan a pc nefunguje

[Vaneska]

Neukaže plochu, obsah disku, spravce uloh zakazal spravce... pokažde pisalo 10x nejaku hlašku a nejaky program System check si puštal scan. Stiahla som AVG a až po 3 scane našlo trojana ktoreho som odstranila. Hlaška a scan nie je no počitač stale nejde. Nepustim žiaden program ani cez štart a na internet to ide len cez AVG. Tu je log.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Evka at 2012-01-27 04:12:41
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 42 GB (55%) free of 76 GB
Total RAM: 3327 MB (87% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:12:50 AM, on 1/27/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Documents and Settings\Evka\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Evka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dts.search-results.com/sidebar.h ... stemid=406
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ie ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\inf\nvappx.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKCU\..\Run: [RockMelt Update] "C:\Documents and Settings\Evka\Local Settings\Data aplikací\RockMelt\Update\RockMeltUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1229272821-1060284298-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipameti kategorií soucástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

--
End of file - 5876 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Evka Logon.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1060284298-725345543-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1060284298-725345543-1003.job
C:\WINDOWS\tasks\RockMeltUpdateTaskUserS-1-5-21-1229272821-1060284298-725345543-1003Core.job
C:\WINDOWS\tasks\RockMeltUpdateTaskUserS-1-5-21-1229272821-1060284298-725345543-1003UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Evka\Data aplikací\Mozilla\Firefox\Profiles\j72l9tsj.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz/ig?hl=cs&source=iglk"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\
"avg@toolbar"=C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search\9.0.0.23\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647]
"Description"=12.0.1.647
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsjsrealplayerplugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
avg-secure-search.xml
Cetrumcz_igeared.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
SearchResults.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Documents and Settings\Evka\Data aplikací\Mozilla\Firefox\Profiles\j72l9tsj.default\extensions\
piclens@cooliris.com
swiffout@grownsoftware.com

C:\Documents and Settings\Evka\Data aplikací\Mozilla\Firefox\Profiles\j72l9tsj.default\searchplugins\
conduit.xml
facebook.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin.xml
SearchResults.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-07-09 386264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-11-11 1378144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-09 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-07-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-04-07 13891176]
"Control Center"=C:\Program Files\ASUS\WLAN Card Utilities\Center.exe [2004-05-05 1459200]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2011-07-09 273544]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2011-12-03 2415456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RockMelt Update"=C:\Documents and Settings\Evka\Local Settings\Data aplikací\RockMelt\Update\RockMeltUpdate.exe [2012-01-24 136336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.5\ICQ.exe silent loginmode=4 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDesktop"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\World of Warcraft\Launcher.exe"="E:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"E:\World of Warcraft\BackgroundDownloader.exe"="E:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:BackgroundDownloader.exe"
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer"
"C:\Program Files\AVG\AVG2012\avgemcx.exe"="C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"VIDC.WMV3"=wmv9vcm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-01-27 03:42:18 ----D---- C:\Program Files\trend micro
2012-01-27 03:42:17 ----D---- C:\rsit
2012-01-26 23:21:59 ----AH---- C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2012-01-26 23:19:19 ----HD---- C:\WINDOWS\Prefetch
2012-01-26 23:11:14 ----HD---- C:\Program Files\messenger
2012-01-26 23:11:14 ----H---- C:\WINDOWS\system32\drivers\irbus.sys
2012-01-26 23:11:14 ----H---- C:\WINDOWS\system32\comsdupd.exe
2012-01-26 23:11:13 ----H---- C:\WINDOWS\system32\drivers\agp440.sys
2012-01-26 23:11:13 ----H---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2012-01-26 23:11:13 ----H---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2012-01-26 23:11:13 ----H---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2012-01-26 23:11:13 ----H---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2012-01-26 23:11:13 ----H---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2012-01-26 23:11:13 ----H---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2012-01-26 23:11:13 ----H---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\atintuxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\atinttxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\atinraxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\amdagp.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\alim1541.sys
2012-01-26 23:11:12 ----H---- C:\WINDOWS\system32\drivers\agpcpq.sys
2012-01-26 23:11:11 ----H---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2012-01-26 23:11:11 ----H---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2012-01-26 23:11:11 ----H---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2012-01-26 23:11:11 ----H---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2012-01-26 23:11:11 ----H---- C:\WINDOWS\system32\drivers\hidir.sys
2012-01-26 23:11:11 ----H---- C:\WINDOWS\system32\drivers\hidbth.sys
2012-01-26 23:11:11 ----H---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2012-01-26 23:11:11 ----H---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2012-01-26 23:11:11 ----H---- C:\WINDOWS\system32\drivers\bthusb.sys
2012-01-26 23:11:11 ----H---- C:\WINDOWS\system32\drivers\bthprint.sys
2012-01-26 23:11:11 ----H---- C:\WINDOWS\system32\drivers\bthpan.sys
2012-01-26 23:11:11 ----H---- C:\WINDOWS\system32\drivers\bthmodem.sys
2012-01-26 23:11:11 ----H---- C:\WINDOWS\system32\drivers\bthenum.sys
2012-01-26 23:11:11 ----H---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2012-01-26 23:11:11 ----H---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2012-01-26 23:11:11 ----H---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2012-01-26 23:11:11 ----H---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2012-01-26 23:11:11 ----H---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2012-01-26 23:11:10 ----H---- C:\WINDOWS\system32\drivers\usb8023x.sys
2012-01-26 23:11:10 ----H---- C:\WINDOWS\system32\drivers\uagp35.sys
2012-01-26 23:11:10 ----H---- C:\WINDOWS\system32\drivers\smbali.sys
2012-01-26 23:11:10 ----H---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2012-01-26 23:11:10 ----H---- C:\WINDOWS\system32\drivers\slnthal.sys
2012-01-26 23:11:10 ----H---- C:\WINDOWS\system32\drivers\slntamr.sys
2012-01-26 23:11:10 ----H---- C:\WINDOWS\system32\drivers\slnt7554.sys
2012-01-26 23:11:10 ----H---- C:\WINDOWS\system32\drivers\sisagp.sys
2012-01-26 23:11:10 ----H---- C:\WINDOWS\system32\drivers\siint5.dll
2012-01-26 23:11:10 ----H---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2012-01-26 23:11:10 ----H---- C:\WINDOWS\system32\drivers\rndismpx.sys
2012-01-26 23:11:10 ----H---- C:\WINDOWS\system32\drivers\rfcomm.sys
2012-01-26 23:11:10 ----H---- C:\WINDOWS\system32\drivers\recagent.sys
2012-01-26 23:11:10 ----H---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2012-01-26 23:11:10 ----H---- C:\WINDOWS\system32\drivers\mutohpen.sys
2012-01-26 23:11:10 ----H---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2012-01-26 23:11:10 ----H---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2012-01-26 23:11:10 ----H---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2012-01-26 23:11:09 ----H---- C:\WINDOWS\system32\drivers\watv10nt.sys
2012-01-26 23:11:09 ----H---- C:\WINDOWS\system32\drivers\watv06nt.sys
2012-01-26 23:11:09 ----H---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2012-01-26 23:11:09 ----H---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2012-01-26 23:11:09 ----H---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2012-01-26 23:11:09 ----H---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2012-01-26 23:11:09 ----H---- C:\WINDOWS\system32\drivers\wacompen.sys
2012-01-26 23:11:09 ----H---- C:\WINDOWS\system32\drivers\viaagp.sys
2012-01-26 23:11:09 ----H---- C:\WINDOWS\system32\drivers\vchnt5.dll
2012-01-26 23:11:09 ----H---- C:\WINDOWS\system32\drivers\usbvideo.sys
2012-01-26 23:11:09 ----H---- C:\WINDOWS\system32\ativtmxx.dll
2012-01-26 23:11:09 ----H---- C:\WINDOWS\system32\ati3duag.dll
2012-01-26 23:11:09 ----H---- C:\WINDOWS\system32\ati3d1ag.dll
2012-01-26 23:11:09 ----H---- C:\WINDOWS\system32\ati2dvag.dll
2012-01-26 23:11:09 ----H---- C:\WINDOWS\system32\ati2dvaa.dll
2012-01-26 23:11:09 ----H---- C:\WINDOWS\system32\ati2cqag.dll
2012-01-26 23:11:08 ----H---- C:\WINDOWS\system32\slserv.exe
2012-01-26 23:11:08 ----H---- C:\WINDOWS\system32\slrundll.exe
2012-01-26 23:11:08 ----H---- C:\WINDOWS\system32\slgen.dll
2012-01-26 23:11:08 ----H---- C:\WINDOWS\system32\slextspk.dll
2012-01-26 23:11:08 ----H---- C:\WINDOWS\system32\slcoinst.dll
2012-01-26 23:11:08 ----H---- C:\WINDOWS\system32\s3gnb.dll
2012-01-26 23:11:08 ----H---- C:\WINDOWS\system32\mtxparhd.dll
2012-01-26 23:11:08 ----H---- C:\WINDOWS\system32\mdmxsdk.dll
2012-01-26 23:11:08 ----H---- C:\WINDOWS\system32\hsfcisp2.dll
2012-01-26 23:11:08 ----H---- C:\WINDOWS\system32\ativvaxx.dll
2012-01-26 23:11:08 ----H---- C:\WINDOWS\slrundll.exe
2012-01-26 23:07:59 ----AH---- C:\WINDOWS\000001_.tmp
2012-01-26 20:26:51 ----HD---- C:\Documents and Settings\Evka\Data aplikací\AVG
2012-01-26 20:11:57 ----HD---- C:\Program Files\HijackThis
2012-01-26 20:05:52 ----HD---- C:\Program Files\Malwarebytes' Anti-Malware
2012-01-26 20:05:52 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2012-01-26 20:05:45 ----HD---- C:\$AVG
2012-01-26 19:19:32 ----HD---- C:\Documents and Settings\Evka\Data aplikací\AVG2012
2012-01-26 19:16:45 ----HD---- C:\Documents and Settings\Evka\Data aplikací\AVG Secure Search
2012-01-26 19:16:43 ----HD---- C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search
2012-01-26 19:16:38 ----HD---- C:\Program Files\Common Files\AVG Secure Search
2012-01-26 19:16:36 ----HD---- C:\Program Files\AVG Secure Search
2012-01-26 19:14:31 ----HD---- C:\WINDOWS\system32\drivers\AVG
2012-01-26 19:14:31 ----HD---- C:\Documents and Settings\All Users\Data aplikací\AVG2012
2012-01-26 19:12:52 ----HD---- C:\Program Files\AVG
2012-01-26 19:06:23 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2012-01-26 19:05:02 ----HD---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2012-01-22 01:15:54 ----HD---- C:\Documents and Settings\Evka\Data aplikací\Temp
2012-01-13 18:43:41 ----AH---- C:\WINDOWS\system32\RegistryDefragBootTime.exe

======List of files/folders modified in the last 1 month======

2012-01-27 04:12:47 ----HD---- C:\WINDOWS\system32\CatRoot2
2012-01-27 04:12:45 ----AHD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-01-27 04:08:37 ----HD---- C:\WINDOWS\Temp
2012-01-27 04:07:29 ----SHD---- C:\WINDOWS\CSC
2012-01-27 03:42:18 ----RHD---- C:\Program Files
2012-01-27 03:31:04 ----HD---- C:\WINDOWS
2012-01-27 03:30:37 ----HD---- C:\WINDOWS\Debug
2012-01-27 02:51:40 ----SD---- C:\WINDOWS\Tasks
2012-01-27 02:09:36 ----AH---- C:\WINDOWS\SchedLgU.Txt
2012-01-26 23:38:10 ----HD---- C:\WINDOWS\security
2012-01-26 23:36:26 ----HD---- C:\WINDOWS\system32
2012-01-26 23:36:25 ----HD---- C:\WINDOWS\system32\inetsrv
2012-01-26 23:20:38 ----HD---- C:\Program Files\Windows Media Player
2012-01-26 23:18:53 ----SHD---- C:\Config.Msi
2012-01-26 23:13:56 ----HD---- C:\WINDOWS\inf
2012-01-26 23:13:38 ----HD---- C:\WINDOWS\system32\drivers
2012-01-26 23:12:43 ----HD---- C:\WINDOWS\ehome
2012-01-26 23:12:26 ----RASH---- C:\boot.ini
2012-01-26 23:11:14 ----HD---- C:\WINDOWS\Help
2012-01-26 23:11:07 ----HD---- C:\WINDOWS\Media
2012-01-26 23:09:41 ----HD---- C:\WINDOWS\system32\CatRoot
2012-01-26 23:08:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-01-26 23:08:25 ----HD---- C:\WINDOWS\ServicePackFiles
2012-01-26 20:27:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-01-26 20:26:51 ----SHD---- C:\WINDOWS\Installer
2012-01-26 20:05:47 ----HD---- C:\Program Files\HTV
2012-01-26 19:56:50 ----HD---- C:\Program Files\GodsWar Online_Facebook
2012-01-26 19:42:08 ----HDC---- C:\WINDOWS\system32\DRVSTORE
2012-01-26 19:42:04 ----HD---- C:\Program Files\Common Files\Apple
2012-01-26 19:40:19 ----HD---- C:\WINDOWS\WinSxS
2012-01-26 19:35:46 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Samsung
2012-01-26 19:35:45 ----HD---- C:\Documents and Settings\Evka\Data aplikací\Samsung
2012-01-26 19:35:34 ----HD---- C:\Program Files\InstallShield Installation Information
2012-01-26 19:16:38 ----HD---- C:\Program Files\Common Files
2012-01-26 03:26:36 ----HD---- C:\Documents and Settings\Evka\Data aplikací\Skype
2012-01-25 01:32:05 ----HD---- C:\WINDOWS\Minidump
2012-01-22 05:51:16 ----HD---- C:\WINDOWS\Microsoft.NET
2012-01-22 01:17:14 ----HD---- C:\Program Files\MyFree Codec
2012-01-22 00:48:17 ----AHC---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-01-22 00:48:08 ----RSD---- C:\WINDOWS\assembly
2012-01-16 22:34:32 ----HD---- C:\WINDOWS\system32\config
2012-01-13 18:37:04 ----HD---- C:\Documents and Settings\All Users\Data aplikací\IObit
2012-01-13 18:36:42 ----HD---- C:\Documents and Settings\Evka\Data aplikací\IObit
2012-01-13 18:36:30 ----HD---- C:\Program Files\IObit
2012-01-10 16:13:20 ----HD---- C:\Program Files\Mozilla Firefox
2012-01-08 01:12:00 ----AH---- C:\wireless.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2011-06-19 21419]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134608]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-08-16 6427240]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-04-08 12501600]
R3 RT2500;AsusTek RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2004-04-23 121216]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-17 12416]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\WINDOWS\System32\Drivers\ssadadb.sys [2011-07-20 30312]
S3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2010-01-05 1714176]
S3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys []
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2008-08-28 627072]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ssadbus.sys [2011-07-20 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2011-07-20 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2011-07-20 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\ssadserd.sys [2011-07-20 114280]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2011-07-20 104648]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2011-07-20 14920]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2011-07-20 132424]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2010-07-04 238952]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-07-09 153376]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2011-04-07 155752]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
R2 vToolbarUpdater;vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2012-01-26 869216]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-08-19 821096]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]

-----------------EOF-----------------

[cernohous13]

Zdravím,

nejdřív se to pokusíme rozchodit opravou registru

Otevři Poznámkový blok (Notepad) a vlož zelený text ze scriptu.

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"load"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

Soubor ulož jako -> oprava.reg - Uložit jako typ -> Všechny soubory
Zavři a dvojklikem na ikonu spusť - jen problikne a opraví registry - po akci jej smažeš.

restartuj a napiš

[Vaneska]

hotovo. ikona spustena, dalo otazku ci do registru, pak zmazane a pak restart. zatial ziadna zmena.

[cernohous13]

Jde ti spustit Správce úloh - kombinace Ctrl+Alt+Delete

[Vaneska]

ne. je to zakazane od spravce.

[cernohous13]

Nepustim žiaden program ani cez štart a na internet to ide len cez AVG.

Jak se ti podařilo spustit RSIT a Notepad?
Nerozumím tomu - internet přes AVG

[Vaneska]

no som šikovna . AVG ma Join us on Facebook, takže tak na net a log cez stahovanie na Firefoxe a ten blok cez start a dokumenty. ja sa dostanem na dokumenty aj tento počitač, ale vše je prazdne. nenajdem ani jeden program vše prazdne a cez start taky nic to tam je len zaklad. skušala som aj cez ovladacie panely nejak do Nástroje pro správu ale tam ukazuje taky prazdne okno len. vše mam poblokovane.Ale dostanem sa do pridat alebo odobrat programy no tam ale je vše ako bolo a každy program poznam. A plocha modra neda sa udelat ani nic nove. akurat čo mam tak dole na lište avg net a hodinky.

[cernohous13]

Dostaneš se do nouzového režimu?

Proveď tu operaci s opravou registru v NR - souhlas se zápisem do registru

[Vaneska]

hotovo. nepomohlo. stale stejne.

[cernohous13]

Podrobný návod na AVPTool najdeš po kliknutí na fialový odkaz v mém podpisu.

[Vaneska]

Možna ti pomože aj tohle. Našla som to v AVG



"PUP";"Potentially harmful program Ardamax.MN";"c:\System Volume Information\_restore{1B2B2DFA-2965-420C-8D23-077D3F74C9B3}\RP408\A0194527.exe";"N/A";"1/27/2012, 1:51:06 AM"
"Infection";"Trojan horse Downloader.Zlob.BFZG";"C:\Documents and Settings\All Users\Data aplikací\njxvRaoskC.exe";"N/A";"1/27/2012, 2:07:14 AM"
"Infection";"Trojan horse Downloader.Zlob.BFZI";"C:\Documents and Settings\All Users\Data aplikací\NaqBPxsJa9iqD7.exe";"N/A";"1/27/2012, 2:07:15 AM"
"Infection";"Trojan horse Downloader.Zlob.BFZG";"C:\Documents and Settings\All Users\Data aplikací\njxvRaoskC.exe";"N/A";"1/27/2012, 2:07:15 AM"
"Warning";"Found registry key with reference to infected file C:\Documents and Settings\All Users\Data aplikací\njxvRaoskC.exe";"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\njxvRaoskC.exe";"N/A";"1/27/2012, 2:07:15 AM"
"Infection";"Trojan horse Downloader.Zlob.BFZI";"c:\Documents and Settings\All Users\Data aplikací\NaqBPxsJa9iqD7.exe";"N/A";"1/27/2012, 2:08:39 AM"
"Infection";"Trojan horse Downloader.Zlob.BFZI";"C:\Documents and Settings\All Users\Data aplikací\NaqBPxsJa9iqD7.exe";"N/A";"1/27/2012, 2:08:44 AM"
"Infection";"Trojan horse Downloader.Zlob.BFZG";"C:\Documents and Settings\All Users\Data aplikací\njxvRaoskC.exe";"N/A";"1/27/2012, 2:08:44 AM"
"Infection";"Trojan horse Downloader.Zlob.BFZI";"c:\Documents and Settings\All Users\Data aplikací\wzXCeOqDsLxqka.exe";"N/A";"1/27/2012, 2:08:59 AM"
"PUP";"Potentially harmful program Ardamax.MN";"C:\AKV.exe";"N/A";"1/27/2012, 2:49:15 AM"

Kaspersky ešte scanuje. pak dam ten log.

[Vaneska]

tak tu je : len dufam že som to udelala spravne
Status: Will be deleted when the computer is restarted (events: 1)
1/27/2012 10:33:15 PM Will be deleted when the computer is restarted Trojan program Trojan.Win32.Jorik.Fraud.lqj C:\System Volume Information\_restore{1B2B2DFA-2965-420C-8D23-077D3F74C9B3}\RP410\A0195865.exe High

[cernohous13]

Restart do nouzového režimu

Stáhni si : ComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Odmítni stažení Konzole...
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

[Vaneska]

nešlo to zrovna podla navodu, nepisalo že udela log len modra restart a činnost systemu bola obnovena po zavažnej chybe:
BCCode : 19 BCP1 : 00000020 BCP2 : 898DC210 BCP3 : 898DC628
BCP4 : 1A830008 OSVer : 5_1_2600 SP : 2_0 Product : 256_1

C:\DOCUME~1\Evka\LOCALS~1\Temp\WER691f.dir00\Mini012812-01.dmp
C:\DOCUME~1\Evka\LOCALS~1\Temp\WER691f.dir00\sysdata.xml

na c/combofix je ale nie combofix.txt takže žiaden log. Udelala som niečo špatne, alebo to nechce u mna fungovat?

[cernohous13]

Restartuj do nouzového režimu s prací v síti.

Stáhni Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkus stáhnout jiný

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

-spusť a nechej ho pracovat. Sám se ukončí.

- Teď nesmíš restartovat počítač!

Spusť ComboFix

kdyby se nepodařilo ani takto, máme další zbraně