VIRY.CZ

Dobý den,prosím o kontrolu logu.
Extréme zpomalené PC a v procesech nic nevidim co by to mohlo zasekávat.
Děkuji


Logfile of random's system information tool 1.09 (written by random/random)
Run by dom at 2012-05-11 11:59:48
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (78%) free of 66 GB
Total RAM: 2047 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:00:41, on 11.5.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\AEADISRV.EXE
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\FarStone\RestoreIT 7\IBP\fsloader.exe
C:\Program Files\FarStone\RestoreIT 7\IBP\VBPTask.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\AntiLogger\AntiLogger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\dom\Plocha\RSIT.exe
C:\Program Files\trend micro\dom.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - (no file)
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AntiLogger] "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\WINDOWS\system32\AEADISRV.EXE
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DriveClone Network Client IBP - Unknown owner - C:\Program Files\FarStone\RestoreIT 7\IBP\fsloader.exe
O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6889 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\DriverScanner.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{D0F7BD77-CCB4-4A6F-9796-3E0F6A6FD883}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\dom\Data aplikací\Mozilla\Firefox\Profiles\57lkyadx.default

prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"

"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\
"{09F060FA-566D-42D7-BF79-97AB30863433}"=C:\Program Files\Steganos Privacy Suite 12\pfplugin
"{00F0643E-B367-4779-B45D-7046EBA37A88}"=C:\Program Files\Steganos Privacy Suite 12\spmplugin3


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.4.0]
"Description"=
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin]
"Description"=SumatraPDF Browser Plugin
"Path"=C:\Program Files\SumatraPDF\npPdfViewer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

D:\Mozilla\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

D:\Mozilla\components\
binary.manifest
browsercomps.dll

D:\Mozilla\plugins\
np-mswmp.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

D:\Mozilla\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\dom\Data aplikací\Mozilla\Firefox\Profiles\57lkyadx.default\extensions\
firefox@ghostery.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\IPS\IPSBHO.DLL [2012-03-29 210360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-04-28 453064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-04-28 157640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9C65D12D-CF9D-454D-8049-61965D8C6FFF}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-03-11 6749512]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2012-01-15 118784]
"AntiLogger"=C:\Program Files\AntiLogger\AntiLogger.exe [2012-02-02 2975688]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-02-29 15494464]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe [2009-11-02 906288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiLogger10_Uninstall1]
C:\WINDOWS\system32\winlogon.exe [2008-04-14 507904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 10 Interface]
C:\Program Files\Cobian Backup 10\cbInterface.exe [2010-09-23 3154432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe [2009-11-02 1346000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
C:\PROGRA~1\Uniblue\DRIVER~1\launcher.exe [2012-04-23 338808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe [2011-12-26 743560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe [2011-12-23 70792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
C:\Program Files\KeePass Password Safe 2\KeePass.exe [2012-01-05 1823744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2012-02-29 15494464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
NvMCTray.dll,NvTaskbarInit -login []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-03-01 1634112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [2009-11-02 136544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\smax4.exe [2005-09-07 716800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2012-01-15 1310720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-04-20 3905920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AdFender.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^alternative flash player auto-updater.lnk]
D:\Instal\ALTERN~1\ALTERN~1.EXE [2012-02-23 420864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^dom^Nabídka Start^Programy^Po spuštění^_uninst_14916961.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^dom^Nabídka Start^Programy^Po spuštění^_uninst_36775014.lnk]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro36]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro36.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\prwntdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe"="C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe:*:Enabled:Agent.exe"
"D:\Hry instal\PES2012\pes2012.exe"="D:\Hry instal\PES2012\pes2012.exe:*:Enabled:Pro Evolution Soccer 2012"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.WMV3"=wmv9vcm.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll

======List of files/folders created in the last 1 month======

2012-05-11 11:59:48 ----D---- C:\rsit
2012-05-11 10:55:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$
2012-05-06 00:28:12 ----A---- C:\WINDOWS\system32\hidserv.dll
2012-05-06 00:28:11 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2012-05-06 00:27:56 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2012-05-02 12:32:33 ----D---- C:\Program Files\UltraISO
2012-05-02 12:32:33 ----D---- C:\Program Files\Common Files\EZB Systems
2012-04-28 20:23:56 ----A---- C:\WINDOWS\system32\javaws.exe
2012-04-28 20:23:14 ----A---- C:\WINDOWS\system32\javaw.exe
2012-04-28 20:23:14 ----A---- C:\WINDOWS\system32\java.exe
2012-04-28 20:17:34 ----D---- C:\Documents and Settings\dom\Data aplikací\Gholam_Inc
2012-04-28 20:09:03 ----D---- C:\Program Files\SUPERAntiSpyware
2012-04-28 20:08:33 ----A---- C:\WINDOWS\system32\drivers\dtsoftbus01.sys
2012-04-28 20:08:11 ----D---- C:\Program Files\DAEMON Tools Lite
2012-04-26 21:31:43 ----SD---- C:\32788R22FWJFW
2012-04-26 20:14:54 ----SHD---- C:\RECYCLER
2012-04-24 11:54:25 ----A---- C:\WINDOWS\system32\setupempdrv03.exe
2012-04-23 19:24:52 ----D---- C:\Program Files\trend micro
2012-04-20 11:08:35 ----D---- C:\Program Files\SecurityKISS Tunnel
2012-04-19 14:08:53 ----A---- C:\WINDOWS\system32\drivers\L8042Kbd.sys
2012-04-17 14:02:28 ----D---- C:\Fraps
2012-04-14 17:45:59 ----D---- C:\Program Files\CleanUp!
2012-04-13 08:15:23 ----D---- C:\Program Files\Common Files\Steganos
2012-04-13 08:14:08 ----D---- C:\Documents and Settings\dom\Data aplikací\Steganos
2012-04-12 20:27:53 ----D---- C:\Program Files\iCare Data Recovery
2012-04-12 10:45:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$

======List of files/folders modified in the last 1 month======

2012-05-11 11:59:41 ----D---- C:\WINDOWS\system32\drivers
2012-05-11 11:59:02 ----D---- C:\WINDOWS\Prefetch
2012-05-11 11:57:26 ----D---- C:\WINDOWS\Temp
2012-05-11 11:56:27 ----D---- C:\WINDOWS\system32\CatRoot2
2012-05-11 11:54:28 ----SHD---- C:\WINDOWS\Installer
2012-05-11 11:54:27 ----D---- C:\Config.Msi
2012-05-11 11:53:44 ----RSD---- C:\WINDOWS\assembly
2012-05-11 11:20:31 ----D---- C:\WINDOWS\WinSxS
2012-05-11 11:19:10 ----D---- C:\WINDOWS\system32
2012-05-11 11:19:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-05-11 11:07:36 ----SHD---- C:\System Volume Information
2012-05-11 11:04:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-05-11 11:03:35 ----D---- C:\WINDOWS
2012-05-11 10:56:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-05-11 10:54:40 ----HD---- C:\WINDOWS\inf
2012-05-11 10:47:41 ----HD---- C:\WINDOWS\$hf_mig$
2012-05-08 20:34:52 ----A---- C:\WINDOWS\system32\sun_debug.txt
2012-05-08 20:34:37 ----A---- C:\WINDOWS\system32\sun_debug1.txt
2012-05-08 20:06:03 ----D---- C:\Documents and Settings\dom\Data aplikací\DAEMON Tools Lite
2012-05-08 20:00:24 ----D---- C:\Program Files\Opera
2012-05-06 14:03:31 ----D---- C:\Documents and Settings\dom\Data aplikací\vlc
2012-05-06 01:41:12 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-05-02 17:12:49 ----A---- C:\WINDOWS\wincmd.ini
2012-05-02 12:32:33 ----RD---- C:\Program Files
2012-05-02 11:12:02 ----SD---- C:\WINDOWS\Tasks
2012-05-02 10:55:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2012-04-29 13:29:46 ----ASH---- C:\boot.ini
2012-04-29 12:30:41 ----D---- C:\Program Files\EASEUS
2012-04-29 12:21:38 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-04-29 12:21:34 ----D---- C:\Program Files\SpywareBlaster
2012-04-29 12:14:49 ----D---- C:\Documents and Settings\dom\Data aplikací\KeePass
2012-04-29 12:14:45 ----D---- C:\Program Files\KeePass Password Safe 2
2012-04-28 20:22:03 ----A---- C:\WINDOWS\system32\npdeployJava1.dll
2012-04-28 20:22:03 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-04-28 20:06:13 ----D---- C:\Program Files\CCleaner
2012-04-26 21:32:38 ----D---- C:\WINDOWS\system32\Restore
2012-04-26 18:38:10 ----A---- C:\WINDOWS\system.ini
2012-04-26 18:34:48 ----D---- C:\WINDOWS\AppPatch
2012-04-26 18:34:46 ----D---- C:\Program Files\Common Files
2012-04-26 07:48:53 ----D---- C:\WINDOWS\system32\drivers\etc
2012-04-26 07:47:44 ----D---- C:\WINDOWS\system32\config
2012-04-25 17:56:32 ----D---- C:\WINDOWS\system32\drivers\NAV
2012-04-20 11:44:25 ----A---- C:\WINDOWS\system32\ipconfig_results.txt
2012-04-19 14:08:56 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-04-18 16:38:15 ----D---- C:\Documents and Settings\dom\Data aplikací\uTorrent
2012-04-17 16:31:52 ----D---- C:\WINDOWS\Debug
2012-04-13 08:04:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-04-12 10:58:58 ----D---- C:\WINDOWS\Microsoft.NET
2012-04-12 10:50:55 ----D---- C:\Program Files\Internet Explorer
2012-04-12 10:46:17 ----A---- C:\WINDOWS\system32\MRT.exe
2012-04-12 10:45:48 ----D---- C:\WINDOWS\ie8updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 EUBAKUP;EUBAKUP; C:\WINDOWS\system32\drivers\eubakup.sys [2011-12-23 50312]
R0 EUBKMON;EUBKMON; C:\WINDOWS\system32\drivers\EUBKMON.sys [2011-12-23 43784]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2012-03-11 97760]
R0 m5288;m5288; C:\WINDOWS\system32\DRIVERS\m5288.sys [2005-12-23 210304]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2012-01-20 170464]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NAV\1307000.009\SYMDS.SYS [2011-07-25 340088]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NAV\1307000.009\SYMEFA.SYS [2012-03-29 905336]
R0 tdrpman;Acronis Try&Decide and Restore Points filter; C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2011-07-26 368480]
R0 timounter;Acronis Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2012-02-24 600928]
R0 VVBackd5;VVBackd5; C:\WINDOWS\system32\drivers\VVBackd5.sys [2011-08-04 141400]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 AntiLog32;AntiLog32; \??\C:\Program Files\AntiLogger\AntiLog32.sys []
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys []
R1 ccSet_NAV;Norton AntiVirus Settings Manager; C:\WINDOWS\system32\drivers\NAV\1307000.009\ccSetx86.sys [2011-11-30 132744]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-03-11 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-03-11 31704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-04-28 242240]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 EUDSKACS;EUDSKACS; \??\C:\WINDOWS\system32\drivers\eudskacs.sys []
R1 EUFDDISK;EUFDDISK; \??\C:\WINDOWS\system32\drivers\EuFdDisk.sys []
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver]; \??\C:\WINDOWS\system32\drivers\Sleen17.sys []
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NAV\1307000.009\SRTSPX.SYS [2012-03-29 32888]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NAV\1307000.009\Ironx86.SYS [2012-03-29 149624]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NAV\1307000.009\SYMTDI.SYS [2012-03-29 388216]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]
R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller; C:\WINDOWS\System32\Drivers\ALIEHCI.sys [2012-01-15 84471]
R2 HCDisk;HCDisk; C:\WINDOWS\system32\drivers\HCDisk.sys [2011-01-05 56920]
R2 tifsfilter;Seagate DiscWizard FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2011-07-26 44384]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2012-01-15 380416]
R3 aliroothub;USB 2.0 Root Hub; C:\WINDOWS\system32\DRIVERS\AliRtHub.sys [2012-01-15 5304]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2012-01-15 108767]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FARMNTIO;FARMNTIO; \??\c:\windows\system32\drivers\farmntio.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120427.001\IDSxpx86.sys []
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120428.016\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120428.016\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2012-03-01 13417632]
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1307000.009\SRTSP.SYS [2012-03-29 574072]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2011-07-01 26624]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\WINDOWS\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2011-09-14 299424]
S1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2011-10-13 441608]
S1 Uim_Vim;UIM Virtual Image Plugin; C:\WINDOWS\System32\Drivers\Uim_Vim.sys [2011-10-13 277576]
S1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2011-10-13 45240]
S3 alihub;Generic Hub on USB 2.0 Bus; C:\WINDOWS\system32\DRIVERS\AliHub.sys [2012-01-15 32118]
S3 ALSysIO;ALSysIO; \??\C:\DOCUME~1\dom\LOCALS~1\Temp\ALSysIO.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 L8042Kbd;Logitech SetPoint Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2012-04-19 13440]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2012-01-15 50688]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
S3 slicedisk.sys;slicedisk.sys; \??\C:\WINDOWS\system32\slicedisk.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2012-01-05 32768]
S3 tapoas;TAP-Win32 Adapter OAS; C:\WINDOWS\system32\DRIVERS\tapoas.sys [2011-08-19 26112]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
R2 AEADIFilters;Andrea ADI Filters Service; C:\WINDOWS\system32\AEADISRV.EXE [2012-01-15 90112]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service; C:\Program Files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-03-11 1983232]
R2 DriveClone Network Client IBP;DriveClone Network Client IBP; C:\Program Files\FarStone\RestoreIT 7\IBP\fsloader.exe [2009-08-18 126976]
R2 EaseUS Agent;EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [2011-12-23 61064]
R2 Guard Agent;Guard Agent; C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-12-23 23176]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-04-28 161736]
R2 NAV;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe [2012-03-28 138232]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-02-29 164160]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 SgtSch2Svc;Seagate Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2009-11-02 431456]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

1. PC vyčistěte od balastu CCleanerem: http://forum.viry.cz/viewtopic.php?f=46&t=7478 .
2. Dvouklikem na soubor C:\Program Files\trend micro\dom.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

O3 - Toolbar: (no name) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - (no file)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

Klikněte na >FixChecked< a restartujte PC.

Dobrý večer,děkuji za rady.
PC vyčištěno,v HijackThis fixnuto,ale PC stále zamrzá.

Co jste instaloval těsně před tím, než se problém objevil?

Právě zě nic,byl sem týden pryč a po návratu se začal sekat.
Teď koukam,že mi dumprep.exe žere celej procák

Zkuste:

Tento počítač/Vlastnosti/karta Upřesnit/Spuštění a zotavení systému - Nastavení. Zrušte zatržítko u "Zapsat událost do systémového protokolu".

Restartujte PC. Koukněte, zda zatížení pokleslo.

zatížení pokleslo,ale na PC se nic nezměnilo

Start>ovl.panely>system>hardware>správce zařízení>řadiče IDE/ATA. Rozklikněte a na jednotlivých kanálech pravým myšítkem>upřesnit nastavení zjistěte, zda je zapnut DMA režim. Pokud ne, zapněte, je-li to možné, uložte nastavení a restartujte PC.

tak řadiče IDE/ATA mam divný
vypadá to takto ??IDE?? tak asi aktualizovat ovladče či co?

macc píše:tak řadiče IDE/ATA mam divný
vypadá to takto ??IDE?? tak asi aktualizovat ovladče či co?

Jak "divný"? Mne zajímá, zda máte zapnutý DMA režim. Pokud je tam režim PIO, PC se značně zpomalí.

primarni IDE - DMA
aktuální režim přenosu - režim ultra DMA

sekundarni IDE - DMA(lzeli použít)
aktuální režim přenosu-nelze pouzít

Toto bude OK, na to sekundárním bude asi opt. mechanika, která většinou DMA přenos nepodporuje. Zkuste obnovu systému k datu, kdy korektně fungoval.

Tak jsem zjistil,že jsem měl obnovu systemu vypnutou.
Máte ještě nějaké rady,předem děkuji

Dejte log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Zravím a posílám log

ComboFix 12-05-12.01 - Administrator 12.05.2012 12:57:48.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1138 [GMT 2:00]
Spuštěný z: c:\documents and settings\dom\Plocha\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-12 do 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-11 18:17 . 2012-05-11 18:18 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-11 09:59 . 2012-05-11 10:00 -------- d-----w- C:\rsit
2012-05-05 22:28 . 2008-04-14 06:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-05-05 22:28 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-05-05 22:28 . 2008-04-14 05:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-05-05 22:28 . 2008-04-14 05:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-05-05 22:27 . 2008-04-13 22:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-05-05 22:27 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-04-28 18:23 . 2012-04-28 18:22 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-28 18:17 . 2012-04-28 18:17 -------- d-----w- c:\documents and settings\dom\Data aplikací\Gholam_Inc
2012-04-28 18:09 . 2012-04-28 18:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-28 18:08 . 2012-04-28 18:08 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-28 18:08 . 2012-04-28 18:08 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-04-26 19:31 . 2012-05-12 10:54 -------- d-----w- C:\32788R22FWJFW
2012-04-24 13:55 . 2012-04-25 15:55 -------- d-----w- c:\windows\system32\drivers\NAV\1307000.009
2012-04-24 09:54 . 2011-07-29 11:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-04-23 17:24 . 2012-05-11 16:51 -------- d-----w- c:\program files\trend micro
2012-04-20 09:08 . 2012-04-29 09:46 -------- d-----w- c:\program files\SecurityKISS Tunnel
2012-04-19 12:08 . 2012-04-19 12:08 13440 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys
2012-04-17 12:02 . 2012-04-17 12:08 -------- d-----w- C:\Fraps
2012-04-14 15:45 . 2012-04-14 15:46 -------- d-----w- c:\program files\CleanUp!
2012-04-13 06:15 . 2012-04-13 06:15 -------- d-----w- c:\program files\Common Files\Steganos
2012-04-13 06:14 . 2012-04-17 14:04 -------- d-----w- c:\documents and settings\dom\Data aplikací\Steganos
2012-04-12 18:27 . 2012-04-12 18:28 -------- d-----w- c:\program files\iCare Data Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 23:41 . 2012-04-02 05:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 23:41 . 2011-05-18 17:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-28 18:22 . 2011-12-16 17:50 772552 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-28 18:22 . 2011-05-07 18:22 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-11 13:55 . 2002-09-20 17:12 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2002-09-23 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2002-09-23 12:00 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-04 13:56 . 2012-01-09 14:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 08:38 . 2012-02-11 14:25 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-27 08:38 . 2012-02-11 14:25 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-15 12:35 . 2002-09-23 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-11 21:13 . 2011-10-07 17:48 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-11 21:13 . 2011-10-07 17:48 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-10-07 17:48 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-10-07 17:48 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-11-09 11:37 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2010-12-28 23:42 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-01 18:24 . 2011-07-22 14:17 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-03-01 10:59 . 2002-09-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2002-09-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2002-09-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 23:58 . 2011-11-09 10:50 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58 . 2011-11-09 10:50 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:58 . 2011-02-23 06:27 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58 . 2011-02-23 06:27 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2011-02-23 06:27 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2011-02-23 06:27 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2011-02-23 06:27 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58 . 2007-06-28 16:43 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58 . 2007-06-28 16:43 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58 . 2007-06-28 16:43 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58 . 2007-06-28 16:43 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 20:30 . 2011-04-07 20:16 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2011-04-07 20:16 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2011-04-07 20:16 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2011-04-07 20:16 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:30 . 2011-04-07 20:16 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-29 14:10 . 2002-09-23 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-09-23 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2011-04-30 08:05 385024 ------w- c:\windows\system32\html.iec
2012-02-24 06:26 . 2011-06-06 20:58 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-03-15 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2002-09-23 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2012-01-15 118784]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2012-02-02 2975688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AdFender.lnk]
backup=c:\windows\pss\AdFender.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^alternative flash player auto-updater.lnk]
backup=c:\windows\pss\alternative flash player auto-updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^dom^Nabídka Start^Programy^Po spuštění^_uninst_14916961.lnk]
backup=c:\windows\pss\_uninst_14916961.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^dom^Nabídka Start^Programy^Po spuštění^_uninst_36775014.lnk]
backup=c:\windows\pss\_uninst_36775014.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-11-02 16:57 906288 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiLogger10_Uninstall1]
2008-04-14 06:52 507904 ----a-w- c:\windows\system32\winlogon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 10 Interface]
2010-09-23 15:46 3154432 ----a-w- c:\program files\Cobian Backup 10\cbInterface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-17 15:19 3671872 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2009-11-02 16:49 1346000 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
2012-04-23 12:07 338808 ----a-w- c:\progra~1\Uniblue\DRIVER~1\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-12-26 18:06 743560 ----a-w- c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-12-23 04:09 70792 ----a-w- c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 13:21 61952 ------w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
2012-01-05 09:32 1823744 ----a-w- c:\program files\KeePass Password Safe 2\KeePass.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-02-29 20:30 15494464 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-02-29 20:30 108352 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-02-29 23:58 1634112 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]
2009-11-02 16:52 136544 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 13:35 716800 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2012-01-15 07:36 1310720 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 10:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-04-20 00:56 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\EASEUS\\Todo Backup\\bin\\Agent.exe"=
"d:\\Hry instal\\PES2012\\pes2012.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [22.1.2012 19:39 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [22.1.2012 19:39 43784]
R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [8.5.2011 7:32 210304]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1307000.009\symds.sys [24.4.2012 15:56 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1307000.009\symefa.sys [24.4.2012 15:56 905336]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VvBackd5.sys [15.3.2012 10:15 141400]
R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2.2.2012 11:31 58648]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [20.4.2012 7:56 821880]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1307000.009\ccsetx86.sys [24.4.2012 15:56 132744]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [7.10.2011 19:48 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [7.10.2011 19:48 31704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [28.4.2012 20:08 242240]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [22.1.2012 19:39 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [22.1.2012 19:39 185864]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\system32\drivers\SleeN17.sys [17.2.2010 14:21 94560]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1307000.009\ironx86.sys [24.4.2012 15:56 149624]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 1:38 116608]
R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [5.5.2011 20:53 84471]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [16.2.2012 9:09 67584]
R2 EaseUS Agent;EaseUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [22.1.2012 19:37 61064]
R2 Guard Agent;Guard Agent;c:\program files\EASEUS\Todo Backup\bin\GuardAgent.exe [22.1.2012 19:37 23176]
R2 HCDisk;HCDisk;c:\windows\system32\drivers\HCDisk.sys [15.3.2012 10:15 56920]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccsvchst.exe [24.4.2012 15:55 138232]
R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [5.5.2011 20:53 5304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [15.3.2012 8:04 106104]
R3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\FarMntIo.sys [15.3.2012 10:14 21592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120427.001\IDSXpx86.sys [29.4.2012 8:21 356280]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [4.6.2011 11:49 17792]
S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [13.10.2011 14:06 277576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 DriveClone Network Client IBP;DriveClone Network Client IBP;c:\program files\FarStone\RestoreIT 7\IBP\FsLoader.exe [15.3.2012 10:15 126976]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [23.2.2012 11:16 2348352]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2.4.2012 7:53 257696]
S3 alihub;Generic Hub on USB 2.0 Bus;c:\windows\system32\drivers\AliHub.sys [5.5.2011 20:53 32118]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\dom\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\dom\LOCALS~1\Temp\ALSysIO.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [11.5.2012 20:17 129976]
S3 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2.11.2009 18:52 431456]
S3 slicedisk.sys;slicedisk.sys;\??\c:\windows\system32\slicedisk.sys --> c:\windows\system32\slicedisk.sys [?]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [19.8.2011 2:46 26112]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [19.12.2011 15:12 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 23:41]
.
2012-05-12 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2012-05-02 12:07]
.
2012-05-12 c:\windows\Tasks\User_Feed_Synchronization-{D0F7BD77-CCB4-4A6F-9796-3E0F6A6FD883}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 192.168.4.20
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath -
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-12 13:05
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST350041 rev.CC46 -> Harddisk2\DR2 -> \Device\Scsi\m52881Port2Path0Target2Lun0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-113007714-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(1144)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(5888)
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(884)
c:\windows\system32\cmdcsr.dll
.
Celkový čas: 2012-05-12 13:08:44
ComboFix-quarantined-files.txt 2012-05-12 11:08
.
Před spuštěním: Volných bajtů: 53 904 764 928
Po spuštění: Volných bajtů: 53 912 018 944
.
- - End Of File - - FFF7C5E5BEDE2FEA7D924EA43A78951C