PC-HELP.CZ

Takhle vypadá moje virová truhla zhruba 3 dny po spuštění nové instalace Win XP. Mno asi se není čím chlubit. Ale potřeboval bych trochu pomoci. Prosím Prosím.
Chtěl bych zjistit zdroj nákazy a tím také vědět které programy přestanou fungovat po vyléčení. Případně abych se zavirované instalace zbavil (bo co stáhnu to většinou někde skladuji) Pro lepší orientaci a aby bylo z čeho vyjít přidávám log HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:01, on 21.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program Files\VisualTaskTips\VisualTaskTips.exe
D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\VIA\RAID\vialogsv.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast5] D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ArcSoft Connection Service] D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "D:\WINDOWS\TEMP\E_S483.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EVEREST AutoStart] D:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [JDK5SWFMZY] D:\DOCUME~1\Spravce\LOCALS~1\Temp\Fvc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Visual Task Tips.lnk = D:\Program Files\VisualTaskTips\VisualTaskTips.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Start BT in service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VRAID Log Service - Unknown owner - D:\Program Files\VIA\RAID\vialogsv.exe

--
End of file - 6285 bytes

Ahoj,
Spíš bych řekla že sis to stahnul někde z netu a teď Ti to straší v pc .

Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.

Cau "Bledule" pardon Bledulko sem na chvíli odběhl - trvalo to déle - s tebou sem ještě neměl tu čest tak se ukaž jak tě chlapci vyškolili..

ComboFix 10-07-20.03 - Spravce 21.07.2010 8:51.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.685 [GMT 2:00]
Spuštěný z: d:\documents and settings\Spravce\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\Fnaqoa.exe
d:\windows\system32\Dvbpws.dll
d:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Soubory vytvořené od 2010-06-21 do 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-19 13:06 . 2008-04-13 20:15 26368 -c--a-w- d:\windows\system32\dllcache\usbstor.sys
2010-07-18 03:35 . 2008-08-04 15:40 350 ----a-w- d:\windows\system32\AF15IRTBL.bin
2010-07-18 03:24 . 2008-05-11 23:08 32768 ----a-w- d:\windows\system\VRAIDlog.dll
2010-07-18 03:17 . 2010-07-18 03:17 -------- d-----w- d:\program files\Intel
2010-07-18 03:17 . 2010-02-23 10:00 256712 ----a-w- d:\windows\system32\PROUnstl.exe
2010-07-18 02:38 . 2010-07-18 02:38 -------- d-----w- d:\program files\Driver-Soft
2010-07-18 01:47 . 2010-07-18 01:47 -------- d-----w- D:\WFDB
2010-07-18 01:27 . 2008-04-14 03:59 14592 -c--a-w- d:\windows\system32\dllcache\kbdhid.sys
2010-07-18 01:27 . 2008-04-14 03:59 14592 ----a-w- d:\windows\system32\drivers\kbdhid.sys
2010-07-18 01:27 . 2008-04-13 20:15 10368 -c--a-w- d:\windows\system32\dllcache\hidusb.sys
2010-07-18 01:27 . 2008-04-13 20:15 10368 ----a-w- d:\windows\system32\drivers\hidusb.sys
2010-07-18 01:23 . 2005-04-27 14:36 245408 ----a-w- d:\windows\system32\unicows.dll
2010-07-18 01:23 . 2010-07-18 01:23 -------- d-----w- d:\program files\Common Files\ArcSoft
2010-07-18 01:22 . 2004-12-23 15:27 27392 ----a-w- d:\windows\system32\drivers\ULCDRHlp.sys
2010-07-18 01:22 . 2010-07-18 01:22 -------- d-----w- d:\program files\Common Files\Ulead Systems
2010-07-18 01:21 . 2010-07-18 03:35 -------- d-----w- d:\windows\system32\WinFast
2010-07-18 01:21 . 2010-07-18 01:21 -------- d-----w- d:\program files\Leadtek Research Inc
2010-07-18 01:10 . 2009-09-30 09:33 24576 ----a-w- d:\windows\system32\AsIO.dll
2010-07-18 01:10 . 2009-08-04 08:28 11296 ----a-w- d:\windows\system32\drivers\AsIO.sys
2010-07-18 01:10 . 2009-07-06 08:48 11448 ----a-w- d:\windows\system32\drivers\AsUpIO.sys
2010-07-18 00:18 . 2010-07-18 03:47 217180 ----a-w- d:\windows\system32\nvdrsdb0.bin
2010-07-18 00:18 . 2010-07-18 03:47 1 ----a-w- d:\windows\system32\nvdrssel.bin
2010-07-18 00:18 . 2010-07-18 00:50 217180 ----a-w- d:\windows\system32\nvdrsdb1.bin
2010-07-18 00:18 . 2010-06-07 23:57 600680 ----a-w- d:\windows\system32\nvuninst.exe
2010-07-18 00:18 . 2010-07-18 00:19 -------- d-----w- d:\program files\NVIDIA Corporation
2010-07-18 00:18 . 2010-06-07 23:57 61440 ----a-w- d:\windows\system32\OpenCL.dll
2010-07-18 00:18 . 2010-06-07 23:57 2632296 ----a-w- d:\windows\system32\nvcuvenc.dll
2010-07-18 00:18 . 2010-06-07 23:57 2165352 ----a-w- d:\windows\system32\nvcuvid.dll
2010-07-18 00:18 . 2010-06-07 23:57 4554752 ----a-w- d:\windows\system32\nvcuda.dll
2010-07-18 00:18 . 2010-06-07 23:57 2186342 ----a-w- d:\windows\system32\nvdata.bin
2010-07-18 00:18 . 2010-06-07 23:57 10256384 ----a-w- d:\windows\system32\nvcompiler.dll
2010-07-18 00:18 . 2010-07-18 00:18 -------- d-----w- D:\NVIDIA
2010-07-18 00:17 . 2010-06-07 23:57 600680 ----a-w- d:\windows\system32\nvudisp.exe
2010-07-17 23:39 . 2010-07-17 23:39 -------- d-----w- d:\program files\SystemRequirementsLab
2010-07-17 23:39 . 2010-07-17 23:39 -------- d-----w- d:\documents and settings\Spravce\SystemRequirementsLab
2010-07-17 23:38 . 2010-07-17 23:38 -------- d-----w- d:\windows\Sun
2010-07-17 22:23 . 2010-07-18 03:24 -------- d-----w- d:\program files\VIA
2010-07-17 22:23 . 2007-09-20 08:43 331184 ------w- d:\windows\system32\difxapi.dll
2010-07-17 22:23 . 2010-07-18 01:23 -------- d-----w- d:\program files\Common Files\InstallShield
2010-07-16 17:52 . 2010-07-16 17:52 -------- d-----w- d:\program files\Common Files\Adobe
2010-07-16 16:32 . 2010-07-16 16:38 -------- d-----w- d:\windows\SxsCaPendDel
2010-07-16 15:28 . 2010-07-16 15:28 -------- d-sh--w- d:\documents and settings\Spravce\IECompatCache
2010-07-16 15:26 . 2010-07-16 15:26 -------- d-sh--w- d:\documents and settings\Spravce\PrivacIE
2010-07-15 14:12 . 2010-07-15 14:12 -------- d-----w- d:\program files\MozBackup
2010-07-15 13:50 . 2010-07-15 13:59 -------- d-----w- d:\windows\ie8updates
2010-07-15 13:11 . 2010-07-15 13:11 -------- d-----w- d:\windows\system32\Adobe
2010-07-15 12:34 . 2010-07-15 12:34 0 ----a-w- d:\windows\nsreg.dat
2010-07-12 22:07 . 2008-04-13 22:15 2944 ----a-w- d:\windows\system32\drivers\drmkaud.sys
2010-07-12 22:07 . 2008-04-13 22:09 4992 ----a-w- d:\windows\system32\drivers\MSPQM.sys
2010-07-12 22:07 . 2008-04-13 22:47 83072 ----a-w- d:\windows\system32\drivers\wdmaud.sys
2010-07-12 22:07 . 2008-04-13 22:15 172416 ----a-w- d:\windows\system32\drivers\kmixer.sys
2010-07-12 22:07 . 2008-04-13 22:15 6272 ----a-w- d:\windows\system32\drivers\splitter.sys
2010-07-12 22:07 . 2008-04-13 22:45 60800 ----a-w- d:\windows\system32\drivers\sysaudio.sys
2010-07-12 22:07 . 2008-04-13 20:09 142592 ----a-w- d:\windows\system32\drivers\aec.sys
2010-07-12 22:07 . 2008-04-13 22:09 7552 ----a-w- d:\windows\system32\drivers\MSKSSRV.sys
2010-07-12 22:07 . 2008-04-13 22:09 5376 ----a-w- d:\windows\system32\drivers\MSPCLOCK.sys
2010-07-12 22:07 . 2008-04-13 22:15 56576 ----a-w- d:\windows\system32\drivers\swmidi.sys
2010-07-12 22:07 . 2008-04-13 22:15 52864 ----a-w- d:\windows\system32\drivers\DMusic.sys
2010-07-12 22:07 . 2001-08-17 19:59 3072 ----a-w- d:\windows\system32\drivers\audstub.sys
2010-07-12 22:06 . 2008-04-14 05:44 58496 ----a-w- d:\windows\system32\drivers\redbook.sys
2010-07-12 22:06 . 2010-07-18 00:20 -------- d-----w- d:\windows\nview
2010-07-12 22:06 . 2008-04-14 04:51 4096 -c--a-w- d:\windows\system32\dllcache\ksuser.dll
2010-07-12 22:06 . 2008-04-14 04:51 4096 ----a-w- d:\windows\system32\ksuser.dll
2010-07-12 22:06 . 2008-04-13 20:49 146048 -c--a-w- d:\windows\system32\dllcache\portcls.sys
2010-07-12 22:06 . 2008-04-13 20:49 146048 ----a-w- d:\windows\system32\drivers\portcls.sys
2010-07-12 22:06 . 2008-04-13 20:15 60160 -c--a-w- d:\windows\system32\dllcache\drmk.sys
2010-07-12 22:06 . 2008-04-13 20:15 60160 ----a-w- d:\windows\system32\drivers\drmk.sys
2010-07-12 22:06 . 2008-04-14 06:52 75264 ----a-w- d:\windows\system32\usbui.dll
2010-07-12 22:03 . 2010-07-21 06:51 -------- d-----w- d:\windows\system32\CatRoot2
2010-07-12 22:03 . 2010-07-18 03:23 -------- d-----w- d:\windows\system32\CatRoot
2010-07-12 22:03 . 2010-07-18 02:08 -------- d--h--r- d:\documents and settings\All Users\Data aplikací
2010-07-12 22:03 . 2010-07-12 20:12 -------- d--h--r- d:\documents and settings\Default User\Data aplikací
2010-07-12 22:02 . 2010-07-12 20:18 -------- d-----w- D:\Documents and Settings
2010-07-12 22:02 . 2010-07-12 20:14 -------- d--h--w- d:\documents and settings\Default User
2010-07-12 22:02 . 2010-07-12 20:11 -------- d-----w- d:\documents and settings\All Users

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-19 13:24 . 2010-07-12 20:33 -------- d-----w- d:\program files\ICQ7.2
2010-07-18 13:32 . 2010-07-12 20:31 -------- d-----w- d:\program files\Wise Disk Cleaner
2010-07-18 03:35 . 2010-07-12 20:34 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-07-18 03:15 . 2010-07-12 20:26 -------- d-----w- d:\program files\FreeRapid-0.83u1
2010-07-18 02:10 . 2010-07-12 20:32 -------- d-----w- d:\program files\Wise Registry Cleaner
2010-07-16 19:16 . 2010-07-12 20:14 -------- d-----w- d:\program files\Recepty
2010-07-16 18:29 . 2010-07-12 20:13 -------- d-----w- d:\program files\Ant Movie Catalog
2010-07-16 17:10 . 2004-08-18 12:00 76388 ----a-w- d:\windows\system32\perfc005.dat
2010-07-16 17:10 . 2004-08-18 12:00 426308 ----a-w- d:\windows\system32\perfh005.dat
2010-07-16 17:04 . 2010-07-12 20:11 76487 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-16 17:04 . 2010-07-12 20:11 2378 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-07-16 17:03 . 2010-07-12 20:11 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-07-12 20:52 . 2010-07-12 20:50 -------- d-----w- d:\program files\Common Files\Ahead
2010-07-12 20:50 . 2010-07-12 20:50 -------- d-----w- d:\program files\Nero
2010-07-12 20:44 . 2010-07-12 20:41 -------- d-----w- d:\program files\epson
2010-07-12 20:38 . 2010-07-12 20:38 -------- d-----w- d:\program files\Microsoft.NET
2010-07-12 20:33 . 2010-07-12 20:33 -------- d-----w- d:\program files\CCleaner
2010-07-12 20:28 . 2010-07-12 20:28 -------- d-----w- d:\program files\Alwil Software
2010-07-12 20:26 . 2010-07-12 20:26 -------- d-----w- d:\program files\IVT Corporation
2010-07-12 20:22 . 2010-07-12 20:22 -------- d-----w- d:\program files\MSBuild
2010-07-12 20:22 . 2010-07-12 20:22 -------- d-----w- d:\program files\Reference Assemblies
2010-07-12 20:14 . 2010-07-12 20:14 -------- d-----w- d:\program files\microsoft frontpage
2010-07-12 20:14 . 2010-07-12 20:14 -------- d-----w- d:\program files\VisualTaskTips
2010-07-12 20:13 . 2010-07-12 20:13 -------- d-----w- d:\program files\VideoLAN
2010-07-12 20:13 . 2010-07-12 20:13 -------- d-----r- d:\program files\Skype
2010-07-12 20:13 . 2010-07-12 20:13 -------- d-----w- d:\program files\PSPad editor
2010-07-12 20:13 . 2010-07-12 20:13 -------- d-----w- d:\program files\GSpot
2010-07-12 20:13 . 2010-07-12 20:13 -------- d-----w- d:\program files\Defraggler
2010-07-12 20:13 . 2010-07-12 20:13 -------- d-----w- d:\program files\Lavalys
2010-07-12 20:12 . 2010-07-12 20:12 -------- d-----w- d:\program files\Common Files\Java
2010-07-12 20:12 . 2010-07-12 20:12 423656 ----a-w- d:\windows\system32\deployJava1.dll
2010-07-12 20:12 . 2010-07-12 20:12 -------- d-----w- d:\program files\Java
2010-07-12 20:09 . 2010-07-12 20:09 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2010-07-12 20:09 . 2010-07-12 20:09 -------- d-----w- d:\program files\Windows Media Connect 2
2010-07-12 19:22 . 2001-10-24 10:25 77891 ----a-w- d:\windows\system32\usrmlnka.exe
2010-07-12 19:19 . 2010-07-12 19:19 381056 ----a-w- d:\windows\system32\drivers\senfilt.sys
2010-07-12 19:19 . 2010-07-12 19:19 266880 ----a-w- d:\windows\system32\drivers\smwdm.sys
2010-07-12 19:19 . 2010-07-12 19:19 65536 ----a-w- d:\windows\system32\a3d.dll
2010-07-12 19:19 . 2010-07-12 19:19 5810 ----a-w- d:\windows\system32\drivers\ASACPI.sys
2010-07-12 19:19 . 2010-07-12 19:19 55808 ----a-w- d:\windows\system32\EtCoInst.dll
2010-07-12 19:19 . 2010-07-12 19:19 19456 ----a-w- d:\windows\system32\IntelNic.dll
2010-07-12 19:19 . 2010-07-12 19:19 116176 ----a-w- d:\windows\system32\drivers\aeaudio.sys
2010-07-12 19:17 . 2010-07-12 19:17 27904 ----a-w- d:\windows\system32\drivers\VIAAGP1.SYS
2010-07-12 19:16 . 2010-07-12 19:17 997376 ----a-w- d:\windows\system32\syssetup.dll
2010-07-12 19:16 . 2010-07-12 19:16 4096 ----a-w- d:\windows\system32\wmvdmoe2.dll
2010-07-12 19:16 . 2010-07-12 19:16 4096 ----a-w- d:\windows\system32\wmvdmod.dll
2010-07-12 19:16 . 2010-07-12 19:16 1329152 ----a-w- d:\windows\system32\wmspdmoe.dll
2010-07-12 19:16 . 2010-07-12 19:16 99840 ----a-w- d:\windows\system32\wmpshell.dll
2010-07-12 19:16 . 2010-07-12 19:16 8257536 ----a-w- d:\windows\system32\wmploc.dll
2010-07-12 19:16 . 2010-07-12 19:16 4096 ----a-w- d:\windows\system32\wmsdmoe2.dll
2010-07-12 19:16 . 2010-07-12 19:16 4096 ----a-w- d:\windows\system32\wmsdmod.dll
2010-07-12 19:16 . 2010-07-12 19:16 242688 ----a-w- d:\windows\system32\wmpasf.dll
2010-07-12 19:14 . 2010-07-12 19:14 24576 ----a-w- d:\windows\system32\nlsdl.dll
2010-07-12 19:14 . 2010-07-12 19:14 23552 ----a-w- d:\windows\system32\normaliz.dll
2010-07-12 19:14 . 2010-07-12 19:14 265720 ----a-w- d:\windows\system32\msdbg2.dll
2010-07-12 19:14 . 2010-07-12 19:14 26112 ----a-w- d:\windows\system32\idndl.dll
2010-07-12 19:13 . 2010-07-12 19:13 48128 ----a-w- d:\windows\system32\mshtmler.dll
2010-07-12 19:13 . 2010-07-12 19:13 156160 ----a-w- d:\windows\system32\msls31.dll
2010-07-12 19:13 . 2010-07-12 19:13 45568 ----a-w- d:\windows\system32\mshta.exe
2010-07-12 19:13 . 2010-07-12 19:13 43008 ----a-w- d:\windows\system32\licmgr10.dll
2010-07-12 19:13 . 2010-07-12 19:13 34816 ----a-w- d:\windows\system32\imgutil.dll
2010-07-12 19:13 . 2010-07-12 19:13 71680 ----a-w- d:\windows\system32\iesetup.dll
2010-07-12 19:13 . 2010-07-12 19:13 72704 ----a-w- d:\windows\system32\admparse.dll
2010-07-12 19:13 . 2010-07-12 19:13 18944 ----a-w- d:\windows\system32\corpol.dll
2010-07-12 19:11 . 2010-07-12 19:11 1792 ----a-w- d:\windows\system32\nlite.cmd
2010-07-02 21:52 . 2010-07-12 20:26 -------- d-----w- d:\program files\Sumatra PDF1_1
2010-06-29 15:55 . 2010-07-12 20:26 -------- d-----w- d:\program files\MWSnap
2010-06-29 15:55 . 2010-07-12 20:26 -------- d-----w- d:\program files\ICONLIB
2010-06-29 15:55 . 2010-07-12 20:26 -------- d-----w- d:\program files\USBDiskEjector
2010-06-28 20:57 . 2010-07-12 20:28 38848 ----a-w- d:\windows\avastSS.scr
2010-06-28 20:57 . 2010-07-12 20:28 165032 ----a-w- d:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-07-12 20:28 46672 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-07-12 20:28 165456 ----a-w- d:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-07-12 20:28 23376 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-07-12 20:28 100176 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-07-12 20:28 94544 ----a-w- d:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-07-12 20:28 17744 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-07-12 20:28 28880 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2010-06-17 05:55 . 2010-07-12 20:30 545 ----a-w- d:\windows\UC.PIF
2010-06-17 05:55 . 2010-07-12 20:30 545 ----a-w- d:\windows\RAR.PIF
2010-06-17 05:55 . 2010-07-12 20:30 545 ----a-w- d:\windows\PKZIP.PIF
2010-06-17 05:55 . 2010-07-12 20:30 545 ----a-w- d:\windows\PKUNZIP.PIF
2010-06-17 05:55 . 2010-07-12 20:30 545 ----a-w- d:\windows\NOCLOSE.PIF
2010-06-17 05:55 . 2010-07-12 20:30 545 ----a-w- d:\windows\LHA.PIF
2010-06-17 05:55 . 2010-07-12 20:30 545 ----a-w- d:\windows\ARJ.PIF
2010-06-14 14:31 . 2010-07-12 20:10 744448 ----a-w- d:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-07 23:57 . 2005-12-10 01:06 6300544 ----a-w- d:\windows\system32\nv4_disp.dll
2010-06-07 23:57 . 2005-12-10 01:06 232040 ----a-w- d:\windows\system32\nvcodins.dll
2010-06-07 23:57 . 2005-12-10 01:06 232040 ----a-w- d:\windows\system32\nvcod.dll
2010-06-07 23:57 . 2005-12-10 01:06 15192064 ----a-w- d:\windows\system32\nvoglnt.dll
2010-06-07 23:57 . 2005-12-10 01:06 1359872 ----a-w- d:\windows\system32\nvapi.dll
2010-06-07 23:57 . 2005-12-10 01:06 10531200 ----a-w- d:\windows\system32\drivers\nv4_mini.sys
2010-06-07 15:35 . 2010-06-07 15:35 81920 ----a-w- d:\windows\system32\nvwddi.dll
2010-06-07 15:35 . 2010-06-07 15:35 253952 ----a-w- d:\windows\system32\nvrsth.dll
2010-06-07 15:35 . 2010-06-07 15:35 277608 ----a-w- d:\windows\system32\nvmccs.dll
2010-06-07 15:35 . 2010-06-07 15:35 110696 ----a-w- d:\windows\system32\nvmctray.dll
2010-06-07 15:35 . 2010-06-07 15:35 154728 ----a-w- d:\windows\system32\nvsvc32.exe
2010-06-07 15:35 . 2010-06-07 15:35 13902440 ----a-w- d:\windows\system32\nvcpl.dll
2010-06-02 02:55 . 2010-07-12 20:26 74072 ----a-w- d:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-07-12 20:26 527192 ----a-w- d:\windows\system32\XAudio2_7.dll
.

------- Sigcheck -------

[-] 2010-07-12 . B84B22372D6170FFA7858C3B405B1A16 . 1571840 . . [5.1.2600.5512] . . d:\windows\system32\sfcfiles.dll


d:\windows\System32\regsvc.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EVEREST AutoStart"="d:\program files\Lavalys\EVEREST Ultimate Edition\everest.exe" [2009-02-04 2350176]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="d:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"ArcSoft Connection Service"="d:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2010-05-13 26194728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2010-07-12 128512]

d:\documents and settings\Spravce\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Visual Task Tips.lnk - d:\program files\VisualTaskTips\VisualTaskTips.exe [2008-6-22 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-06-08 11:39 133368 ----a-w- d:\program files\ICQ7.2\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- d:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- d:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2008-06-20 13:58 2887680 ----a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2008-07-11 09:46 90112 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\ICQ7.2\\ICQ.exe"=
"d:\\Program Files\\ICQ7.2\\aolload.exe"=
"d:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"d:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 AsUpIO;AsUpIO;d:\windows\system32\drivers\AsUpIO.sys [18.7.2010 3:10 11448]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [12.7.2010 22:28 165456]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [12.7.2010 22:28 17744]
R2 VRAID Log Service;VRAID Log Service;d:\program files\VIA\RAID\vialogsv.exe [18.7.2010 5:24 52888]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [12.7.2010 22:13 26224]
S3 cpudrv;cpudrv;d:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 10:58 11336]
S3 Start BT in service;Start BT in service;d:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21.4.2007 14:54 52080]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - EVERESTDRIVER
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - d:\program files\ICQ7.2\ICQ.exe
FF - ProfilePath - d:\documents and settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\2d718ojg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.0&q=
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-21 09:01
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\d:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3148)
d:\program files\VisualTaskTips\VttHooks.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\wpdshserviceobj.dll
d:\windows\system32\portabledevicetypes.dll
d:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\nvsvc32.exe
d:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
d:\program files\Alwil Software\Avast5\AvastSvc.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\RUNDLL32.EXE
d:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
d:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\windows\system32\wscntfy.exe
d:\windows\system32\wbem\wmiapsrv.exe
d:\program files\Alwil Software\Avast5\setup\avast.setup
.
**************************************************************************
.
Celkový čas: 2010-07-21 09:02:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-21 07:02

Před spuštěním: Volných bajtů: 16 152 027 136
Po spuštění: Volných bajtů: 16 188 592 128

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=" Stara instalace Win XP" /noexecute=optin /fastdetect

- - End Of File - - 0BB488001517A6BE8814017E6FCE68EF

Ahoj
Já jsem tu jen takový malý pomocníček , aby na to Jaro3 nebyl sám
Ten chybějící soubor Ti pak doplním, náhodou mám stejný OS


Otestuj na http://www.virustotal.com


d:\windows\system32\dllcache\usbstor.sys
d:\windows\system32\PROUnstl.exe


-Do okénka zkopíruj cestu k souboru , pokud napíše, že soubor byl už testován, dej otestovat znovu.
-Sem vlož link s výsledky.


***********************

Tuto složku znáš?
D:\WFDB

********************

Stahni Mbam http://download.cnet.com/3001-8022_4-10 ... l-10804572
-nainstaluj, aktualizuj
-udělej uplný sken a vlož sem log

Virus total bez nálezu... Složka je smazaná bo byla prázdná ptal sem se strejdy gogla a vyhodil mě nějaký psicho SW či co. Nic takového v PC nemám nebo si toho nejsem vědom.
Ten kompletní sken pustím Jen tě musím upozornit provozuji PC se dvěma op systémy a musím proskenovat cca 1,5 TB tak ses mě asi do večera zbavila. Jo a Avast zůstává při skenu MBAM vypnutý že? Aby se kámoši netloukly. Což by mělo být v příspěvku uvedeno! Až to vyléčíme pokud zbude čas písnu ti pár triků aby sis nepřipadala jak datel vodrhovák s opisováním stále stejných věcí ke každému odvirování zvlášť.

Avast můžeš vypnout, maximálně se o zavirovaný soubor poperou .
Mbam bych ráda, aby odhalil ještě nějaké skryté záškodníky, jinak v combofixu Ti pak akorát nahradím ten chybějící soubor a dál už to zleží na stavu počítače.

Takhle rychle jsem to od MBam ani nečekal je hotov. Dávám to sem celé ale rozhodně nechci smazat všechno (už tak sem toho řekl dost )
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4334

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21.7.2010 11:55:18
mbam-log-2010-07-21 (11-55-18).txt

Typ skenu: Úplný sken (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Skenované objekty: 319638
Uplynulý čas: 1 hodina(y), 24 minuta(y), 30 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 15

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
D:\Qoobox\Quarantine\D\WINDOWS\Fnaqoa.exe.vir (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{C5D182C0-ADAC-414C-9B96-F0739903B431}\RP47\A0006114.exe (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{C5D182C0-ADAC-414C-9B96-F0739903B431}\RP47\A0006161.exe (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{C5D182C0-ADAC-414C-9B96-F0739903B431}\RP47\A0006162.exe (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{C5D182C0-ADAC-414C-9B96-F0739903B431}\RP47\A0006163.exe (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{C5D182C0-ADAC-414C-9B96-F0739903B431}\RP47\A0006165.exe (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{C5D182C0-ADAC-414C-9B96-F0739903B431}\RP47\A0006166.exe (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{C5D182C0-ADAC-414C-9B96-F0739903B431}\RP47\A0006167.exe (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{C5D182C0-ADAC-414C-9B96-F0739903B431}\RP47\A0006168.exe (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{C5D182C0-ADAC-414C-9B96-F0739903B431}\RP47\A0009853.exe (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{C5D182C0-ADAC-414C-9B96-F0739903B431}\RP47\A0009879.dll (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{C5D182C0-ADAC-414C-9B96-F0739903B431}\RP48\A0011782.exe (Trojan.Downloader) -> No action taken.
I:\Stazeny SW\Pálení\Keygen.exe (Trojan.Agent) -> No action taken.
I:\Stazeny SW\Pálení\Alcohol 120% 1.4.8.1222\crack\Crack.exe (RiskWare.Tool.CK) -> No action taken.
I:\Stazeny SW\Pálení\CloneCD 4_2_0_2\_Clonecd4.0.0.1keygen.exe (Trojan.Agent.CK) -> No action taken.

O keygenech a craccích toho určitě taky víš dost, takže Ti stejně musím napsat, aby jsi všechno smazal.
Ať si myslíš, že jsou čisté, tak už tak je zvláštní, že máš zavirovaný počítač pár dní po instalaci, takže mě napadá, že za to můžou právě keygeny.

Za chvilku Ti tu ještě vložím skript do combofixu a ten soubor.

Z přílohy si stahni rar, rozbal ho a soubor dej přímo na disk C, takže cesta k němu bude
d:\regsvc.dll


Combofix přesuň na plochu
-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka


-vytvořený TXT soubor ulož jako CFScript.txt na plochu a levým myšítkem přesuň nad ikonu Combofixu, kde ho upustíš

-Po proběhnutí skenu a ukončení combofixu by se měl objevit log, vlož ho zde.

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

Z přílohy si stahni rar, rozbal ho a soubor dej přímo na disk C, takže cesta k němu bude
d:\regsvc.dll

takže cesta k němu bude d:\regsvc.dll, spíš C, ne ?

Tady je log jen blbě čtu takže sem toho udělal polovic prosím odkud zopakovat a jak je to s tou cestou k souboru?

ComboFix 10-07-20.03 - Spravce 21.07.2010 12:28:28.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.550 [GMT 2:00]
Spuštěný z: d:\documents and settings\Spravce\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Spravce\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-21 do 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-21 08:08 . 2010-04-29 13:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 08:08 . 2010-07-21 08:08 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-07-21 08:08 . 2010-04-29 13:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-07-19 13:06 . 2008-04-13 20:15 26368 -c--a-w- d:\windows\system32\dllcache\usbstor.sys
2010-07-18 03:35 . 2008-08-04 15:40 350 ----a-w- d:\windows\system32\AF15IRTBL.bin
2010-07-18 03:24 . 2008-05-11 23:08 32768 ----a-w- d:\windows\system\VRAIDlog.dll
2010-07-18 03:17 . 2010-07-18 03:17 -------- d-----w- d:\program files\Intel
2010-07-18 03:17 . 2010-02-23 10:00 256712 ----a-w- d:\windows\system32\PROUnstl.exe
2010-07-18 02:38 . 2010-07-18 02:38 -------- d-----w- d:\program files\Driver-Soft
2010-07-18 01:27 . 2008-04-14 03:59 14592 -c--a-w- d:\windows\system32\dllcache\kbdhid.sys
2010-07-18 01:27 . 2008-04-14 03:59 14592 ----a-w- d:\windows\system32\drivers\kbdhid.sys
2010-07-18 01:27 . 2008-04-13 20:15 10368 -c--a-w- d:\windows\system32\dllcache\hidusb.sys
2010-07-18 01:27 . 2008-04-13 20:15 10368 ----a-w- d:\windows\system32\drivers\hidusb.sys
2010-07-18 01:23 . 2005-04-27 14:36 245408 ----a-w- d:\windows\system32\unicows.dll
2010-07-18 01:23 . 2010-07-18 01:23 -------- d-----w- d:\program files\Common Files\ArcSoft
2010-07-18 01:22 . 2004-12-23 15:27 27392 ----a-w- d:\windows\system32\drivers\ULCDRHlp.sys
2010-07-18 01:22 . 2010-07-18 01:22 -------- d-----w- d:\program files\Common Files\Ulead Systems
2010-07-18 01:21 . 2010-07-18 03:35 -------- d-----w- d:\windows\system32\WinFast
2010-07-18 01:21 . 2010-07-18 01:21 -------- d-----w- d:\program files\Leadtek Research Inc
2010-07-18 01:10 . 2009-09-30 09:33 24576 ----a-w- d:\windows\system32\AsIO.dll
2010-07-18 01:10 . 2009-08-04 08:28 11296 ----a-w- d:\windows\system32\drivers\AsIO.sys
2010-07-18 01:10 . 2009-07-06 08:48 11448 ----a-w- d:\windows\system32\drivers\AsUpIO.sys
2010-07-18 00:18 . 2010-07-18 03:47 217180 ----a-w- d:\windows\system32\nvdrsdb0.bin
2010-07-18 00:18 . 2010-07-18 03:47 1 ----a-w- d:\windows\system32\nvdrssel.bin
2010-07-18 00:18 . 2010-07-18 00:50 217180 ----a-w- d:\windows\system32\nvdrsdb1.bin
2010-07-18 00:18 . 2010-06-07 23:57 600680 ----a-w- d:\windows\system32\nvuninst.exe
2010-07-18 00:18 . 2010-07-18 00:19 -------- d-----w- d:\program files\NVIDIA Corporation
2010-07-18 00:18 . 2010-06-07 23:57 61440 ----a-w- d:\windows\system32\OpenCL.dll
2010-07-18 00:18 . 2010-06-07 23:57 2632296 ----a-w- d:\windows\system32\nvcuvenc.dll
2010-07-18 00:18 . 2010-06-07 23:57 2165352 ----a-w- d:\windows\system32\nvcuvid.dll
2010-07-18 00:18 . 2010-06-07 23:57 4554752 ----a-w- d:\windows\system32\nvcuda.dll
2010-07-18 00:18 . 2010-06-07 23:57 2186342 ----a-w- d:\windows\system32\nvdata.bin
2010-07-18 00:18 . 2010-06-07 23:57 10256384 ----a-w- d:\windows\system32\nvcompiler.dll
2010-07-18 00:18 . 2010-07-18 00:18 -------- d-----w- D:\NVIDIA
2010-07-18 00:17 . 2010-06-07 23:57 600680 ----a-w- d:\windows\system32\nvudisp.exe
2010-07-17 23:39 . 2010-07-17 23:39 -------- d-----w- d:\program files\SystemRequirementsLab
2010-07-17 23:39 . 2010-07-17 23:39 -------- d-----w- d:\documents and settings\Spravce\SystemRequirementsLab
2010-07-17 23:38 . 2010-07-17 23:38 -------- d-----w- d:\windows\Sun
2010-07-17 22:23 . 2010-07-18 03:24 -------- d-----w- d:\program files\VIA
2010-07-17 22:23 . 2007-09-20 08:43 331184 ------w- d:\windows\system32\difxapi.dll
2010-07-17 22:23 . 2010-07-18 01:23 -------- d-----w- d:\program files\Common Files\InstallShield
2010-07-16 17:52 . 2010-07-16 17:52 -------- d-----w- d:\program files\Common Files\Adobe
2010-07-16 16:32 . 2010-07-16 16:38 -------- d-----w- d:\windows\SxsCaPendDel
2010-07-16 15:28 . 2010-07-16 15:28 -------- d-sh--w- d:\documents and settings\Spravce\IECompatCache
2010-07-16 15:26 . 2010-07-16 15:26 -------- d-sh--w- d:\documents and settings\Spravce\PrivacIE
2010-07-15 14:12 . 2010-07-15 14:12 -------- d-----w- d:\program files\MozBackup
2010-07-15 13:50 . 2010-07-15 13:59 -------- d-----w- d:\windows\ie8updates
2010-07-15 13:11 . 2010-07-15 13:11 -------- d-----w- d:\windows\system32\Adobe
2010-07-15 12:34 . 2010-07-15 12:34 0 ----a-w- d:\windows\nsreg.dat
2010-07-12 22:07 . 2008-04-13 22:15 2944 ----a-w- d:\windows\system32\drivers\drmkaud.sys
2010-07-12 22:07 . 2008-04-13 22:09 4992 ----a-w- d:\windows\system32\drivers\MSPQM.sys
2010-07-12 22:07 . 2008-04-13 22:47 83072 ----a-w- d:\windows\system32\drivers\wdmaud.sys
2010-07-12 22:07 . 2008-04-13 22:15 172416 ----a-w- d:\windows\system32\drivers\kmixer.sys
2010-07-12 22:07 . 2008-04-13 22:15 6272 ----a-w- d:\windows\system32\drivers\splitter.sys
2010-07-12 22:07 . 2008-04-13 22:45 60800 ----a-w- d:\windows\system32\drivers\sysaudio.sys
2010-07-12 22:07 . 2008-04-13 20:09 142592 ----a-w- d:\windows\system32\drivers\aec.sys
2010-07-12 22:07 . 2008-04-13 22:09 7552 ----a-w- d:\windows\system32\drivers\MSKSSRV.sys
2010-07-12 22:07 . 2008-04-13 22:09 5376 ----a-w- d:\windows\system32\drivers\MSPCLOCK.sys
2010-07-12 22:07 . 2008-04-13 22:15 56576 ----a-w- d:\windows\system32\drivers\swmidi.sys
2010-07-12 22:07 . 2008-04-13 22:15 52864 ----a-w- d:\windows\system32\drivers\DMusic.sys
2010-07-12 22:07 . 2001-08-17 19:59 3072 ----a-w- d:\windows\system32\drivers\audstub.sys
2010-07-12 22:06 . 2008-04-14 05:44 58496 ----a-w- d:\windows\system32\drivers\redbook.sys
2010-07-12 22:06 . 2010-07-18 00:20 -------- d-----w- d:\windows\nview
2010-07-12 22:06 . 2008-04-14 04:51 4096 -c--a-w- d:\windows\system32\dllcache\ksuser.dll
2010-07-12 22:06 . 2008-04-14 04:51 4096 ----a-w- d:\windows\system32\ksuser.dll
2010-07-12 22:06 . 2008-04-13 20:49 146048 -c--a-w- d:\windows\system32\dllcache\portcls.sys
2010-07-12 22:06 . 2008-04-13 20:49 146048 ----a-w- d:\windows\system32\drivers\portcls.sys
2010-07-12 22:06 . 2008-04-13 20:15 60160 -c--a-w- d:\windows\system32\dllcache\drmk.sys
2010-07-12 22:06 . 2008-04-13 20:15 60160 ----a-w- d:\windows\system32\drivers\drmk.sys
2010-07-12 22:06 . 2008-04-14 06:52 75264 ----a-w- d:\windows\system32\usbui.dll
2010-07-12 22:03 . 2010-07-21 10:28 -------- d-----w- d:\windows\system32\CatRoot2
2010-07-12 22:03 . 2010-07-18 03:23 -------- d-----w- d:\windows\system32\CatRoot
2010-07-12 22:03 . 2010-07-21 08:08 -------- d--h--r- d:\documents and settings\All Users\Data aplikací
2010-07-12 22:03 . 2010-07-12 20:12 -------- d--h--r- d:\documents and settings\Default User\Data aplikací
2010-07-12 22:02 . 2010-07-21 07:02 -------- d--h--w- d:\documents and settings\Default User
2010-07-12 22:02 . 2010-07-12 20:18 -------- d-----w- D:\Documents and Settings
2010-07-12 22:02 . 2010-07-12 20:11 -------- d-----w- d:\documents and settings\All Users

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-19 13:24 . 2010-07-12 20:33 -------- d-----w- d:\program files\ICQ7.2
2010-07-18 13:32 . 2010-07-12 20:31 -------- d-----w- d:\program files\Wise Disk Cleaner
2010-07-18 03:35 . 2010-07-12 20:34 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-07-18 03:15 . 2010-07-12 20:26 -------- d-----w- d:\program files\FreeRapid-0.83u1
2010-07-18 02:10 . 2010-07-12 20:32 -------- d-----w- d:\program files\Wise Registry Cleaner
2010-07-16 19:16 . 2010-07-12 20:14 -------- d-----w- d:\program files\Recepty
2010-07-16 18:29 . 2010-07-12 20:13 -------- d-----w- d:\program files\Ant Movie Catalog
2010-07-16 17:10 . 2004-08-18 12:00 76388 ----a-w- d:\windows\system32\perfc005.dat
2010-07-16 17:10 . 2004-08-18 12:00 426308 ----a-w- d:\windows\system32\perfh005.dat
2010-07-16 17:04 . 2010-07-12 20:11 76487 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-16 17:04 . 2010-07-12 20:11 2378 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-07-16 17:03 . 2010-07-12 20:11 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-07-12 20:52 . 2010-07-12 20:50 -------- d-----w- d:\program files\Common Files\Ahead
2010-07-12 20:50 . 2010-07-12 20:50 -------- d-----w- d:\program files\Nero
2010-07-12 20:44 . 2010-07-12 20:41 -------- d-----w- d:\program files\epson
2010-07-12 20:38 . 2010-07-12 20:38 -------- d-----w- d:\program files\Microsoft.NET
2010-07-12 20:33 . 2010-07-12 20:33 -------- d-----w- d:\program files\CCleaner
2010-07-12 20:28 . 2010-07-12 20:28 -------- d-----w- d:\program files\Alwil Software
2010-07-12 20:26 . 2010-07-12 20:26 -------- d-----w- d:\program files\IVT Corporation
2010-07-12 20:22 . 2010-07-12 20:22 -------- d-----w- d:\program files\MSBuild
2010-07-12 20:22 . 2010-07-12 20:22 -------- d-----w- d:\program files\Reference Assemblies
2010-07-12 20:14 . 2010-07-12 20:14 -------- d-----w- d:\program files\microsoft frontpage
2010-07-12 20:14 . 2010-07-12 20:14 -------- d-----w- d:\program files\VisualTaskTips
2010-07-12 20:13 . 2010-07-12 20:13 -------- d-----w- d:\program files\VideoLAN
2010-07-12 20:13 . 2010-07-12 20:13 -------- d-----r- d:\program files\Skype
2010-07-12 20:13 . 2010-07-12 20:13 -------- d-----w- d:\program files\PSPad editor
2010-07-12 20:13 . 2010-07-12 20:13 -------- d-----w- d:\program files\GSpot
2010-07-12 20:13 . 2010-07-12 20:13 -------- d-----w- d:\program files\Defraggler
2010-07-12 20:13 . 2010-07-12 20:13 -------- d-----w- d:\program files\Lavalys
2010-07-12 20:12 . 2010-07-12 20:12 -------- d-----w- d:\program files\Common Files\Java
2010-07-12 20:12 . 2010-07-12 20:12 423656 ----a-w- d:\windows\system32\deployJava1.dll
2010-07-12 20:12 . 2010-07-12 20:12 -------- d-----w- d:\program files\Java
2010-07-12 20:09 . 2010-07-12 20:09 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2010-07-12 20:09 . 2010-07-12 20:09 -------- d-----w- d:\program files\Windows Media Connect 2
2010-07-12 19:22 . 2001-10-24 10:25 77891 ----a-w- d:\windows\system32\usrmlnka.exe
2010-07-12 19:19 . 2010-07-12 19:19 381056 ----a-w- d:\windows\system32\drivers\senfilt.sys
2010-07-12 19:19 . 2010-07-12 19:19 266880 ----a-w- d:\windows\system32\drivers\smwdm.sys
2010-07-12 19:19 . 2010-07-12 19:19 65536 ----a-w- d:\windows\system32\a3d.dll
2010-07-12 19:19 . 2010-07-12 19:19 5810 ----a-w- d:\windows\system32\drivers\ASACPI.sys
2010-07-12 19:19 . 2010-07-12 19:19 55808 ----a-w- d:\windows\system32\EtCoInst.dll
2010-07-12 19:19 . 2010-07-12 19:19 19456 ----a-w- d:\windows\system32\IntelNic.dll
2010-07-12 19:19 . 2010-07-12 19:19 116176 ----a-w- d:\windows\system32\drivers\aeaudio.sys
2010-07-12 19:17 . 2010-07-12 19:17 27904 ----a-w- d:\windows\system32\drivers\VIAAGP1.SYS
2010-07-12 19:16 . 2010-07-12 19:17 997376 ----a-w- d:\windows\system32\syssetup.dll
2010-07-12 19:16 . 2010-07-12 19:16 4096 ----a-w- d:\windows\system32\wmvdmoe2.dll
2010-07-12 19:16 . 2010-07-12 19:16 4096 ----a-w- d:\windows\system32\wmvdmod.dll
2010-07-12 19:16 . 2010-07-12 19:16 1329152 ----a-w- d:\windows\system32\wmspdmoe.dll
2010-07-12 19:16 . 2010-07-12 19:16 99840 ----a-w- d:\windows\system32\wmpshell.dll
2010-07-12 19:16 . 2010-07-12 19:16 8257536 ----a-w- d:\windows\system32\wmploc.dll
2010-07-12 19:16 . 2010-07-12 19:16 4096 ----a-w- d:\windows\system32\wmsdmoe2.dll
2010-07-12 19:16 . 2010-07-12 19:16 4096 ----a-w- d:\windows\system32\wmsdmod.dll
2010-07-12 19:16 . 2010-07-12 19:16 242688 ----a-w- d:\windows\system32\wmpasf.dll
2010-07-12 19:14 . 2010-07-12 19:14 24576 ----a-w- d:\windows\system32\nlsdl.dll
2010-07-12 19:14 . 2010-07-12 19:14 23552 ----a-w- d:\windows\system32\normaliz.dll
2010-07-12 19:14 . 2010-07-12 19:14 265720 ----a-w- d:\windows\system32\msdbg2.dll
2010-07-12 19:14 . 2010-07-12 19:14 26112 ----a-w- d:\windows\system32\idndl.dll
2010-07-12 19:13 . 2010-07-12 19:13 48128 ----a-w- d:\windows\system32\mshtmler.dll
2010-07-12 19:13 . 2010-07-12 19:13 156160 ----a-w- d:\windows\system32\msls31.dll
2010-07-12 19:13 . 2010-07-12 19:13 45568 ----a-w- d:\windows\system32\mshta.exe
2010-07-12 19:13 . 2010-07-12 19:13 43008 ----a-w- d:\windows\system32\licmgr10.dll
2010-07-12 19:13 . 2010-07-12 19:13 34816 ----a-w- d:\windows\system32\imgutil.dll
2010-07-12 19:13 . 2010-07-12 19:13 71680 ----a-w- d:\windows\system32\iesetup.dll
2010-07-12 19:13 . 2010-07-12 19:13 72704 ----a-w- d:\windows\system32\admparse.dll
2010-07-12 19:13 . 2010-07-12 19:13 18944 ----a-w- d:\windows\system32\corpol.dll
2010-07-12 19:11 . 2010-07-12 19:11 1792 ----a-w- d:\windows\system32\nlite.cmd
2010-07-02 21:52 . 2010-07-12 20:26 -------- d-----w- d:\program files\Sumatra PDF1_1
2010-06-29 15:55 . 2010-07-12 20:26 -------- d-----w- d:\program files\MWSnap
2010-06-29 15:55 . 2010-07-12 20:26 -------- d-----w- d:\program files\ICONLIB
2010-06-29 15:55 . 2010-07-12 20:26 -------- d-----w- d:\program files\USBDiskEjector
2010-06-28 20:57 . 2010-07-12 20:28 38848 ----a-w- d:\windows\avastSS.scr
2010-06-28 20:57 . 2010-07-12 20:28 165032 ----a-w- d:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-07-12 20:28 46672 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-07-12 20:28 165456 ----a-w- d:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-07-12 20:28 23376 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-07-12 20:28 100176 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-07-12 20:28 94544 ----a-w- d:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-07-12 20:28 17744 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-07-12 20:28 28880 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2010-06-17 05:55 . 2010-07-12 20:30 545 ----a-w- d:\windows\UC.PIF
2010-06-17 05:55 . 2010-07-12 20:30 545 ----a-w- d:\windows\RAR.PIF
2010-06-17 05:55 . 2010-07-12 20:30 545 ----a-w- d:\windows\PKZIP.PIF
2010-06-17 05:55 . 2010-07-12 20:30 545 ----a-w- d:\windows\PKUNZIP.PIF
2010-06-17 05:55 . 2010-07-12 20:30 545 ----a-w- d:\windows\NOCLOSE.PIF
2010-06-17 05:55 . 2010-07-12 20:30 545 ----a-w- d:\windows\LHA.PIF
2010-06-17 05:55 . 2010-07-12 20:30 545 ----a-w- d:\windows\ARJ.PIF
2010-06-14 14:31 . 2010-07-12 20:10 744448 ----a-w- d:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-07 23:57 . 2005-12-10 01:06 6300544 ----a-w- d:\windows\system32\nv4_disp.dll
2010-06-07 23:57 . 2005-12-10 01:06 232040 ----a-w- d:\windows\system32\nvcodins.dll
2010-06-07 23:57 . 2005-12-10 01:06 232040 ----a-w- d:\windows\system32\nvcod.dll
2010-06-07 23:57 . 2005-12-10 01:06 15192064 ----a-w- d:\windows\system32\nvoglnt.dll
2010-06-07 23:57 . 2005-12-10 01:06 1359872 ----a-w- d:\windows\system32\nvapi.dll
2010-06-07 23:57 . 2005-12-10 01:06 10531200 ----a-w- d:\windows\system32\drivers\nv4_mini.sys
2010-06-07 15:35 . 2010-06-07 15:35 81920 ----a-w- d:\windows\system32\nvwddi.dll
2010-06-07 15:35 . 2010-06-07 15:35 253952 ----a-w- d:\windows\system32\nvrsth.dll
2010-06-07 15:35 . 2010-06-07 15:35 277608 ----a-w- d:\windows\system32\nvmccs.dll
2010-06-07 15:35 . 2010-06-07 15:35 110696 ----a-w- d:\windows\system32\nvmctray.dll
2010-06-07 15:35 . 2010-06-07 15:35 154728 ----a-w- d:\windows\system32\nvsvc32.exe
2010-06-07 15:35 . 2010-06-07 15:35 13902440 ----a-w- d:\windows\system32\nvcpl.dll
2010-06-02 02:55 . 2010-07-12 20:26 74072 ----a-w- d:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-07-12 20:26 527192 ----a-w- d:\windows\system32\XAudio2_7.dll
.

------- Sigcheck -------

[-] 2010-07-12 . B84B22372D6170FFA7858C3B405B1A16 . 1571840 . . [5.1.2600.5512] . . d:\windows\system32\sfcfiles.dll


d:\windows\System32\regsvc.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EVEREST AutoStart"="d:\program files\Lavalys\EVEREST Ultimate Edition\everest.exe" [2009-02-04 2350176]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="d:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"ArcSoft Connection Service"="d:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2010-05-13 26194728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2010-07-12 128512]

d:\documents and settings\Spravce\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Visual Task Tips.lnk - d:\program files\VisualTaskTips\VisualTaskTips.exe [2008-6-22 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-06-08 11:39 133368 ----a-w- d:\program files\ICQ7.2\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- d:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- d:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2008-06-20 13:58 2887680 ----a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2008-07-11 09:46 90112 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\ICQ7.2\\ICQ.exe"=
"d:\\Program Files\\ICQ7.2\\aolload.exe"=
"d:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"d:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 AsUpIO;AsUpIO;d:\windows\system32\drivers\AsUpIO.sys [18.7.2010 3:10 11448]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [12.7.2010 22:28 165456]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [12.7.2010 22:28 17744]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [12.7.2010 22:13 26224]
S2 VRAID Log Service;VRAID Log Service;d:\program files\VIA\RAID\vialogsv.exe [18.7.2010 5:24 52888]
S3 cpudrv;cpudrv;d:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 10:58 11336]
S3 Start BT in service;Start BT in service;d:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21.4.2007 14:54 52080]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - EVERESTDRIVER
*NewlyCreated* - SCHEDULE
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - d:\program files\ICQ7.2\ICQ.exe
FF - ProfilePath - d:\documents and settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\2d718ojg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-21 12:33
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\d:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3664)
d:\program files\VisualTaskTips\VttHooks.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\wpdshserviceobj.dll
d:\windows\system32\portabledevicetypes.dll
d:\windows\system32\portabledeviceapi.dll
.
Celkový čas: 2010-07-21 12:35:16
ComboFix-quarantined-files.txt 2010-07-21 10:35
ComboFix2.txt 2010-07-21 07:02

Před spuštěním: Volných bajtů: 16 169 152 512
Po spuštění: Volných bajtů: 16 163 057 664

- - End Of File - - 7B4E7EB7CA24F5275B5F8C724ED5D990

Soubor regsvc.dll jsem následně extrahoval se zadáním cesty pro extrakci ve WinRar(u) d:\windows\System32\ , když sem to neudělal s kombo fix
Trochu sem také zpytoval svědomí jaký SW používám na pálení a jaké potřebuji instalace Zbytečné jsem odstranil a vysypal koš.