100% CPU - kernel32.dll

Zpráva

exys · #1 Příspěvek od **exys** » 06 pro 2009 17:41

Ahoj,
Takže mám problém s CPU, ktoré je na 100% po zapnutí PC, ten problém spôsobuje svchost.exe,
prebehol som si ho programom Process Explorer a tam som našiel, že to zaťažuje toto - kernel32.dll!Create Thread+0x22, keď ho dám "zabiť", tak mi už PC ide v pohode - CPU padne pod 5%, ale vždy keď zapnem PC, tak sa zase ten
kernel32.dll spustí,
neviete prosím ako ho mám odstrániť?
ďíky

#2 Příspěvek od **stell** » 06 pro 2009 18:01

zdravim
ja neviem ze preco dnes kazdy chce zmazat systemove subory,

Stiahnes>>RSIT >>logy vloz sem,

exys · #3 Příspěvek od **exys** » 06 pro 2009 18:10

Logfile of random's system information tool 1.06 (written by random/random)
Run by SANLY at 2009-12-06 18:09:09
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 11 GB (39%) free of 29 GB
Total RAM: 1535 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:29, on 6.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\SANLY\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\SANLY\Local Settings\Data aplikací\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\PROGRA~1\ICQ6.5\ICQ.exe
C:\Documents and Settings\SANLY\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SANLY\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SANLY\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SANLY\Dokumenty\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\SANLY.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Cole2k Media Toolbar Helper - {5499BCB1-5641-4A4C-9F75-462D4D8D0DA0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SANLY\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: siszyd32.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedow ... n11USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedow ... in9USA.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9a676283bbc48) (gupdate1c9a676283bbc48) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: MSSQLSERVER - Unknown owner - C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe (file missing)
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SQLSERVERAGENT - Unknown owner - C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 8832 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ca5bc7f233fe96.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1757981266-682003330-1003Core.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\RealPlayer\rpbrowserrecordplugin.dll [2008-04-06 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5499BCB1-5641-4A4C-9F75-462D4D8D0DA0}]
Cole2k Media Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-17 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-05-19 1144712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-05-19 1144712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-06 185896]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-16 39408]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
"Google Update"=C:\Documents and Settings\SANLY\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-11-02 135664]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-03-01 172792]

C:\Documents and Settings\SANLY\Nabídka Start\Programy\Po spuštění
PowerReg Scheduler V3.exe
siszyd32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
D:\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2009-01-04 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-10-18 200064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - D:\Stardock\Object Desktop\IconPackager\iprepair.dll [2008-05-15 65536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoInstrumentation"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ"
"D:\uTorrent\uTorrent.exe"="D:\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\RealPlayer\realplay.exe"="C:\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-12-06 18:09:10 ----D---- C:\Program Files\trend micro
2009-12-06 18:09:09 ----D---- C:\rsit
2009-12-06 15:48:27 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-06 15:48:10 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$
2009-12-06 15:45:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-06 15:44:09 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-06 15:30:11 ----SHD---- C:\RECYCLER
2009-12-06 14:26:04 ----D---- C:\WINDOWS\temp
2009-12-06 14:25:56 ----A---- C:\ComboFix.txt
2009-12-06 13:49:18 ----A---- C:\Boot.bak
2009-12-06 13:49:12 ----RASHD---- C:\cmdcons
2009-12-06 13:46:07 ----A---- C:\WINDOWS\NIRCMD.exe
2009-12-06 13:46:07 ----A---- C:\WINDOWS\MBR.exe
2009-12-06 13:46:04 ----A---- C:\WINDOWS\PEV.exe
2009-12-06 13:46:03 ----A---- C:\WINDOWS\zip.exe
2009-12-06 13:46:03 ----A---- C:\WINDOWS\SWREG.exe
2009-12-06 13:46:03 ----A---- C:\WINDOWS\sed.exe
2009-12-06 13:46:03 ----A---- C:\WINDOWS\grep.exe
2009-12-06 13:46:02 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-12-06 13:46:02 ----A---- C:\WINDOWS\SWSC.exe
2009-12-06 13:45:46 ----D---- C:\WINDOWS\ERDNT
2009-12-06 13:40:28 ----D---- C:\Qoobox
2009-12-05 23:29:46 ----D---- C:\Documents and Settings\SANLY\Data aplikací\Juce VST Host
2009-12-05 22:14:08 ----D---- C:\Program Files\Image-Line
2009-12-05 22:13:59 ----D---- C:\Program Files\Outsim
2009-11-15 15:48:45 ----A---- C:\WINDOWS\system32\WMAFile.dll
2009-11-15 15:48:45 ----A---- C:\WINDOWS\system32\AudPlayer.dll
2009-11-15 15:48:45 ----A---- C:\WINDOWS\system32\AudioVisu.dll
2009-11-15 15:48:45 ----A---- C:\WINDOWS\system32\AudioRecord.dll
2009-11-15 15:48:45 ----A---- C:\WINDOWS\system32\AudioInfos.dll
2009-11-15 15:48:44 ----A---- C:\WINDOWS\system32\AudFile.dll
2009-11-15 15:48:44 ----A---- C:\WINDOWS\system32\AudDisplay.dll
2009-11-15 15:48:44 ----A---- C:\WINDOWS\system32\AudDesign.dll
2009-11-08 00:14:05 ----D---- C:\Documents and Settings\SANLY\Data aplikací\jabbim

======List of files/folders modified in the last 1 months======

2009-12-06 18:09:10 ----D---- C:\Program Files
2009-12-06 17:12:33 ----SD---- C:\WINDOWS\Tasks
2009-12-06 15:55:35 ----D---- C:\WINDOWS\system32\drivers
2009-12-06 15:52:47 ----D---- C:\WINDOWS
2009-12-06 15:51:51 ----D---- C:\WINDOWS\system32
2009-12-06 15:48:42 ----SHD---- C:\WINDOWS\Installer
2009-12-06 15:48:42 ----D---- C:\Config.Msi
2009-12-06 15:48:34 ----HD---- C:\WINDOWS\inf
2009-12-06 15:48:24 ----A---- C:\WINDOWS\imsins.BAK
2009-12-06 15:48:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-06 15:45:17 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-06 15:45:10 ----D---- C:\WINDOWS\WinSxS
2009-12-06 14:17:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-06 14:03:01 ----A---- C:\WINDOWS\system.ini
2009-12-06 14:00:33 ----D---- C:\WINDOWS\system32\config
2009-12-06 13:55:24 ----D---- C:\WINDOWS\AppPatch
2009-12-06 13:55:22 ----D---- C:\Program Files\Common Files
2009-12-06 13:49:18 ----RASH---- C:\boot.ini
2009-12-01 20:16:39 ----D---- C:\Documents and Settings\SANLY\Data aplikací\XnView
2009-12-01 13:50:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2009-11-18 16:28:06 ----A---- C:\WINDOWS\msicpl.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-10-24 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-10-24 34824]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2003-05-09 33248]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-02-15 278984]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-10-24 39944]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-07-28 18048]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-14 100224]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 gMouPS2;PS2 Scroll Mouse Device; C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [2006-07-12 17408]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 SMBios;Intel (R) System Management BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2003-10-14 36484]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 a7hjx81l;a7hjx81l; C:\WINDOWS\system32\drivers\a7hjx81l.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-06-16 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-06-16 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2004-06-16 60416]
S3 ddsxeiservice;ddsxeiservice2; \??\C:\sXe Injected\ddsxei.sys []
S3 Epiusb;USB Flash; C:\WINDOWS\System32\Drivers\Epiusb.sys [2001-09-05 14940]
S3 esihdrv;esihdrv; \??\C:\DOCUME~1\SANLY\LOCALS~1\Temp\esihdrv.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-12-28 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2007-12-28 20520]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-07-29 25280]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2007-10-25 4096]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva098;XDva098; \??\C:\WINDOWS\system32\XDva098.sys []
S4 bbcap;bbcap; C:\WINDOWS\system32\DRIVERS\bbcap.sys [2008-05-24 2944]
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc21.tmp []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-24 468224]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service; C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe [2005-08-10 118272]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 gupdate1c9a676283bbc48;Služba Google Update (gupdate1c9a676283bbc48); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-16 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-28 183280]
S2 MSSQLSERVER;MSSQLSERVER; C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-10-24 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-21 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe []
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------[/code]

#4 Příspěvek od **stell** » 06 pro 2009 18:13

ok,mas tam zopar trojanov
odinstaluj
C:\Program Files\Ask.com

PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix -
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Suhlasit instalacio Konzoly pre zotavenie (Recovery console)

- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

exys · #5 Příspěvek od **exys** » 06 pro 2009 19:19

hmm, stále CPU 100%

log z COMBOFIXu:

ComboFix 09-12-06.02 - SANLY 06.12.2009 18:34.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1535.1099 [GMT 1:00]
Spuštěný z: c:\documents and settings\SANLY\Dokumenty\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
Error: Cfiles.dat

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\system32\osk.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\osk.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-06 do 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-06 17:09 . 2009-12-06 17:09 -------- d-----w- c:\program files\trend micro
2009-12-06 17:09 . 2009-12-06 17:09 -------- d-----w- C:\rsit
2009-12-05 21:14 . 2009-12-05 21:17 -------- d-----w- c:\program files\Image-Line
2009-12-05 21:13 . 2009-12-05 21:13 -------- d-----w- c:\program files\Outsim
2009-11-15 14:48 . 2005-03-10 16:00 454656 ----a-w- c:\windows\system32\AudioRecord.dll
2009-11-15 14:48 . 2005-02-24 15:21 458752 ----a-w- c:\windows\system32\AudPlayer.dll
2009-11-15 14:48 . 2005-02-24 12:11 479232 ----a-w- c:\windows\system32\AudioVisu.dll
2009-11-15 14:48 . 2005-02-24 12:11 1212416 ----a-w- c:\windows\system32\AudioInfos.dll
2009-11-15 14:48 . 2005-02-24 11:51 348160 ----a-w- c:\windows\system32\WMAFile.dll
2009-11-15 14:48 . 2005-03-11 17:37 1986560 ----a-w- c:\windows\system32\AudFile.dll
2009-11-15 14:48 . 2005-02-24 12:10 417792 ----a-w- c:\windows\system32\AudDisplay.dll
2009-11-15 14:48 . 2005-02-24 12:10 2084864 ----a-w- c:\windows\system32\AudDesign.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 14:24 . 2009-01-04 11:10 -------- d-----w- c:\program files\frozenhellmu
2009-10-31 12:15 . 2001-10-25 12:00 97580 ----a-w- c:\windows\system32\perfc005.dat
2009-10-31 12:15 . 2001-10-25 12:00 473492 ----a-w- c:\windows\system32\perfh005.dat
2009-10-30 09:57 . 2009-10-30 09:57 -------- d-----w- c:\program files\MSBuild
2009-10-30 09:57 . 2009-10-30 09:57 -------- d-----w- c:\program files\Reference Assemblies
2009-10-30 09:49 . 2009-10-30 09:49 -------- d-----w- c:\program files\MSXML 6.0
2009-10-15 12:26 . 2007-01-28 17:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-14 16:29 . 2009-10-14 16:17 -------- d-----w- c:\program files\Valve
2009-09-25 05:58 . 2004-08-17 14:49 663040 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:58 . 2004-08-17 14:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:35 . 2004-08-17 14:49 133632 ----a-w- c:\windows\system32\msv1_0.dll
2007-05-25 20:35 . 2007-05-25 20:35 33 ----a-w- c:\program files\Common Files\LanTingSys.txt
.

((((((((((((((((((((((((((((( SnapShot@2009-12-06_13.03.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2009-12-06 14:45 . 2009-12-06 14:45 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-12-06 14:48 . 2009-12-06 14:48 969728 c:\windows\Installer\5ef4f5.msi
+ 2009-12-06 14:45 . 2009-12-06 14:45 429568 c:\windows\Installer\5ef4ee.msi
+ 2009-07-20 23:03 . 2009-07-20 23:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2004-08-17 14:44 . 2009-08-14 15:23 1850112 c:\windows\system32\win32k.sys
+ 2009-08-19 16:07 . 2009-08-19 16:07 1415000 c:\windows\system32\msxml6.dll
+ 2009-07-20 23:05 . 2009-07-20 23:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-17 14:49 . 2009-07-31 04:59 1172480 c:\windows\system32\msxml3.dll
- 2004-08-17 14:49 . 2009-09-25 05:58 3084288 c:\windows\system32\mshtml.dll
+ 2004-08-17 14:49 . 2009-10-20 00:08 3084288 c:\windows\system32\mshtml.dll
- 2007-01-28 17:48 . 2009-12-06 12:07 1511544 c:\windows\system32\FNTCACHE.DAT
+ 2007-01-28 17:48 . 2009-12-06 14:52 1511544 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-17 14:44 . 2009-08-14 15:23 1850112 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-17 14:49 . 2009-07-31 04:59 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-17 14:49 . 2009-10-20 00:08 3084288 c:\windows\system32\dllcache\mshtml.dll
- 2004-08-17 14:49 . 2009-09-25 05:58 3084288 c:\windows\system32\dllcache\mshtml.dll
+ 2007-01-28 18:20 . 2009-11-05 17:36 26768832 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe silent" [X]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-16 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"Google Update"="c:\documents and settings\SANLY\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-11-02 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-06 185896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\SANLY\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PowerReg Scheduler V3.exe [2007-7-5 225280]
siszyd32.exe [2004-8-17 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-01-04 10:44 229376 ----a-w- d:\stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Easy-PrintToolBox"=c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"CHotkey"=mHotkey.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe"
"CnxDslTaskBar"="c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
"AGRSMMSG"=AGRSMMSG.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"BearShare"="c:\program files\BearShare\BearShare.exe" /pause

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\uTorrent\\uTorrent.exe"=
"c:\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2795:TCP"= 2795:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"1033:TCP"= 1033:TCP:Akamai NetSession Interface
"1482:TCP"= 1482:TCP:Akamai NetSession Interface
"1063:TCP"= 1063:TCP:Akamai NetSession Interface
"1051:TCP"= 1051:TCP:Akamai NetSession Interface
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"1082:TCP"= 1082:TCP:Akamai NetSession Interface
"1031:TCP"= 1031:TCP:Akamai NetSession Interface
"1056:TCP"= 1056:TCP:Akamai NetSession Interface
"1041:TCP"= 1041:TCP:Akamai NetSession Interface
"4428:TCP"= 4428:TCP:Akamai NetSession Interface
"2224:TCP"= 2224:TCP:Akamai NetSession Interface
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"1043:TCP"= 1043:TCP:Akamai NetSession Interface

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.7.2007 13:05 721904]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [25.10.2007 9:27 34824]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [24.10.2008 19:51 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [23.6.2008 18:12 222456]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [14.11.2008 18:11 17408]
S2 gupdate1c9a676283bbc48;Služba Google Update (gupdate1c9a676283bbc48);c:\program files\Google\Update\GoogleUpdate.exe [16.3.2009 21:31 133104]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [28.1.2007 18:48 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [28.1.2007 18:48 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [28.1.2007 18:48 60416]
S3 ddsxeiservice;ddsxeiservice2;\??\c:\sxe injected\ddsxei.sys --> c:\sxe injected\ddsxei.sys [?]
S3 esihdrv;esihdrv;\??\c:\docume~1\SANLY\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\SANLY\LOCALS~1\Temp\esihdrv.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [28.12.2007 23:10 13352]
S3 XDva098;XDva098;\??\c:\windows\system32\XDva098.sys --> c:\windows\system32\XDva098.sys [?]
S4 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [24.5.2008 23:07 2944]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mchInjDrv
.
------- Doplňkový sken -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://google.sk/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 127.0.0.1:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 19:01
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\documents and settings\SANLY\Nabídka Start\Programy\Po spuštění\siszyd32.exe 16896 bytes executable

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x898A91F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3
\Driver\ACPI -> ACPI.sys @ 0xf7495cb8
\Driver\atapi -> 0x898a91f8
IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a0004
ParseProcedure -> TUKERNEL.EXE @ 0x8056f00e
\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a0004
ParseProcedure -> TUKERNEL.EXE @ 0x8056f00e
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf7b3aba0
PacketIndicateHandler -> NDIS.sys @ 0xf7b47b21
SendHandler -> NDIS.sys @ 0xf7b2587b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-789336058-1757981266-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-789336058-1757981266-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{354180F7-35BA-F7E6-99FC-4828BA2FF1E4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eabookmlge"=hex:66,61,68,61,70,6a,6f,6e,62,70,66,6e,00,fc
"damnjkpg"=hex:64,62,70,70,6d,67,6c,6f,62,63,6f,6d,6f,6d,6a,6b,6b,6f,68,61,6b,
6a,65,70,6a,63,6d,61,6c,67,6b,6f,6e,6a,6c,70,63,6f,6f,63,00,00
"iajpcdlbihgnhnkjba"=hex:6a,61,66,6d,66,6c,65,6e,6a,61,66,69,6d,63,63,70,66,68,
6d,64,00,5a
"happmenpjohlhkhn"=hex:6a,61,66,6d,66,6c,65,6e,6a,61,66,69,6d,63,63,70,66,68,
6d,64,00,97

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted B-Engineer Edonis Mod]
"Install Dir"="d:\\PROGRA~1\\NFSMW~1"

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Cadillac Cien Mod]
"Install Dir"="d:\\PROGRA~1\\NFSMW~1"

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Cop Edonis Mod]
"Install Dir"="d:\\PROGRA~1\\NFSMW~1"

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Ferrari 360 Race Version Mod]
"Install Dir"="d:\\Program Files\\NFS MW"

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Gaz 24 Mod]
"Install Dir"="d:\\PROGRA~1\\NFSMW~1"

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted McLaren F1 LM Mod]
"Install Dir"="d:\\PROGRA~1\\NFSMW~1"

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Shelby GT350 Mod]
"Install Dir"="d:\\PROGRA~1\\NFSMW~1"

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Toyota Corolla Levin AE86 Mod]
"Install Dir"="d:\\PROGRA~1\\NFSMW~1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(680)
d:\stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'explorer.exe'(3884)
d:\stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
d:\stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\ICQ6.5\ICQ.exe
c:\documents and settings\SANLY\Local Settings\Data aplikací\Google\Update\1.2.183.13\GoogleCrashHandler.exe
.
**************************************************************************
.
Celkový čas: 2009-12-06 19:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-06 18:14

Před spuštěním: Volných bajtů: 11 963 219 968
Po spuštění: Volných bajtů: 13 116 964 864

- - End Of File - - 61392C91D89025645EBF5CE54D23D788

#6 Příspěvek od **stell** » 06 pro 2009 19:37

mas tam Alcohol a Daemon>1-odinstalovat,,
vypnut Alcohol

http://jpshortstuff.247fixes.com/beta/Defogger.exe , spust, nech disablovat, vloz log, ktery se vytvori, samozrejmne nech restartovat pc

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
File::
C:\Documents and Settings\SANLY\Nabídka Start\Programy\Po spuštění\siszyd32.exe
C:\Documents and Settings\SANLY\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler V3.exe
Rootkit::
c:\docume~1\SANLY\LOCALS~1\Temp\esihdrv.sys
c:\documents and settings\SANLY\Nabídka Start\Programy\Po spuštění\siszyd32.exe
c:\windows\TEMP\mc21.tmp
Driver::
esihdrv
mchInjDrv
Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"=-
RegLock::
[HKEY_USERS\S-1-5-21-789336058-1757981266-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted B-Engineer Edonis Mod]
[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Cadillac Cien Mod]
[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Cop Edonis Mod]
[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Ferrari 360 Race Version Mod]
[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Gaz 24 Mod]
[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted McLaren F1 LM Mod]
[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Shelby GT350 Mod]
[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Toyota Corolla Levin AE86 Mod]
RegNull::
[HKEY_USERS\S-1-5-21-789336058-1757981266-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{354180F7-35BA-F7E6-99FC-4828BA2FF1E4}*]

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

exys · #7 Příspěvek od **exys** » 06 pro 2009 20:52

log Defogger:

Kód: Vybrat vše

defogger_disable by jpshortstuff (28.11.09.2)
Log created at 20:07 on 06/12/2009 (SANLY)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

log ComboFix:

ComboFix 09-12-06.02 - SANLY 06.12.2009 20:17.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1535.1079 [GMT 1:00]
Spuštěný z: c:\documents and settings\SANLY\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\SANLY\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

FILE ::
"c:\documents and settings\SANLY\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler V3.exe"
"c:\documents and settings\SANLY\Nabídka Start\Programy\Po spuštění\siszyd32.exe"
.
Error: Cfiles.dat

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\SANLY\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler V3.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ESIHDRV
-------\Legacy_MCHINJDRV
-------\Service_esihdrv
-------\Service_mchInjDrv

((((((((((((((((((((((((( Soubory vytvořené od 2009-11-06 do 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-06 17:09 . 2009-12-06 17:09 -------- d-----w- c:\program files\trend micro
2009-12-06 17:09 . 2009-12-06 17:09 -------- d-----w- C:\rsit
2009-12-05 21:14 . 2009-12-05 21:17 -------- d-----w- c:\program files\Image-Line
2009-12-05 21:13 . 2009-12-05 21:13 -------- d-----w- c:\program files\Outsim
2009-11-15 14:48 . 2005-03-10 16:00 454656 ----a-w- c:\windows\system32\AudioRecord.dll
2009-11-15 14:48 . 2005-02-24 15:21 458752 ----a-w- c:\windows\system32\AudPlayer.dll
2009-11-15 14:48 . 2005-02-24 12:11 479232 ----a-w- c:\windows\system32\AudioVisu.dll
2009-11-15 14:48 . 2005-02-24 12:11 1212416 ----a-w- c:\windows\system32\AudioInfos.dll
2009-11-15 14:48 . 2005-02-24 11:51 348160 ----a-w- c:\windows\system32\WMAFile.dll
2009-11-15 14:48 . 2005-03-11 17:37 1986560 ----a-w- c:\windows\system32\AudFile.dll
2009-11-15 14:48 . 2005-02-24 12:10 417792 ----a-w- c:\windows\system32\AudDisplay.dll
2009-11-15 14:48 . 2005-02-24 12:10 2084864 ----a-w- c:\windows\system32\AudDesign.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 14:24 . 2009-01-04 11:10 -------- d-----w- c:\program files\frozenhellmu
2009-10-31 12:15 . 2001-10-25 12:00 97580 ----a-w- c:\windows\system32\perfc005.dat
2009-10-31 12:15 . 2001-10-25 12:00 473492 ----a-w- c:\windows\system32\perfh005.dat
2009-10-30 09:57 . 2009-10-30 09:57 -------- d-----w- c:\program files\MSBuild
2009-10-30 09:57 . 2009-10-30 09:57 -------- d-----w- c:\program files\Reference Assemblies
2009-10-30 09:49 . 2009-10-30 09:49 -------- d-----w- c:\program files\MSXML 6.0
2009-10-15 12:26 . 2007-01-28 17:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-14 16:29 . 2009-10-14 16:17 -------- d-----w- c:\program files\Valve
2009-09-25 05:58 . 2004-08-17 14:49 663040 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:58 . 2004-08-17 14:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:35 . 2004-08-17 14:49 133632 ----a-w- c:\windows\system32\msv1_0.dll
2007-05-25 20:35 . 2007-05-25 20:35 33 ----a-w- c:\program files\Common Files\LanTingSys.txt
.

((((((((((((((((((((((((((((( SnapShot@2009-12-06_13.03.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2009-12-06 14:45 . 2009-12-06 14:45 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-12-06 14:48 . 2009-12-06 14:48 969728 c:\windows\Installer\5ef4f5.msi
+ 2009-12-06 14:45 . 2009-12-06 14:45 429568 c:\windows\Installer\5ef4ee.msi
+ 2009-07-20 23:03 . 2009-07-20 23:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2004-08-17 14:44 . 2009-08-14 15:23 1850112 c:\windows\system32\win32k.sys
+ 2009-08-19 16:07 . 2009-08-19 16:07 1415000 c:\windows\system32\msxml6.dll
+ 2009-07-20 23:05 . 2009-07-20 23:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-17 14:49 . 2009-07-31 04:59 1172480 c:\windows\system32\msxml3.dll
- 2004-08-17 14:49 . 2009-09-25 05:58 3084288 c:\windows\system32\mshtml.dll
+ 2004-08-17 14:49 . 2009-10-20 00:08 3084288 c:\windows\system32\mshtml.dll
- 2007-01-28 17:48 . 2009-12-06 12:07 1511544 c:\windows\system32\FNTCACHE.DAT
+ 2007-01-28 17:48 . 2009-12-06 14:52 1511544 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-17 14:44 . 2009-08-14 15:23 1850112 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-17 14:49 . 2009-07-31 04:59 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-17 14:49 . 2009-10-20 00:08 3084288 c:\windows\system32\dllcache\mshtml.dll
- 2004-08-17 14:49 . 2009-09-25 05:58 3084288 c:\windows\system32\dllcache\mshtml.dll
+ 2007-01-28 18:20 . 2009-11-05 17:36 26768832 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe silent" [X]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-16 39408]
"Google Update"="c:\documents and settings\SANLY\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-11-02 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-06 185896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-01-04 10:44 229376 ----a-w- d:\stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Easy-PrintToolBox"=c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"CHotkey"=mHotkey.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe"
"CnxDslTaskBar"="c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
"AGRSMMSG"=AGRSMMSG.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"BearShare"="c:\program files\BearShare\BearShare.exe" /pause

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\uTorrent\\uTorrent.exe"=
"c:\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2795:TCP"= 2795:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"1033:TCP"= 1033:TCP:Akamai NetSession Interface
"1482:TCP"= 1482:TCP:Akamai NetSession Interface
"1063:TCP"= 1063:TCP:Akamai NetSession Interface
"1051:TCP"= 1051:TCP:Akamai NetSession Interface
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"1082:TCP"= 1082:TCP:Akamai NetSession Interface
"1031:TCP"= 1031:TCP:Akamai NetSession Interface
"1056:TCP"= 1056:TCP:Akamai NetSession Interface
"1041:TCP"= 1041:TCP:Akamai NetSession Interface
"4428:TCP"= 4428:TCP:Akamai NetSession Interface
"2224:TCP"= 2224:TCP:Akamai NetSession Interface
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"1043:TCP"= 1043:TCP:Akamai NetSession Interface

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.7.2007 13:05 721904]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [25.10.2007 9:27 34824]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [24.10.2008 19:51 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [23.6.2008 18:12 222456]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [14.11.2008 18:11 17408]
S2 gupdate1c9a676283bbc48;Služba Google Update (gupdate1c9a676283bbc48);c:\program files\Google\Update\GoogleUpdate.exe [16.3.2009 21:31 133104]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [28.1.2007 18:48 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [28.1.2007 18:48 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [28.1.2007 18:48 60416]
S3 ddsxeiservice;ddsxeiservice2;\??\c:\sxe injected\ddsxei.sys --> c:\sxe injected\ddsxei.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [28.12.2007 23:10 13352]
S3 XDva098;XDva098;\??\c:\windows\system32\XDva098.sys --> c:\windows\system32\XDva098.sys [?]
S4 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [24.5.2008 23:07 2944]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MCHINJDRV
*Deregistered* - mchInjDrv
.
------- Doplňkový sken -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://google.sk/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 127.0.0.1:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 20:43
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x898A91F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3
\Driver\ACPI -> ACPI.sys @ 0xf7495cb8
\Driver\atapi -> 0x898a91f8
IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a0004
ParseProcedure -> TUKERNEL.EXE @ 0x8056f00e
\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a0004
ParseProcedure -> TUKERNEL.EXE @ 0x8056f00e
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf7b3aba0
PacketIndicateHandler -> NDIS.sys @ 0xf7b47b21
SendHandler -> NDIS.sys @ 0xf7b2587b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted B-Engineer Edonis Mod]
"Install Dir"="d:\\PROGRA~1\\NFSMW~1"

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Cadillac Cien Mod]
"Install Dir"="d:\\PROGRA~1\\NFSMW~1"

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Cop Edonis Mod]
"Install Dir"="d:\\PROGRA~1\\NFSMW~1"

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Ferrari 360 Race Version Mod]
"Install Dir"="d:\\Program Files\\NFS MW"

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Gaz 24 Mod]
"Install Dir"="d:\\PROGRA~1\\NFSMW~1"

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted McLaren F1 LM Mod]
"Install Dir"="d:\\PROGRA~1\\NFSMW~1"

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Shelby GT350 Mod]
"Install Dir"="d:\\PROGRA~1\\NFSMW~1"

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Toyota Corolla Levin AE86 Mod]
"Install Dir"="d:\\PROGRA~1\\NFSMW~1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(688)
d:\stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'explorer.exe'(3296)
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
d:\stardock\Object Desktop\IconPackager\iprepair.dll
d:\stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\SANLY\Local Settings\Data aplikací\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\progra~1\ICQ6.5\ICQ.exe
.
**************************************************************************
.
Celkový čas: 2009-12-06 20:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-06 19:50
ComboFix2.txt 2009-12-06 18:16

Před spuštěním: Volných bajtů: 13 053 534 208
Po spuštění: Volných bajtů: 13 045 866 496

- - End Of File - - E6AAC0002882247466E84D486AC59CFA

Zdá sa, že už je to ok, idem ešte reštart PC a uvidíme

#8 Příspěvek od **stell** » 06 pro 2009 20:58

restartni napis,ze co CPU,ale este spust zG-Mer

stiahnes specialnu verziu G-Mer
Special
uloz na plochu >>
Odpojiť sa od internetu a zatvor všetky otvorené programy,
Dočasne zakázať akékoľvek real-time aktívnej ochrany,
a spust>.prebehne kratky skan,,,
ak dostanes hlasku rootkit activity and asks if you want to run scan>>kliknes NO<<
a nastavis to takto

>> kliknes scan,<<
na konci skanu >>SAVE<< nazov das mojlog.txt>>uloz na plochu a log vloz sem,,

exys · #9 Příspěvek od **exys** » 06 pro 2009 22:29

log:
GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-06 22:27:33
Windows 5.1.2600 Service Pack 2
Running: 21d9vri9.exe; Driver: C:\DOCUME~1\SANLY\LOCALS~1\Temp\pxtdapow.sys

---- System - GMER 1.0.15 ----

SSDT spev.sys ZwCreateKey [0xF74D60E0]
SSDT spev.sys ZwEnumerateKey [0xF74F4CA4]
SSDT spev.sys ZwEnumerateValueKey [0xF74F5032]
SSDT spev.sys ZwOpenKey [0xF74D60C0]
SSDT spev.sys ZwQueryKey [0xF74F510A]
SSDT spev.sys ZwQueryValueKey [0xF74F4F8A]
SSDT spev.sys ZwSetValueKey [0xF74F519C]

INT 0x62 ? 89916BF8
INT 0x73 ? 89787BF8
INT 0x73 ? 89787BF8
INT 0x82 ? 89916BF8
INT 0x83 ? 89916BF8
INT 0x83 ? 89916BF8
INT 0x83 ? 89787BF8
INT 0x83 ? 89916BF8
INT 0xA4 ? 89787BF8
INT 0xB4 ? 89787BF8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 899151F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \FatCdrom 891F2500
Device \Driver\usbuhci \Device\USBPDO-0 897861F8
Device \Driver\PCI_PNP7276 \Device\00000051 spev.sys
Device \Driver\PCI_PNP7276 \Device\00000051 spev.sys
Device \Driver\usbuhci \Device\USBPDO-1 897861F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 898A91F8
Device \Driver\dmio \Device\DmControl\DmConfig 898A91F8
Device \Driver\dmio \Device\DmControl\DmPnP 898A91F8
Device \Driver\dmio \Device\DmControl\DmInfo 898A91F8
Device \Driver\usbuhci \Device\USBPDO-2 897861F8
Device \Driver\sptd \Device\4205881026 spev.sys
Device \Driver\usbuhci \Device\USBPDO-3 897861F8
Device \Driver\usbehci \Device\USBPDO-4 897591F8

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 899171F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 899171F8
Device \Driver\Cdrom \Device\CdRom0 897361F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 899161F8
Device \Driver\atapi \Device\Ide\IdePort0 899161F8
Device \Driver\atapi \Device\Ide\IdePort1 899161F8
Device \Driver\atapi \Device\Ide\IdePort2 899161F8
Device \Driver\atapi \Device\Ide\IdePort3

Takže, zatial sa CPU drží pod 5%, ďakujem ti moc Stell

#10 Příspěvek od **stell** » 06 pro 2009 22:42

este odstanime programy co sme pouzili,

spust defogger a otvor daemona

Odinstaluj ComboFix - Start -> Spustit - ComboFix /Uninstall -> OK

Stáhni, nainstaluj program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- PravyKlik na kos-spustit ccleaner ->>>Cakas>>na cistenie,,
PravyKlik na kos-otvorit ccleaner-záložka Windows a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na záložku Aplikace a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na Registry, stiskni Hledej problémy, po dokončení skenování klikni na Opravit vybrané problémy,
-zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Opravit všechny problémy,
Start-spustit-napis cleanmgr ok>>dalsie moznosti-obnova systemu-vycistit,,ok,,ok

OTC
2x-kliknite OTC.exe.
Kliknite na tlačidlo CleanUp!
Vyberte Áno, ak
Otvorenie procesu čistenia?
zobrazí upozornenie.
Ak sa zobrazí výzva na reštartovanie počas čistenia, vyberte Áno.
Nástroj sám zmaže, keď to skončí, ak nie odstrániť .

To je vsetko,
nemas zaco,

riman · #11 Příspěvek od **riman** » 29 pro 2009 11:58

Dobrý den, mohl bych požádat o radu s prakticky totožným problémem? Po cca 6 minutách od startu systému mi svchost vytíží cpu na 100 procent. Konkrétně se jedná opět o proces kernel32.dll!Create Thread+0x22. Projel jsem počítač online skenerem od Esetu, něco našel a snad odstranil, ale problém zůstal. Antivir mám momentálně Avast, ve free verzi a te pravidelně detekuje(asi 10 minut od startu) Win32:Malware-gen ve C:\WINDOWS\System32\Drivers\icfcrfn.sys. Zkoušel jsem využit tohoto vlákna, ale nenastala změna. Mohl tedy požádat o pomoc s mým konkrétním problémem? Zde jsou logy:

RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Uzivatel at 2009-12-29 10:52:59
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (28%) free of 80 GB
Total RAM: 1023 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:31, on 29.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Uzivatel\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Uzivatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BearShareMediaBar BHO - {E49CE891-CD83-4841-8CC9-6E284D7978D0} - C:\Program Files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: BearShare Media Bar - {E49CE899-CD83-4841-8CC9-6E284D7978D0} - C:\Program Files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: siszyd32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9343 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-854245398-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-854245398-682003330-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll [2008-01-02 496952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-27 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-13 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-27 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-14 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E49CE891-CD83-4841-8CC9-6E284D7978D0}]
BearShareMediaBar BHO - C:\Program Files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL [2007-02-02 233472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{E49CE899-CD83-4841-8CC9-6E284D7978D0} - BearShare Media Bar - C:\Program Files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL [2007-02-02 233472]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-27 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2007-02-21 366400]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-07-08 1657376]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-07-14 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-07-14 13877248]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-08 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe [2008-01-08 2124088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-20 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-07-14 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2007-02-21 366400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-14 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
C:\PROGRA~1\IVTCOR~1\BLUESO~1\BLUESO~1.EXE [2005-06-06 1183744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Po spuštění
siszyd32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:Bluetooth Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe"="C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Hry\Half-life2\hl2.exe"="D:\Hry\Half-life2\hl2.exe:*:Enabled:hl2"
"D:\Hry\Half-life2\srcds.exe"="D:\Hry\Half-life2\srcds.exe:*:Enabled:srcds"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-12-29 10:53:03 ----D---- C:\Program Files\trend micro
2009-12-29 10:52:59 ----D---- C:\rsit
2009-12-29 10:49:24 ----SHD---- C:\RECYCLER
2009-12-28 21:18:21 ----A---- C:\ComboFix.txt
2009-12-28 20:42:46 ----A---- C:\Boot.bak
2009-12-28 20:42:43 ----RASHD---- C:\cmdcons
2009-12-28 20:39:42 ----A---- C:\WINDOWS\NIRCMD.exe
2009-12-28 20:39:42 ----A---- C:\WINDOWS\MBR.exe
2009-12-28 20:39:41 ----A---- C:\WINDOWS\zip.exe
2009-12-28 20:39:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-12-28 20:39:41 ----A---- C:\WINDOWS\SWSC.exe
2009-12-28 20:39:41 ----A---- C:\WINDOWS\SWREG.exe
2009-12-28 20:39:41 ----A---- C:\WINDOWS\sed.exe
2009-12-28 20:39:41 ----A---- C:\WINDOWS\PEV.exe
2009-12-28 20:39:41 ----A---- C:\WINDOWS\grep.exe
2009-12-28 20:39:21 ----D---- C:\WINDOWS\ERDNT
2009-12-28 20:37:59 ----D---- C:\Qoobox
2009-12-28 19:57:56 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-12-28 19:57:55 ----D---- C:\Program Files\Alwil Software
2009-12-28 16:04:50 ----A---- C:\SMS2003-SP3-KB937882-X86-ENU.exe
2009-12-28 15:33:12 ----D---- C:\Documents and Settings\Uzivatel\Data aplikací\Auslogics
2009-12-28 15:31:28 ----D---- C:\Program Files\Auslogics
2009-12-28 14:23:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-28 14:13:00 ----D---- C:\Program Files\ATITool
2009-12-27 11:18:17 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2009-12-26 19:07:17 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-12-26 19:07:16 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-12-26 19:07:16 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-12-26 19:07:15 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-12-26 19:07:15 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-12-26 19:07:14 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-12-26 19:07:14 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-12-26 18:09:59 ----D---- C:\Program Files\Activision
2009-12-10 21:12:06 ----A---- C:\WINDOWS\system32\psisdecd.dll
2009-12-10 21:12:04 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2009-12-09 23:42:50 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 23:42:45 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 23:42:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 23:42:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 23:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

======List of files/folders modified in the last 1 months======

2009-12-29 10:53:03 ----RD---- C:\Program Files
2009-12-29 10:51:46 ----D---- C:\WINDOWS\Prefetch
2009-12-29 10:49:26 ----D---- C:\WINDOWS\Debug
2009-12-29 10:49:26 ----D---- C:\WINDOWS
2009-12-29 10:42:11 ----D---- C:\Program Files\Mozilla Firefox
2009-12-29 10:34:38 ----D---- C:\WINDOWS\system32\drivers
2009-12-29 10:33:10 ----D---- C:\WINDOWS\Temp
2009-12-29 02:16:32 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-12-29 02:16:31 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-28 21:16:20 ----A---- C:\WINDOWS\system.ini
2009-12-28 21:14:20 ----D---- C:\WINDOWS\system32
2009-12-28 21:14:20 ----D---- C:\WINDOWS\AppPatch
2009-12-28 21:14:18 ----D---- C:\Program Files\Common Files
2009-12-28 21:11:23 ----SHD---- C:\System Volume Information
2009-12-28 21:11:23 ----D---- C:\WINDOWS\system32\Restore
2009-12-28 21:04:09 ----D---- C:\Program Files\DAEMON Tools Lite
2009-12-28 20:46:54 ----D---- C:\WINDOWS\system32\config
2009-12-28 20:42:46 ----RASH---- C:\boot.ini
2009-12-28 20:06:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-28 19:51:29 ----D---- C:\Program Files\CCleaner
2009-12-28 19:50:36 ----D---- C:\Program Files\ESET
2009-12-28 15:35:35 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2009-12-28 15:28:57 ----A---- C:\WINDOWS\win.ini
2009-12-28 15:20:29 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-28 15:18:48 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-28 14:23:14 ----HD---- C:\WINDOWS\inf
2009-12-28 14:22:57 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-27 13:35:05 ----D---- C:\Program Files\Ubisoft
2009-12-26 19:07:57 ----SHD---- C:\WINDOWS\Installer
2009-12-26 19:07:18 ----D---- C:\WINDOWS\system32\DirectX
2009-12-16 20:23:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-10 21:01:43 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-09 23:42:40 ----D---- C:\Program Files\Internet Explorer
2009-12-08 21:39:14 ----D---- C:\Documents and Settings\Uzivatel\Data aplikací\Bioshock
2009-12-01 21:06:19 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
R1 prodrv04;Star Force copy protection driver v4; C:\WINDOWS\System32\drivers\prodrv04.sys [2008-02-10 114496]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-02-08 279712]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-02-08 25888]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-12-08 142336]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\drivers\gearaspiwdm.sys [2009-01-15 23848]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-14 7741664]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-12-08 114688]
R3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2006-03-17 1163264]
R3 p17filt;p17filt; C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 1452032]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Uzivatel\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys []
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-07-13 340704]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys []
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PolarUSB;Polar USB Interface; C:\WINDOWS\system32\DRIVERS\PolarUSB.sys [2001-07-12 17343]
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-09-18 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-09-18 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-09-18 97184]
S3 Ser2pl;MAT Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys [2005-04-30 11736]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-02-24 715248]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-10-18 241152]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 gearsec;gearsec; C:\WINDOWS\system32\gearsec.exe [2003-12-01 53248]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-07-14 168004]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-04-08 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-17 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-20 29744]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-21 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 usnjsvc;Služba Čtení deníku USN sdílených složek programu Messenger; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-14 152984]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Deffoger
defogger_disable by jpshortstuff (28.11.09.2)
Log created at 11:02 on 29/12/2009 (Uzivatel)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read icfcrfn.sys
SPTD -> Already disabled

-=E.O.F=-

ComboFix
ComboFix 09-12-28.05 - Uzivatel 29.12.2009 11:23:08.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.605 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uzivatel\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091227-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\driVERs\icfcrfn.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_icfcrfn
-------\Service_icfcrfn

((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-29 )))))))))))))))))))))))))))))))
.

2009-12-29 09:53 . 2009-12-29 09:53 -------- d-----w- c:\program files\trend micro
2009-12-29 09:52 . 2009-12-29 09:54 -------- d-----w- C:\rsit
2009-12-28 18:58 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-28 18:58 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-28 18:58 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-28 18:58 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-28 18:58 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-28 18:58 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-28 18:58 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-28 18:58 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-28 18:57 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-28 18:57 . 2009-12-28 18:57 -------- d-----w- c:\program files\Alwil Software
2009-12-28 15:04 . 2009-12-28 15:04 956288 ----a-w- C:\SMS2003-SP3-KB937882-X86-ENU.exe
2009-12-28 14:31 . 2009-12-28 14:31 -------- d-----w- c:\program files\Auslogics
2009-12-28 13:22 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-28 13:13 . 2009-12-28 13:13 -------- d-----w- c:\program files\ATITool
2009-12-27 10:19 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2009-12-27 10:19 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2009-12-27 10:19 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2009-12-27 10:19 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2009-12-27 10:18 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2009-12-27 10:18 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2009-12-27 10:18 . 2009-12-28 20:11 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-26 18:07 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-26 18:07 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-12-26 18:07 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-12-26 18:07 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-12-26 18:07 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-12-26 18:07 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-12-26 18:07 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-12-26 17:09 . 2009-12-26 17:09 -------- d-----w- c:\program files\Activision

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 20:04 . 2008-02-24 11:03 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-28 18:51 . 2007-03-10 15:20 -------- d-----w- c:\program files\CCleaner
2009-12-28 18:50 . 2007-03-10 17:14 -------- d-----w- c:\program files\ESET
2009-12-27 12:35 . 2008-05-25 08:06 -------- d-----w- c:\program files\Ubisoft
2009-12-16 19:23 . 2006-03-02 12:00 78076 ----a-w- c:\windows\system32\perfc005.dat
2009-12-16 19:23 . 2006-03-02 12:00 429080 ----a-w- c:\windows\system32\perfh005.dat
2009-12-10 20:01 . 2006-12-21 20:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-25 09:56 . 2007-05-05 20:01 -------- d-----w- c:\program files\Futuremark
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-31 18:48 . 2009-10-31 18:48 -------- d-----w- c:\program files\7-Zip
2009-10-29 07:43 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2006-03-02 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2006-03-02 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2006-03-02 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2008-01-20 13:05 . 2007-05-02 12:25 122368 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-28_19.48.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-29 10:40 . 2009-12-29 10:40 16384 c:\windows\Temp\Perflib_Perfdata_6b8.dat
+ 2006-12-21 19:39 . 2009-12-28 20:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-12-21 19:39 . 2009-12-28 19:05 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-12-21 19:39 . 2009-12-28 20:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-12-21 19:39 . 2009-12-28 19:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E49CE891-CD83-4841-8CC9-6E284D7978D0}]
2007-02-02 15:04 233472 ----a-w- c:\program files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E49CE899-CD83-4841-8CC9-6E284D7978D0}"= "c:\program files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL" [2007-02-02 233472]

[HKEY_CLASSES_ROOT\clsid\{e49ce899-cd83-4841-8cc9-6e284d7978d0}]
[HKEY_CLASSES_ROOT\TypeLib\{E49CE890-CD83-4841-8CC9-6E284D7978D0}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E49CE899-CD83-4841-8CC9-6E284D7978D0}"= "c:\program files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL" [2007-02-02 233472]

[HKEY_CLASSES_ROOT\clsid\{e49ce899-cd83-4841-8cc9-6e284d7978d0}]
[HKEY_CLASSES_ROOT\TypeLib\{E49CE890-CD83-4841-8CC9-6E284D7978D0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"P17Helper"="P17.dll" [2006-03-17 81408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Uzivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2008-4-14 23040]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
2008-01-08 10:25 2124088 ----a-w- c:\program files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-01-20 13:05 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-12 19:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-01-19 11:55 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-07-14 11:34 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-21 01:18 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-14 11:36 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Hry\\Half-life2\\hl2.exe"=
"d:\\Hry\\Half-life2\\srcds.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26201:TCP"= 26201:TCP:BitComet 26201 TCP
"26201:UDP"= 26201:UDP:BitComet 26201 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.12.2009 19:58 114768]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [10.2.2008 16:37 114496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.12.2009 19:58 20560]
R2 gearsec;gearsec;c:\windows\system32\gearsec.exe [1.12.2003 15:27 53248]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [7.8.2009 7:41 222968]
R3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [20.3.2006 18:34 1452032]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2.5.2007 13:25 29744]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.2.2007 5:21 715248]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\documents and settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\lguhf43z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561457&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561457&SearchSource=2&q=
FF - component: c:\documents and settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\lguhf43z.default\extensions\{b23920f4-4c2f-412b-9450-1d7028d5454e}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 11:41
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\siszyd32.exe 23040 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-436374069-854245398-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:49,f8,91,a1,4a,e6,91,36,fa,4e,e4,46,7d,cd,f3,59,d7,6d,d3,68,e1,14,32,
d2,35,a7,59,13,3c,2d,df,8d,a6,e3,83,d2,22,a0,08,a7,f7,ac,de,96,24,a8,3f,95,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3640)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Alwil Software\Avast4\setup\avast.setup
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2009-12-29 11:51:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-29 10:50
ComboFix2.txt 2009-12-28 20:18
ComboFix3.txt 2009-12-28 19:56

Před spuštěním: Volných bajtů: 23 287 902 208
Po spuštění: Volných bajtů: 23 264 239 616

- - End Of File - - 2909633144C555536F81462F09E716EA

Děkuji mnohokrát

#12 Příspěvek od **stell** » 29 pro 2009 12:24

zdravim
stale treba zalozit novu temu,nakolko ja nemusim byt online a potom nikto si ta nevsimne,,ale ked si uz tu tak co s tebou..
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
File::
c:\windows\system32\fjhdyfhsn.bat
C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Po spuštění\siszyd32.exe
Rootkit::
c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\siszyd32.exe

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

riman · #13 Příspěvek od **riman** » 29 pro 2009 12:40

ok, díky moc. zkusím jak se dostanu k tomu pc. ten nový log mám tedy vložit do tohoto vlákna a pokračovat v něm. nebo do nového a hodit odkaz na toto staré?

#14 Příspěvek od **stell** » 29 pro 2009 13:02

nie,,uz log potom vloz sem,

riman · #15 Příspěvek od **riman** » 29 pro 2009 18:13

Takže to vypadá, že je to OK, takže díky moc! Přikládám log ComboFixu a GMERu

ComboFix:
ComboFix 09-12-28.05 - Uzivatel 29.12.2009 16:45:32.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.698 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uzivatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uzivatel\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091229-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\siszyd32.exe"
"c:\windows\system32\fjhdyfhsn.bat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fjhdyfhsn.bat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-29 )))))))))))))))))))))))))))))))
.

2009-12-29 09:53 . 2009-12-29 09:53 -------- d-----w- c:\program files\trend micro
2009-12-29 09:52 . 2009-12-29 09:54 -------- d-----w- C:\rsit
2009-12-28 18:58 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-28 18:58 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-28 18:58 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-28 18:58 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-28 18:58 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-28 18:58 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-28 18:58 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-28 18:58 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-28 18:57 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-28 18:57 . 2009-12-28 18:57 -------- d-----w- c:\program files\Alwil Software
2009-12-28 15:04 . 2009-12-28 15:04 956288 ----a-w- C:\SMS2003-SP3-KB937882-X86-ENU.exe
2009-12-28 14:31 . 2009-12-28 14:31 -------- d-----w- c:\program files\Auslogics
2009-12-28 13:22 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-28 13:13 . 2009-12-28 13:13 -------- d-----w- c:\program files\ATITool
2009-12-27 10:19 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2009-12-27 10:19 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2009-12-27 10:19 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2009-12-27 10:19 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2009-12-27 10:18 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2009-12-27 10:18 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2009-12-26 18:07 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-26 18:07 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-12-26 18:07 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-12-26 18:07 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-12-26 18:07 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-12-26 18:07 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-12-26 18:07 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-12-26 17:09 . 2009-12-26 17:09 -------- d-----w- c:\program files\Activision

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 20:04 . 2008-02-24 11:03 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-28 18:51 . 2007-03-10 15:20 -------- d-----w- c:\program files\CCleaner
2009-12-28 18:50 . 2007-03-10 17:14 -------- d-----w- c:\program files\ESET
2009-12-27 12:35 . 2008-05-25 08:06 -------- d-----w- c:\program files\Ubisoft
2009-12-16 19:23 . 2006-03-02 12:00 78076 ----a-w- c:\windows\system32\perfc005.dat
2009-12-16 19:23 . 2006-03-02 12:00 429080 ----a-w- c:\windows\system32\perfh005.dat
2009-12-10 20:01 . 2006-12-21 20:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-25 09:56 . 2007-05-05 20:01 -------- d-----w- c:\program files\Futuremark
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-31 18:48 . 2009-10-31 18:48 -------- d-----w- c:\program files\7-Zip
2009-10-29 07:43 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2006-03-02 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2006-03-02 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2006-03-02 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2008-01-20 13:05 . 2007-05-02 12:25 122368 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-28_19.48.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-29 16:01 . 2009-12-29 16:01 16384 c:\windows\temp\Perflib_Perfdata_6bc.dat
+ 2006-12-21 19:39 . 2009-12-28 20:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-12-21 19:39 . 2009-12-28 19:05 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-12-21 19:39 . 2009-12-28 20:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-12-21 19:39 . 2009-12-28 19:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E49CE891-CD83-4841-8CC9-6E284D7978D0}]
2007-02-02 15:04 233472 ----a-w- c:\program files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E49CE899-CD83-4841-8CC9-6E284D7978D0}"= "c:\program files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL" [2007-02-02 233472]

[HKEY_CLASSES_ROOT\clsid\{e49ce899-cd83-4841-8cc9-6e284d7978d0}]
[HKEY_CLASSES_ROOT\TypeLib\{E49CE890-CD83-4841-8CC9-6E284D7978D0}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E49CE899-CD83-4841-8CC9-6E284D7978D0}"= "c:\program files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL" [2007-02-02 233472]

[HKEY_CLASSES_ROOT\clsid\{e49ce899-cd83-4841-8cc9-6e284d7978d0}]
[HKEY_CLASSES_ROOT\TypeLib\{E49CE890-CD83-4841-8CC9-6E284D7978D0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"P17Helper"="P17.dll" [2006-03-17 81408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
2008-01-08 10:25 2124088 ----a-w- c:\program files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-01-20 13:05 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-12 19:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-01-19 11:55 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-07-14 11:34 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-21 01:18 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-14 11:36 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Hry\\Half-life2\\hl2.exe"=
"d:\\Hry\\Half-life2\\srcds.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26201:TCP"= 26201:TCP:BitComet 26201 TCP
"26201:UDP"= 26201:UDP:BitComet 26201 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.12.2009 19:58 114768]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [10.2.2008 16:37 114496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.12.2009 19:58 20560]
R2 gearsec;gearsec;c:\windows\system32\gearsec.exe [1.12.2003 15:27 53248]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [7.8.2009 7:41 222968]
R3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [20.3.2006 18:34 1452032]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2.5.2007 13:25 29744]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.2.2007 5:21 715248]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\documents and settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\lguhf43z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561457&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561457&SearchSource=2&q=
FF - component: c:\documents and settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\lguhf43z.default\extensions\{b23920f4-4c2f-412b-9450-1d7028d5454e}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 17:01
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-436374069-854245398-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:49,f8,91,a1,4a,e6,91,36,fa,4e,e4,46,7d,cd,f3,59,d7,6d,d3,68,e1,14,32,
d2,35,a7,59,13,3c,2d,df,8d,a6,e3,83,d2,22,a0,08,a7,f7,ac,de,96,24,a8,3f,95,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3776)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2009-12-29 17:05:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-29 16:05
ComboFix2.txt 2009-12-29 10:51
ComboFix3.txt 2009-12-28 20:18
ComboFix4.txt 2009-12-28 19:56

Před spuštěním: Volných bajtů: 23 273 271 296
Po spuštění: Volných bajtů: 23 229 968 384

- - End Of File - - 13F4D4E299514574E0525D5F446D8B1D

GMER:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-29 18:09:07
Windows 5.1.2600 Service Pack 3
Running: vl84ml8e.exe; Driver: C:\DOCUME~1\Uzivatel\LOCALS~1\Temp\pfliipob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB1FEA6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB1FEA574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB1FEAA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB1FEA14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB1FEA64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB1FEA08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB1FEA0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB1FEA76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB1FEA72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB1FEA8AE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\prodrv04 \Device\ProDrv04 86B79818

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\nvata \Device\00000091 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\00000093 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\nvata \Device\NvAta0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\NvAta1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\NvAta2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFD 0x0E 0xB8 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAA 0x90 0x58 0x78 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x18 0xE1 0x96 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3B 0x81 0x7D 0x95 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFD 0x0E 0xB8 0xA6 ...

---- EOF - GMER 1.0.15 ----

Můžu už podle výše uvedeného postupu odstranit použitý software?

VIRY.CZ

100% CPU - kernel32.dll

100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll

Re: 100% CPU - kernel32.dll