Pomaly start a stale pripojeny velkokapacitni zarizeni

Zpráva

pupupaj · #1 Příspěvek od **pupupaj** » 19 čer 2011 14:15

Dobry den,

rad bych pozadal o kontrolu logu tohoto pocitace. Pri startu jakehokoliv uzivatele vzdy zustane pripojeno velkokapacitni zarizeni, pritom zadne fyzicky pripojeno neni. Dale start trva asi pres 2 minuty, nez je mozno na cokoliv kliknout (spotreba pameti stoupne asi na 1.5G a pak klesne na 350MB. Pocitac ma 512MB RAM a nainstalovan Windows XP.

Predem dekuju za jakoukoliv reakci.

prikladam log z RSI:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Uzivatel at 2011-06-19 15:05:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 54 GB (74%) free of 74 GB
Total RAM: 511 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:05:39, on 19.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Documents and Settings\Uzivatel\Local Settings\Data aplikací\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\WINDOWS\ExplorerH.exe
C:\WINDOWS\WinHel.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Uzivatel\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Uzivatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: (no name) - {D4CF558B-745C-44FF-854F-D6FCAE69B6E1} - C:\PROGRA~1\C4E80.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Service Agent] agl232.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\RunServices: [Windows Service Agent] agl232.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Uzivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Windows Service Agent] agl232.exe
O4 - HKCU\..\Run: [ExplorerH] C:\WINDOWS\ExplorerH.exe
O4 - HKCU\..\Run: [WinHel] C:\WINDOWS\WinHel.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_cs;_rv:1.9.2.13)_Gecko/20101203_Firefox/3.6.13_(_.NET_CLR_3.5.30729;_.NET4.0E)" -"http://www.hry-online.com/game-oddechov ... t_sesh.dcr"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Program Files\4shared Desktop\down_all.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0249963812
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.icq.com/online/online2/zum ... der_v6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 11274 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2365915877-293542904-1637128319-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2365915877-293542904-1637128319-1006UA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\MpIdleTask.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{34E92BE3-916B-4BC6-8295-F10140971E64}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
ShoppingReport

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll [2008-04-23 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-11-20 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-16 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-16 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4CF558B-745C-44FF-854F-D6FCAE69B6E1}]
C:\PROGRA~1\C4E80.dll [2011-04-22 445952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-20 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll [2008-04-23 520192]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=Alaunch []
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\smax4.exe [2004-09-23 860160]
"SiSPower"=SiSPower.dll,ModeAgent []
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-11-09 128920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"Windows Service Agent"=agl232.exe []
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Uzivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-12-23 136176]
"Windows Service Agent"=agl232.exe []
"ExplorerH"=C:\WINDOWS\ExplorerH.exe [2011-06-14 700416]
"WinHel"=C:\WINDOWS\WinHel.exe [2011-06-14 761856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-03-29 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"MaxRecentDocs"=10

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer eConsole\MediaSync.exe"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\Program Files\Acer\Acer eConsole\eConsole.exe"="C:\Program Files\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\Program Files\Acer\Acer eConsole\MediaServerService.exe"="C:\Program Files\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\Program Files\Acer TV-FM\PowerCinema.exe"="C:\Program Files\Acer TV-FM\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\Program Files\Acer TV-FM\PCMService.exe"="C:\Program Files\Acer TV-FM\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Groove Games\Combat\System\Combat.exe"="C:\Program Files\Groove Games\Combat\System\Combat.exe:*:Enabled:Combat"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Uzivatel\Dokumenty\Stažené soubory\facebook-pic00320123561(2).exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"c:\windows\temp\wdtgds.exe"="c:\windows\smss.exe:*:Enabled:Windows System Controler"
"Windows Update System"="C:\Documents and Settings\Uzivatel\Data aplikací\hidserv.exe"
"WindowsUpdate"="C:\Documents and Settings\Uzivatel\Data aplikací\svchost.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-06-19 15:05:24 ----DC---- C:\rsit
2011-06-19 13:42:11 ----A---- C:\WINDOWS\OEWABLog.txt
2011-06-19 13:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2492386$
2011-06-19 12:31:32 ----A---- C:\WINDOWS\system32\mirc.ini
2011-06-19 11:50:15 ----D---- C:\Program Files\Microsoft Security Client
2011-06-19 10:52:48 ----DC---- C:\Kalkulace zakázek
2011-06-19 10:26:18 ----D---- C:\Program Files\ESET
2011-06-19 10:12:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2503665$
2011-06-19 10:12:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2011-06-19 09:33:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276$
2011-06-19 09:33:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2011-06-19 09:32:59 ----A---- C:\WINDOWS\imsins.BAK
2011-06-19 09:32:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893$
2011-06-19 09:30:06 ----D---- C:\Program Files\totalcmd
2011-06-19 09:30:06 ----A---- C:\WINDOWS\UC.PIF
2011-06-19 09:30:06 ----A---- C:\WINDOWS\RAR.PIF
2011-06-19 09:30:06 ----A---- C:\WINDOWS\PKZIP.PIF
2011-06-19 09:30:06 ----A---- C:\WINDOWS\PKUNZIP.PIF
2011-06-19 09:30:06 ----A---- C:\WINDOWS\NOCLOSE.PIF
2011-06-19 09:30:06 ----A---- C:\WINDOWS\LHA.PIF
2011-06-19 09:30:06 ----A---- C:\WINDOWS\ARJ.PIF
2011-06-14 16:41:45 ----RASH---- C:\WINDOWS\WinHel.exe
2011-06-14 16:41:15 ----RASH---- C:\WINDOWS\ExplorerH.exe
2011-06-14 16:37:16 ----A---- C:\WINDOWS\h2.exe
2011-06-14 16:36:35 ----A---- C:\WINDOWS\h1.exe
2011-05-26 13:50:18 ----A---- C:\WINDOWS\system32\wmv8dmod.dll
2011-05-26 13:50:17 ----A---- C:\WINDOWS\system32\mpg4c32.dll
2011-05-21 22:20:42 ----D---- C:\WINDOWS\system32\xlive
2011-05-21 22:20:41 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2011-05-21 22:19:52 ----D---- C:\WINDOWS\system32\AGEIA
2011-05-21 22:19:51 ----D---- C:\Program Files\AGEIA Technologies
2011-05-21 22:19:30 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-05-21 22:19:27 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2011-05-21 22:19:27 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2011-05-21 22:19:27 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2011-05-21 22:19:26 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2011-05-21 22:19:26 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2011-05-21 22:19:26 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2011-05-21 22:19:25 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2011-05-21 22:19:25 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2011-05-21 22:19:25 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2011-05-21 22:19:24 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2011-05-21 22:19:24 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2011-05-21 22:19:24 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2011-05-21 22:19:23 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2011-05-21 10:38:23 ----D---- C:\Program Files\uTorrent
2011-05-21 10:37:38 ----D---- C:\Documents and Settings\Uzivatel\Data aplikací\uTorrent

======List of files/folders modified in the last 1 months======

2011-06-19 15:05:32 ----D---- C:\Program Files\trend micro
2011-06-19 15:03:56 ----SD---- C:\WINDOWS\Tasks
2011-06-19 15:03:56 ----D---- C:\WINDOWS\system32\CatRoot2
2011-06-19 15:03:21 ----D---- C:\WINDOWS\temp
2011-06-19 14:48:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-06-19 14:47:51 ----A---- C:\WINDOWS\WINCMD.INI
2011-06-19 14:44:15 ----ADC---- C:\acer
2011-06-19 14:17:53 ----SHD---- C:\RECYCLER
2011-06-19 14:05:15 ----SHD---- C:\WINDOWS\Installer
2011-06-19 14:05:12 ----RD---- C:\Program Files
2011-06-19 14:05:12 ----D---- C:\Program Files\Windows Media Player
2011-06-19 14:05:07 ----D---- C:\Documents and Settings
2011-06-19 14:02:38 ----AD---- C:\WINDOWS
2011-06-19 13:41:27 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2011-06-19 13:41:27 ----D---- C:\WINDOWS\AppPatch
2011-06-19 13:38:32 ----HD---- C:\WINDOWS\inf
2011-06-19 13:38:21 ----RSHD---- C:\WINDOWS\system32\dllcache
2011-06-19 13:38:11 ----HD---- C:\WINDOWS\$hf_mig$
2011-06-19 13:37:52 ----D---- C:\Program Files\Internet Explorer
2011-06-19 13:37:00 ----D---- C:\WINDOWS\system32\CatRoot
2011-06-19 13:13:26 ----D---- C:\WINDOWS\system32\download
2011-06-19 13:11:27 ----A---- C:\Documents and Settings\Uzivatel\Data aplikací\inst.exe
2011-06-19 12:48:01 ----AD---- C:\WINDOWS\system32\drivers
2011-06-19 12:47:14 ----D---- C:\Program Files\Samsung
2011-06-19 12:47:11 ----AD---- C:\WINDOWS\system32
2011-06-19 12:42:06 ----D---- C:\WINDOWS\Prefetch
2011-06-19 12:30:54 ----D---- C:\Program Files\Microsoft Silverlight
2011-06-19 12:30:53 ----D---- C:\WINDOWS\SxsCaPendDel
2011-06-19 12:20:39 ----D---- C:\Program Files\DsNET Corp
2011-06-19 12:19:06 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-06-19 12:17:15 ----D---- C:\WINDOWS\Microsoft.NET
2011-06-19 12:14:28 ----RSD---- C:\WINDOWS\assembly
2011-06-19 12:08:09 ----RSHD---- C:\WINDOWS\system32\explorer.exe
2011-06-19 11:51:31 ----D---- C:\Program Files\FreeTime
2011-06-19 11:50:57 ----D---- C:\Program Files\FlatOut2
2011-06-19 11:50:18 ----HD---- C:\Program Files\InstallShield Installation Information
2011-06-19 11:06:27 ----RD---- C:\Program Files\Skype
2011-06-19 11:03:10 ----D---- C:\Program Files\CCleaner
2011-06-19 10:26:46 ----D---- C:\WINDOWS\system32\MpEngineStore
2011-06-19 10:26:43 ----A---- C:\WINDOWS\system32\MRT.INI
2011-06-19 10:23:03 ----A---- C:\WINDOWS\NeroDigital.ini
2011-06-19 10:21:00 ----D---- C:\WINDOWS\Debug
2011-06-19 10:20:30 ----A---- C:\WINDOWS\system32\MRT.exe
2011-06-19 10:19:32 ----D---- C:\WINDOWS\WinSxS
2011-06-19 10:19:32 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-06-19 10:17:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-19 10:12:42 ----D---- C:\WINDOWS\ie8updates
2011-06-18 16:24:19 ----A---- C:\WINDOWS\system32\sysingB32.dll
2011-06-17 14:06:55 ----D---- C:\Program Files\Mozilla Firefox
2011-06-12 15:43:54 ----A---- C:\WINDOWS\GTA-SA_Trn_Settings.ini
2011-05-31 00:12:53 ----A---- C:\WINDOWS\system32\mshtml.dll
2011-05-21 22:21:03 ----D---- C:\WINDOWS\system32\DirectX
2011-05-21 22:20:42 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-05-21 22:19:30 ----D---- C:\Program Files\Common Files
2011-05-21 22:04:51 ----D---- C:\Documents and Settings\Uzivatel\Data aplikací\Skype
2011-05-21 17:22:05 ----D---- C:\Documents and Settings\Uzivatel\Data aplikací\skypePM
2011-05-21 13:09:27 ----A---- C:\WINDOWS\system32\CmdLineExt.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-08-10 19968]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-12-12 717296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-02-20 54280]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 MpKsl28a3fc71;MpKsl28a3fc71; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{98A33666-CBA9-43D1-9DD3-2355E63EAFF0}\MpKsl28a3fc71.sys []
R1 MpKsla661690d;MpKsla661690d; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{98A33666-CBA9-43D1-9DD3-2355E63EAFF0}\MpKsla661690d.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-08-26 11904]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-02-20 71176]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-12-27 127872]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-03-29 2873856]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-12-13 223128]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 int15.sys;int15.sys; \??\C:\acer\Empowering Technology\eRecovery\int15.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-01-26 6144]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-12-27 392704]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2005-12-27 32256]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2005-12-27 88960]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-04-24 47360]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-09-04 261632]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]
S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-10-04 280064]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-03-29 536576]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-20 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-08 171040]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-03-28 593920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-16 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 19 čer 2011 14:42

Zdravim a pekny den preji

Mate tam celou zoo i s babkou pokladni

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

pupupaj · #3 Příspěvek od **pupupaj** » 19 čer 2011 15:12

Moc dekuju za pomoc.
Log z ComboFixu:

ComboFix 11-06-17.04 - Uzivatel 19.06.2011 15:53:05.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.187 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uzivatel\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dokumenty\Readiris.DUS
c:\documents and settings\Uzivatel\Data aplikací\B.tmp
c:\documents and settings\Uzivatel\Data aplikací\pcouffin.sys
c:\documents and settings\Uzivatel\Data aplikací\ShoppingReport
c:\documents and settings\Uzivatel\Data aplikací\ShoppingReport\cs\Config.xml
c:\documents and settings\Uzivatel\Data aplikací\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Uzivatel\Data aplikací\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Uzivatel\Data aplikací\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Uzivatel\Data aplikací\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Uzivatel\Data aplikací\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Uzivatel\Data aplikací\ShoppingReport\cs\res2\WhiteList.dbs
c:\documents and settings\Uzivatel\Local Settings\Data aplikací\DoubleD
c:\documents and settings\Uzivatel\WINDOWS
c:\progra~1\C4E80.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\ShoppingReport
c:\program files\Windows NT\DATA
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\h1.exe
c:\windows\h2.exe
c:\windows\IsUn0405.exe
c:\windows\system32\Download
c:\windows\system32\email.txt
c:\windows\system32\explorer.exe
c:\windows\system32\Chans.dll
c:\windows\system32\install
c:\windows\system32\logs
c:\windows\system32\mirc.ini
c:\windows\system32\nHTMLn_2.95.dll
c:\windows\system32\server.dll
c:\windows\system32\sounds
c:\windows\system32\sysingB32.dll
c:\windows\system32\win.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-19 do 2011-06-19 )))))))))))))))))))))))))))))))
.
.
2011-06-19 13:05 . 2011-06-19 13:05 -------- dc----w- C:\rsit
2011-06-19 12:58 . 2011-06-19 12:58 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{98A33666-CBA9-43D1-9DD3-2355E63EAFF0}\MpKsl28a3fc71.sys
2011-06-19 12:49 . 2011-06-19 12:49 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{98A33666-CBA9-43D1-9DD3-2355E63EAFF0}\MpKsla661690d.sys
2011-06-19 12:05 . 2011-06-19 12:43 -------- d-----w- c:\documents and settings\Jarmila
2011-06-19 12:04 . 2011-06-19 12:05 -------- d-----w- c:\documents and settings\Honza
2011-06-19 12:02 . 2011-06-19 12:04 -------- d-----w- c:\documents and settings\Jirka
2011-06-19 11:42 . 2011-06-19 11:45 -------- d-----w- c:\documents and settings\Marek
2011-06-19 09:54 . 2011-05-09 11:46 6962000 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{98A33666-CBA9-43D1-9DD3-2355E63EAFF0}\mpengine.dll
2011-06-19 09:50 . 2011-06-19 09:51 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-19 08:52 . 2011-06-19 08:53 -------- dc----w- C:\Kalkulace zakázek
2011-06-19 08:26 . 2011-06-19 08:26 -------- d-----w- c:\program files\ESET
2011-06-19 07:30 . 2011-06-19 07:35 -------- d-----w- c:\program files\totalcmd
2011-06-19 07:30 . 2010-12-17 05:56 545 ----a-w- c:\windows\UC.PIF
2011-06-19 07:30 . 2010-12-17 05:56 545 ----a-w- c:\windows\RAR.PIF
2011-06-19 07:30 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-06-19 07:30 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-06-19 07:30 . 2010-12-17 05:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-06-19 07:30 . 2010-12-17 05:56 545 ----a-w- c:\windows\LHA.PIF
2011-06-19 07:30 . 2010-12-17 05:56 545 ----a-w- c:\windows\ARJ.PIF
2011-06-19 06:50 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-18 14:23 . 2011-06-18 14:23 117 ----a-w- c:\windows\system32\1357.reg
2011-06-18 14:23 . 2011-06-18 14:23 101 ----a-w- c:\windows\system32\1714.reg
2011-06-18 14:22 . 2011-06-18 14:22 101 ----a-w- c:\windows\system32\85.reg
2011-06-17 05:49 . 2011-06-17 05:49 101 ----a-w- c:\windows\system32\1479.reg
2011-06-16 16:41 . 2011-06-16 16:41 101 ----a-w- c:\windows\system32\209.reg
2011-06-16 16:38 . 2011-06-16 16:38 101 ----a-w- c:\windows\system32\1722.reg
2011-06-15 16:57 . 2011-06-15 16:57 117 ----a-w- c:\windows\system32\1875.reg
2011-06-15 16:57 . 2011-06-15 16:57 101 ----a-w- c:\windows\system32\136.reg
2011-06-15 16:56 . 2011-06-15 16:56 101 ----a-w- c:\windows\system32\693.reg
2011-06-15 11:10 . 2011-06-15 11:10 117 ----a-w- c:\windows\system32\105.reg
2011-06-15 11:10 . 2011-06-15 11:10 101 ----a-w- c:\windows\system32\933.reg
2011-06-15 11:09 . 2011-06-15 11:09 101 ----a-w- c:\windows\system32\938.reg
2011-06-14 14:50 . 2011-06-14 14:50 117 ----a-w- c:\windows\system32\1746.reg
2011-06-14 14:49 . 2011-06-14 14:49 101 ----a-w- c:\windows\system32\1571.reg
2011-06-14 14:49 . 2011-06-14 14:49 101 ----a-w- c:\windows\system32\1698.reg
2011-06-14 14:46 . 2011-06-14 14:46 101 ----a-w- c:\windows\system32\288.reg
2011-06-14 14:41 . 2011-06-14 14:37 761856 --sha-r- c:\windows\WinHel.exe
2011-06-14 14:41 . 2011-06-14 14:36 700416 --sha-r- c:\windows\ExplorerH.exe
2011-06-07 10:35 . 2011-06-07 10:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-06-05 18:05 . 2011-06-05 18:05 101 ----a-w- c:\windows\system32\1209.reg
2011-05-26 11:50 . 2010-04-05 11:31 241664 ----a-w- c:\windows\system32\mp4sds32.ax
2011-05-26 11:50 . 2001-05-16 15:54 309616 ----a-w- c:\windows\system32\wmv8dmod.dll
2011-05-26 11:50 . 2001-05-11 11:18 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2011-05-21 20:20 . 2011-05-21 20:20 -------- d-----w- c:\windows\system32\xlive
2011-05-21 20:20 . 2011-06-19 11:03 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2011-05-21 10:58 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-05-21 10:58 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-05-21 10:58 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-05-21 10:58 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-05-21 10:58 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-05-21 10:58 . 2011-05-21 10:58 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-05-21 10:58 . 2011-05-21 10:58 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-05-21 09:20 . 2011-05-21 09:20 101 ----a-w- c:\windows\system32\1976.reg
2011-05-21 08:38 . 2011-05-21 08:38 -------- d-----w- c:\program files\uTorrent
2011-05-21 08:37 . 2011-06-12 10:55 -------- d-----w- c:\documents and settings\Uzivatel\Data aplikací\uTorrent
2011-05-21 08:37 . 2011-05-21 08:37 101 ----a-w- c:\windows\system32\147.reg
2011-05-21 06:40 . 2011-05-21 06:40 101 ----a-w- c:\windows\system32\1065.reg
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-19 11:11 . 2008-04-24 13:43 87608 ----a-w- c:\documents and settings\Uzivatel\Data aplikací\inst.exe
2011-05-21 11:09 . 2008-11-25 14:47 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-02 15:32 . 2004-08-18 20:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2005-01-19 04:26 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2005-07-03 02:17 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2004-08-18 20:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2004-08-18 20:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-18 20:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-18 20:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ExplorerH"="c:\windows\ExplorerH.exe" [2011-06-14 700416]
"WinHel"="c:\windows\WinHel.exe" [2011-06-14 761856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SiSPower"="SiSPower.dll" [2005-08-26 49152]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 10 (0xa)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"MediaSync"=c:\program files\Acer\Acer eConsole\MediaSync.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"PCMService"="c:\program files\Acer TV-FM\PCMService.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"Windows Update System"= c:\documents and settings\Uzivatel\Data aplikací\hidserv.exe
"WindowsUpdate"= c:\documents and settings\Uzivatel\Data aplikací\svchost.exe
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.4.2008 14:12 717296]
R1 MpKsl28a3fc71;MpKsl28a3fc71;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{98A33666-CBA9-43D1-9DD3-2355E63EAFF0}\MpKsl28a3fc71.sys [19.6.2011 14:58 28752]
R1 MpKsla661690d;MpKsla661690d;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{98A33666-CBA9-43D1-9DD3-2355E63EAFF0}\MpKsla661690d.sys [19.6.2011 14:49 28752]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 11:28 84520]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4.3.2011 20:29 36608]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [24.12.2010 21:51 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [24.12.2010 21:51 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [24.12.2010 21:51 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [24.12.2010 21:51 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [24.12.2010 21:51 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [24.12.2010 21:51 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [24.12.2010 21:51 109864]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 22:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL28A3FC71
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
2011-06-19 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
2011-06-19 c:\windows\Tasks\User_Feed_Synchronization-{34E92BE3-916B-4BC6-8295-F10140971E64}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\ad0g1x0i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/logoutProcess?hashId=543963906
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{6b35a719-2cbb-4834-8538-7ac1d19a9664}: {6b35a719-2cbb-4834-8538-7ac1d19a9664} - c:\program files\Mozilla Firefox\extensions\{6b35a719-2cbb-4834-8538-7ac1d19a9664}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Runtime VFP - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-19 16:03
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2365915877-293542904-1637128319-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2365915877-293542904-1637128319-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d5,65,87,a0,f5,aa,71,20,59,f1,cc,19,2d,01,fe,89,15,1d,5d,e9,56,fe,dc,
e1,1c,71,9c,2a,d6,fb,69,c1,0b,da,06,31,b5,8a,be,e4,26,a8,24,9a,dc,f0,4e,ac,\
"??"=hex:a8,0a,8f,71,28,e1,48,cc,ca,21,53,87,3f,0a,02,82
.
[HKEY_USERS\S-1-5-21-2365915877-293542904-1637128319-1006\Software\SecuROM\License information*]
"datasecu"=hex:cf,4a,24,cd,f7,2f,b5,bf,76,fe,b9,c5,52,34,6b,21,df,40,1d,bc,1a,
e7,6e,8e,92,65,d9,57,d7,1a,e4,d0,e1,28,c2,2a,a4,02,f7,d6,29,c2,e1,46,8f,f3,\
"rkeysecu"=hex:c8,47,e6,a4,c9,af,ab,9a,55,ff,1e,59,15,0e,4a,0c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-06-19 16:07:36
ComboFix-quarantined-files.txt 2011-06-19 14:07
.
Před spuštěním: Volných bajtů: 56 679 993 344
Po spuštění: Volných bajtů: 56 823 361 536
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=JKBS0S /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Záloha)" /noexecute=optin /fastdetect /TUTag=JKBS0S-BAK
.
- - End Of File - - 219310DDF5D1C92488FD3A0569DD1689

pupupaj · #4 Příspěvek od **pupupaj** » 19 čer 2011 17:20

Moc se omlouvam, ze se ozyvam, ale za hodinu bych mel odjet od pribuznych a rad bych stihl jim trosku pomoc. Samozrejme chapu, pokud neni cas.

#5 Příspěvek od **vyosek** » 19 čer 2011 21:06

Omlouvam se za zdrzeni, mel jsem mimoradku v praci

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\program files\ESET

File::
c:\windows\system32\1357.reg
c:\windows\system32\1714.reg
c:\windows\system32\85.reg
c:\windows\system32\1479.reg
c:\windows\system32\209.reg
c:\windows\system32\1722.reg
c:\windows\system32\1875.reg
c:\windows\system32\136.reg
c:\windows\system32\693.reg
c:\windows\system32\105.reg
c:\windows\system32\933.reg
c:\windows\system32\938.reg
c:\windows\system32\1746.reg
c:\windows\system32\1571.reg
c:\windows\system32\1698.reg
c:\windows\system32\288.reg
c:\windows\system32\1209.reg
c:\windows\system32\1976.reg
c:\windows\system32\147.reg
c:\windows\system32\1065.reg

Collect::
c:\windows\WinHel.exe
c:\documents and settings\Uzivatel\Data aplikací\inst.exe
c:\windows\ExplorerH.exe
c:\documents and settings\Uzivatel\Data aplikací\hidserv.exe
c:\documents and settings\Uzivatel\Data aplikací\svchost.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ExplorerH"=-
"WinHel"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=-
"NeroFilterCheck"=-
"DAEMON Tools"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"Windows Update System"=-
"WindowsUpdate"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"=-

Firefox::
FF - ProfilePath - c:\documents and settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\ad0g1x0i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/logoutProcess?hashId=543963906
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.9&q=
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{6b35a719-2cbb-4834-8538-7ac1d19a9664}: {6b35a719-2cbb-4834-8538-7ac1d19a9664} - c:\program files\Mozilla Firefox\extensions\{6b35a719-2cbb-4834-8538-7ac1d19a9664}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

RegLock::
[HKEY_USERS\S-1-5-21-2365915877-293542904-1637128319-1006\Software\Microsoft\SystemCertificates\AddressBook*]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

pupupaj · #6 Příspěvek od **pupupaj** » 05 črc 2011 10:23

Ahoj, nic se nedeje, ja sem to teda udelal hold o par tydnu pozdeji

takze dalsi vypis z combofixu po aplikovani skriptu.

A dekuju

ComboFix 11-07-04.02 - Uzivatel 05.07.2011 10:53:33.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.204 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uzivatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uzivatel\Plocha\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\105.reg"
"c:\windows\system32\1065.reg"
"c:\windows\system32\1209.reg"
"c:\windows\system32\1357.reg"
"c:\windows\system32\136.reg"
"c:\windows\system32\147.reg"
"c:\windows\system32\1479.reg"
"c:\windows\system32\1571.reg"
"c:\windows\system32\1698.reg"
"c:\windows\system32\1714.reg"
"c:\windows\system32\1722.reg"
"c:\windows\system32\1746.reg"
"c:\windows\system32\1875.reg"
"c:\windows\system32\1976.reg"
"c:\windows\system32\209.reg"
"c:\windows\system32\288.reg"
"c:\windows\system32\693.reg"
"c:\windows\system32\85.reg"
"c:\windows\system32\933.reg"
"c:\windows\system32\938.reg"
.
file zipped: c:\documents and settings\Uzivatel\Data aplikací\inst.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\extensions\{6b35a719-2cbb-4834-8538-7ac1d19a9664}
c:\program files\Mozilla Firefox\extensions\{6b35a719-2cbb-4834-8538-7ac1d19a9664}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6b35a719-2cbb-4834-8538-7ac1d19a9664}\chrome\content\lex-overlay.xul
c:\program files\Mozilla Firefox\extensions\{6b35a719-2cbb-4834-8538-7ac1d19a9664}\chrome\content\lexicon.js
c:\program files\Mozilla Firefox\extensions\{6b35a719-2cbb-4834-8538-7ac1d19a9664}\install.rdf
c:\windows\system32\105.reg
c:\windows\system32\1065.reg
c:\windows\system32\1209.reg
c:\windows\system32\1357.reg
c:\windows\system32\136.reg
c:\windows\system32\147.reg
c:\windows\system32\1479.reg
c:\windows\system32\1571.reg
c:\windows\system32\1698.reg
c:\windows\system32\1714.reg
c:\windows\system32\1722.reg
c:\windows\system32\1746.reg
c:\windows\system32\1875.reg
c:\windows\system32\1976.reg
c:\windows\system32\209.reg
c:\windows\system32\288.reg
c:\windows\system32\693.reg
c:\windows\system32\85.reg
c:\windows\system32\933.reg
c:\windows\system32\938.reg
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-05 do 2011-07-05 )))))))))))))))))))))))))))))))
.
.
2011-07-05 08:41 . 2011-07-05 08:41 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{48AA28A5-85C6-49E7-A468-D1F558F207E6}\MpKsl05bd8cde.sys
2011-07-04 15:38 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{48AA28A5-85C6-49E7-A468-D1F558F207E6}\mpengine.dll
2011-07-03 11:06 . 2011-07-03 11:06 -------- dc----w- C:\pickpick2
2011-07-03 10:44 . 2011-07-03 10:44 -------- d-----w- c:\program files\uTorrent
2011-06-20 12:27 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-19 16:49 . 2011-06-19 16:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-06-19 16:44 . 2011-06-19 16:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-06-19 15:22 . 2011-06-19 15:22 -------- d-----w- c:\windows\system32\wbem\mof\good
2011-06-19 15:22 . 2011-06-19 15:22 -------- d-----w- c:\windows\system32\wbem\mof\bad
2011-06-19 13:05 . 2011-06-19 13:05 -------- dc----w- C:\rsit
2011-06-19 12:05 . 2011-06-19 19:12 -------- d-----w- c:\documents and settings\Jarmila
2011-06-19 12:04 . 2011-06-19 18:20 -------- d-----w- c:\documents and settings\Honza
2011-06-19 12:02 . 2011-06-19 17:47 -------- d-----w- c:\documents and settings\Jirka
2011-06-19 11:42 . 2011-06-30 19:31 -------- d-----w- c:\documents and settings\Marek
2011-06-19 09:50 . 2011-06-19 09:51 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-19 08:52 . 2011-06-19 18:21 -------- dc----w- C:\Kalkulace zakázek
2011-06-19 07:30 . 2011-06-19 07:35 -------- d-----w- c:\program files\totalcmd
2011-06-19 07:30 . 2010-12-17 05:56 545 ----a-w- c:\windows\UC.PIF
2011-06-19 07:30 . 2010-12-17 05:56 545 ----a-w- c:\windows\RAR.PIF
2011-06-19 07:30 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-06-19 07:30 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-06-19 07:30 . 2010-12-17 05:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-06-19 07:30 . 2010-12-17 05:56 545 ----a-w- c:\windows\LHA.PIF
2011-06-19 07:30 . 2010-12-17 05:56 545 ----a-w- c:\windows\ARJ.PIF
2011-06-19 06:50 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-07 10:35 . 2011-06-07 10:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-19 11:11 . 2008-04-24 13:43 87608 ----a-w- c:\documents and settings\Uzivatel\Data aplikací\inst.exe
2011-05-21 11:09 . 2008-11-25 14:47 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-02 15:32 . 2004-08-18 20:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 20:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2005-01-19 04:26 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2005-07-03 02:17 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2004-08-18 20:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2004-08-18 20:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-18 20:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-18 20:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SiSPower"="SiSPower.dll" [2005-08-26 49152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 10 (0xa)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.4.2008 14:12 717296]
R1 MpKsl05bd8cde;MpKsl05bd8cde;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{48AA28A5-85C6-49E7-A468-D1F558F207E6}\MpKsl05bd8cde.sys [5.7.2011 10:41 28752]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 11:28 84520]
S1 MpKsl139ec7c1;MpKsl139ec7c1;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BC08635D-B3B2-4D45-807E-139E1D9CB6DA}\MpKsl139ec7c1.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BC08635D-B3B2-4D45-807E-139E1D9CB6DA}\MpKsl139ec7c1.sys [?]
S1 MpKsl69fd32c8;MpKsl69fd32c8;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{41E753EF-5B12-4F97-B30F-FDADFFCB43D5}\MpKsl69fd32c8.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{41E753EF-5B12-4F97-B30F-FDADFFCB43D5}\MpKsl69fd32c8.sys [?]
S1 MpKslb6cf2d6a;MpKslb6cf2d6a;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{41E753EF-5B12-4F97-B30F-FDADFFCB43D5}\MpKslb6cf2d6a.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{41E753EF-5B12-4F97-B30F-FDADFFCB43D5}\MpKslb6cf2d6a.sys [?]
S1 MpKsld8103d53;MpKsld8103d53;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{48AA28A5-85C6-49E7-A468-D1F558F207E6}\MpKsld8103d53.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{48AA28A5-85C6-49E7-A468-D1F558F207E6}\MpKsld8103d53.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.6.2011 18:44 135664]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4.3.2011 20:29 36608]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [24.12.2010 21:51 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [24.12.2010 21:51 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [24.12.2010 21:51 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [24.12.2010 21:51 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [24.12.2010 21:51 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [24.12.2010 21:51 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [24.12.2010 21:51 109864]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 22:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-19 16:43]
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-19 16:43]
.
2011-07-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
2011-07-05 c:\windows\Tasks\User_Feed_Synchronization-{34E92BE3-916B-4BC6-8295-F10140971E64}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\Uzivatel\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-05 11:03
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2365915877-293542904-1637128319-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2365915877-293542904-1637128319-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d5,65,87,a0,f5,aa,71,20,59,f1,cc,19,2d,01,fe,89,15,1d,5d,e9,56,fe,dc,
e1,1c,71,9c,2a,d6,fb,69,c1,0b,da,06,31,b5,8a,be,e4,26,a8,24,9a,dc,f0,4e,ac,\
"??"=hex:a8,0a,8f,71,28,e1,48,cc,ca,21,53,87,3f,0a,02,82
.
[HKEY_USERS\S-1-5-21-2365915877-293542904-1637128319-1006\Software\SecuROM\License information*]
"datasecu"=hex:cf,4a,24,cd,f7,2f,b5,bf,76,fe,b9,c5,52,34,6b,21,df,40,1d,bc,1a,
e7,6e,8e,92,65,d9,57,d7,1a,e4,d0,e1,28,c2,2a,a4,02,f7,d6,29,c2,e1,46,8f,f3,\
"rkeysecu"=hex:c8,47,e6,a4,c9,af,ab,9a,55,ff,1e,59,15,0e,4a,0c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5180)
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\scrnsave.scr
.
**************************************************************************
.
Celkový čas: 2011-07-05 11:11:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-05 09:11
ComboFix2.txt 2011-06-19 16:03
ComboFix3.txt 2011-06-19 14:07
.
Před spuštěním: Volných bajtů: 52 215 939 072
Po spuštění: Volných bajtů: 52 337 672 192
.
- - End Of File - - 2B25A41DD54C49834D08118889DD5F37
Nahr nˇ probŘhlo ŁspŘçnŘ

#7 Příspěvek od **vyosek** » 05 črc 2011 11:57

Jak se chova PC

pupupaj · #8 Příspěvek od **pupupaj** » 05 črc 2011 12:27

Ahoj, dekuji! Pocitac nabiha uz rychle bez zabirani pameti. Ale porad tu mam pripojeno nekolik velkokapacitni zarizeni. I kdyz fyzicky zadne neni prijeno. A nejde ani odbrat pres Bezpecne odebrat hardware - pise to, ze Cinnost zarizeni Generic USB Reader Device nelze ukoncit, protoze program je stale pouziva.

#9 Příspěvek od **vyosek** » 05 črc 2011 12:42

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Preinstalujte ovladace pro USB

pupupaj · #10 Příspěvek od **pupupaj** » 06 črc 2011 09:37

Zda se, ze vse pracuje spravne a bez problemu.
Dekuju moc za pomoc (jako podekovani potrapim i svuj paypal;)).
Krasny den preji
Pupupaj

#11 Příspěvek od **vyosek** » 06 črc 2011 09:52

Nemate zac, rad jsem pomohl

Za podporu fora jmenem celeho tymu dekuji

Zase nekdy Obrázek

VIRY.CZ

Pomaly start a stale pripojeny velkokapacitni zarizeni

Pomaly start a stale pripojeny velkokapacitni zarizeni

Re: Pomaly start a stale pripojeny velkokapacitni zarizeni

Re: Pomaly start a stale pripojeny velkokapacitni zarizeni

Re: Pomaly start a stale pripojeny velkokapacitni zarizeni

Re: Pomaly start a stale pripojeny velkokapacitni zarizeni

Re: Pomaly start a stale pripojeny velkokapacitni zarizeni

Re: Pomaly start a stale pripojeny velkokapacitni zarizeni

Re: Pomaly start a stale pripojeny velkokapacitni zarizeni

Re: Pomaly start a stale pripojeny velkokapacitni zarizeni

Re: Pomaly start a stale pripojeny velkokapacitni zarizeni

Re: Pomaly start a stale pripojeny velkokapacitni zarizeni