csrss.exe zadaný v souboru WIN.INI nelze načíst nebo spustit

[Dafrigo]

Dobrý den, prosím o radu. Při spuštěni PC naběhnou win XP(legální) a 2 hlášky:
c:\docume*\user\locals*\temp\csrss.exe zadaný v souboru WIN.INI nelze načíst nebo spustit
* nahrazuje vlnovku1
PC funguje po odkliknutí hlášek normálně až na internetové prohlížeče(IE, Mozila, Chrome) jiné PC na stejném připojení ok
chrome píše cosi o proxy serveru a lan settings
ESET nic nenašel
RSIT log
Logfile of random's system information tool 1.09 (written by random/random)
Run by David at 2011-07-14 20:24:08
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (44%) free of 30 GB
Total RAM: 2046 MB (79% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-602609370-839522115-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-602609370-839522115-1004UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\08366jlx.default

prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.1.7&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller 1.0.0.1
"Path"=C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\npNxGameeu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=D:\Programy\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\08366jlx.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\08366jlx.default\searchplugins\
icqplugin-1.xml
icqplugin-2.xml
icqplugin.gif
icqplugin.src
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-01-05 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"=C:\WINDOWS\OEM02Mon.exe [2007-02-02 36864]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-05-06 405504]
"Adobe Reader Speed Launcher"=D:\Programy\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2011-01-07 111208]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-01-07 13880424]
"NVHotkey"=nvHotkey.dll,Start []
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-11-04 1753192]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2219184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-05-31 136176]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Programy\ICQ6.5\ICQ.exe"="D:\Programy\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Programy\BitComet\BitComet.exe"="D:\Programy\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"D:\Programy\BitLord2\BitLord.exe"="D:\Programy\BitLord2\BitLord.exe:*:Enabled:Bitlord2"
"D:\Hry\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe"="D:\Hry\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:*:Enabled:SWRepublicCommando"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Hry\Pro Evolution Soccer 5\PES5.exe"="C:\Hry\Pro Evolution Soccer 5\PES5.exe:*:Enabled:pes5.exe"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\magic\Microprose MTG Mok's Manalink 2.0 Version\Magic\Program\Manalink.exe"="C:\magic\Microprose MTG Mok's Manalink 2.0 Version\Magic\Program\Manalink.exe:*:Enabled:manalink"
"C:\Documents and Settings\David\Plocha\Microprose_MTG_Mok_'s_Manalink_2.0_Version\Microprose MTG Mok's Manalink 2.0 Version\Magic\Program\Manalink.exe"="C:\Documents and Settings\David\Plocha\Microprose_MTG_Mok_'s_Manalink_2.0_Version\Microprose MTG Mok's Manalink 2.0 Version\Magic\Program\Manalink.exe:*:Enabled:manalink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-07-14 20:24:09 ----D---- C:\Program Files\trend micro
2011-07-14 20:24:08 ----D---- C:\rsit
2011-07-14 19:05:37 ----D---- C:\Program Files\ESET
2011-07-14 19:05:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2011-07-14 17:45:40 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2011-07-14 07:17:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-14 07:17:10 ----A---- C:\WINDOWS\system32\MRT.INI
2011-07-14 07:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-06 09:55:36 ----N---- C:\Documents and Settings\David\Data aplikací\dwmu.exe
2011-07-02 07:11:37 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2011-07-02 07:10:24 ----D---- C:\Documents and Settings\David\Data aplikací\Telefónica Móviles
2011-06-30 07:24:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
2011-06-28 20:56:03 ----D---- C:\Program Files\VS Revo Group
2011-06-28 20:39:26 ----D---- C:\Program Files\CCleaner
2011-06-25 23:03:11 ----D---- C:\Documents and Settings\David\Data aplikací\runic games
2011-06-25 15:40:07 ----A---- C:\WINDOWS\system32\drivers\dtsoftbus01.sys
2011-06-25 15:39:57 ----D---- C:\Program Files\DAEMON Tools Lite
2011-06-25 15:39:16 ----D---- C:\Documents and Settings\David\Data aplikací\DAEMON Tools Lite
2011-06-25 15:39:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2011-06-25 10:30:37 ----D---- C:\Documents and Settings\David\Data aplikací\Unity
2011-06-17 07:42:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2011-06-17 07:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2503665$
2011-06-17 07:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2011-06-17 07:42:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276$
2011-06-17 07:42:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893$

======List of files/folders modified in the last 1 month======

2011-07-14 20:24:09 ----RD---- C:\Program Files
2011-07-14 20:23:43 ----D---- C:\WINDOWS\Temp
2011-07-14 20:11:37 ----D---- C:\WINDOWS
2011-07-14 20:10:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-14 19:26:33 ----D---- C:\Documents and Settings
2011-07-14 19:06:22 ----SHD---- C:\WINDOWS\Installer
2011-07-14 19:06:12 ----HD---- C:\WINDOWS\inf
2011-07-14 19:06:12 ----D---- C:\WINDOWS\system32\drivers
2011-07-14 19:06:08 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-14 18:23:04 ----D---- C:\WINDOWS\network diagnostic
2011-07-14 18:11:18 ----D---- C:\WINDOWS\Debug
2011-07-14 17:37:00 ----D---- C:\Program Files\Mozilla Firefox
2011-07-14 17:34:24 ----D---- C:\WINDOWS\system32
2011-07-14 17:34:17 ----D---- C:\WINDOWS\Prefetch
2011-07-14 17:32:33 ----SD---- C:\Documents and Settings\David\Data aplikací\Microsoft
2011-07-14 07:17:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-14 07:14:10 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-13 19:35:38 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-06 20:39:40 ----D---- C:\Documents and Settings\David\Data aplikací\vlc
2011-07-06 11:38:33 ----D---- C:\Documents and Settings\David\Data aplikací\ICQ
2011-06-28 21:02:38 ----D---- C:\Program Files\Internet Explorer
2011-06-28 20:46:34 ----D---- C:\WINDOWS\Minidump
2011-06-28 20:46:34 ----D---- C:\WINDOWS\Logs
2011-06-26 14:00:58 ----D---- C:\WINDOWS\WinSxS
2011-06-21 07:33:36 ----RSD---- C:\WINDOWS\assembly
2011-06-21 07:33:12 ----D---- C:\WINDOWS\Microsoft.NET
2011-06-21 07:19:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-17 10:35:01 ----D---- C:\WINDOWS\system32\cs-cz
2011-06-17 10:34:52 ----D---- C:\WINDOWS\system32\CatRoot
2011-06-17 07:40:30 ----D---- C:\WINDOWS\SxsCaPendDel

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-25 721904]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-06-25 218688]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-12-21 94872]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-12-21 141264]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
R3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-11-02 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-11-02 209152]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-01-08 9888672]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-03-20 234496]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-06 1222840]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-11-02 730112]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S3 an0btn2u;an0btn2u; C:\WINDOWS\system32\drivers\an0btn2u.sys []
S3 Bridge;Most MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2011-01-04 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2011-01-04 25512]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys []
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2011-01-07 156776]
R2 nvUpdService;NVIDIA Update Service; C:\Documents and Settings\David\Local Settings\Data aplikací\NVIDIA Corporation\Update\daemonupd.exe [2011-07-06 19968]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-13 135664]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-13 135664]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Zdravím!
Csrss v tomto adresáři není legitimní. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Dafrigo]

ComboFix 11-07-14.05 - David 14.07.2011 22:13:04.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1462 [GMT 2:00]
Spuštěný z: c:\documents and settings\David\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\David\Data aplikací\dwmu.exe
c:\documents and settings\David\Data aplikací\Microsoft\conhostu.exe
c:\documents and settings\David\WINDOWS
c:\windows\system32\_000005_.tmp.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVUPDSERVICE
-------\Service_nvUpdService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-14 do 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-14 18:24 . 2011-07-14 18:24 -------- d-----w- c:\program files\trend micro
2011-07-14 18:24 . 2011-07-14 18:24 -------- d-----w- C:\rsit
2011-07-14 18:06 . 2011-07-14 18:06 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\ESET
2011-07-14 17:05 . 2011-07-14 17:05 -------- d-----w- c:\program files\ESET
2011-07-14 17:05 . 2011-07-14 17:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-07-06 14:53 . 2011-07-06 14:53 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\NVIDIA Corporation
2011-07-02 05:10 . 2011-07-02 05:10 -------- d-----w- c:\documents and settings\David\Data aplikací\Telefónica Móviles
2011-06-28 18:56 . 2011-06-28 18:56 -------- d-----w- c:\program files\VS Revo Group
2011-06-28 18:39 . 2011-06-28 18:39 -------- d-----w- c:\program files\CCleaner
2011-06-25 21:03 . 2011-06-25 21:03 -------- d-----w- c:\documents and settings\David\Data aplikací\runic games
2011-06-25 13:40 . 2011-06-25 13:40 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-25 13:39 . 2011-06-25 13:40 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-06-25 13:39 . 2011-06-28 18:46 -------- d-----w- c:\documents and settings\David\Data aplikací\DAEMON Tools Lite
2011-06-25 13:39 . 2011-06-25 14:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2011-06-25 08:30 . 2011-06-25 08:30 -------- d-----w- c:\documents and settings\David\Data aplikací\Unity
2011-06-25 08:13 . 2011-06-28 18:58 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\Unity
2011-06-16 06:03 . 2011-04-30 08:50 766464 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\SETCA.tmp
2011-06-16 06:03 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2009-11-09 12:46 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-03-02 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 15:45 . 2011-04-25 15:45 832512 ----a-w- c:\windows\system32\SETCE.tmp
2011-04-25 15:45 . 2011-04-25 15:45 478208 ----a-w- c:\windows\system32\SETD6.tmp
2011-04-25 15:45 . 2011-04-25 15:45 44544 ----a-w- c:\windows\system32\SETD2.tmp
2011-04-25 15:45 . 2011-04-25 15:45 3608576 ----a-w- c:\windows\system32\SETD7.tmp
2011-04-25 15:45 . 2011-04-25 15:45 233472 ----a-w- c:\windows\system32\SETCF.tmp
2011-04-25 15:45 . 2011-04-25 15:45 1168896 ----a-w- c:\windows\system32\SETD0.tmp
2011-04-25 15:45 . 2011-04-25 15:45 105984 ----a-w- c:\windows\system32\SETD1.tmp
2011-04-25 15:45 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:45 . 2011-04-25 15:45 52224 ----a-w- c:\windows\system32\SETD8.tmp
2011-04-25 15:45 . 2011-04-25 15:45 468480 ----a-w- c:\windows\system32\SETD9.tmp
2011-04-25 15:45 . 2006-03-02 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:45 . 2011-04-25 15:45 6076416 ----a-w- c:\windows\system32\SETE0.tmp
2011-04-25 15:45 . 2011-04-25 15:45 268288 ----a-w- c:\windows\system32\SETDC.tmp
2011-04-25 15:45 . 2011-04-25 15:45 192512 ----a-w- c:\windows\system32\SETDE.tmp
2011-04-25 15:45 . 2011-04-25 15:45 63488 ----a-w- c:\windows\system32\SETE7.tmp
2011-04-25 15:45 . 2011-04-25 15:45 380928 ----a-w- c:\windows\system32\SETE2.tmp
2011-04-25 15:45 . 2011-04-25 15:45 347136 ----a-w- c:\windows\system32\SETE9.tmp
2011-04-25 15:45 . 2011-04-25 15:45 214528 ----a-w- c:\windows\system32\SETE8.tmp
2011-04-25 15:45 . 2011-04-25 15:45 124928 ----a-w- c:\windows\system32\SETEB.tmp
2011-04-25 15:45 . 2011-02-16 17:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:45 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2006-03-02 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-03-02 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-19 16:47 . 2011-04-19 16:47 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-19 16:47 . 2011-04-19 16:47 110592 ----a-w- c:\windows\system32\OpenAL32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-02-02 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2007-05-06 405504]
"Adobe Reader Speed Launcher"="d:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"NVHotkey"="nvHotkey.dll" [2011-01-07 178792]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Hry\\Pro Evolution Soccer 5\\PES5.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20064:TCP"= 20064:TCP:BitComet 20064 TCP
"20064:UDP"= 20064:UDP:BitComet 20064 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.12.2009 17:43 721904]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [25.6.2011 15:40 218688]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.12.2009 23:13 135664]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4.1.2011 18:37 13224]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.12.2009 23:13 135664]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys --> c:\windows\system32\DRIVERS\ewdcsc.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-13 21:13]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-13 21:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = http=127.0.0.1:64202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: Interfaces\{A9693730-ADCC-4187-AE7F-0C7E9D10D017}: NameServer = 212.80.88.2,212.80.88.3
FF - ProfilePath - c:\documents and settings\David\Data aplikací\Mozilla\Firefox\Profiles\08366jlx.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-14 22:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-602609370-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:f1,a0,65,7f,aa,e1,8c,ea,9f,f0,28,f5,76,27,ed,d3,04,b7,29,6a,f6,
25,d8,2f,8e,95,b0,db,bf,95,1e,c2,67,8e,9b,c5,6e,d9,24,29,a4,8e,1c,0f,ee,42,\
"rkeysecu"=hex:b2,ce,31,15,b2,ac,40,2e,d7,2e,22,89,fe,50,38,18
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(560)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\stsystra.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Celkový čas: 2011-07-14 22:22:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-14 20:22
.
Před spuštěním: Volných bajtů: 13 965 381 632
Po spuštění: Volných bajtů: 14 140 862 464
.
Current=5 Default=5 Failed=4 LastKnownGood=2 Sets=1,2,3,4,5
- - End Of File - - A01F5EB15F5FE894E4381C72D6DB0554

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\SETCE.tmp
c:\windows\system32\SETD6.tmp
c:\windows\system32\SETD2.tmp
c:\windows\system32\SETD7.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETD0.tmp
c:\windows\system32\SETD1.tmp
c:\windows\system32\SETD8.tmp
c:\windows\system32\SETD9.tmp
c:\windows\system32\SETE0.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\SETDE.tmp
c:\windows\system32\SETE7.tmp
c:\windows\system32\SETE2.tmp
c:\windows\system32\SETE9.tmp
c:\windows\system32\SETE8.tmp
c:\windows\system32\SETEB.tmp

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Dafrigo]

ComboFix 11-07-14.05 - David 15.07.2011 6:45.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1478 [GMT 2:00]
Spuštěný z: c:\documents and settings\David\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\David\Plocha\CFScript.txt.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
file zipped: c:\windows\system32\SETCE.tmp
file zipped: c:\windows\system32\SETCF.tmp
file zipped: c:\windows\system32\SETD0.tmp
file zipped: c:\windows\system32\SETD1.tmp
file zipped: c:\windows\system32\SETD2.tmp
file zipped: c:\windows\system32\SETD6.tmp
file zipped: c:\windows\system32\SETD7.tmp
file zipped: c:\windows\system32\SETD8.tmp
file zipped: c:\windows\system32\SETD9.tmp
file zipped: c:\windows\system32\SETDC.tmp
file zipped: c:\windows\system32\SETDE.tmp
file zipped: c:\windows\system32\SETE0.tmp
file zipped: c:\windows\system32\SETE2.tmp
file zipped: c:\windows\system32\SETE7.tmp
file zipped: c:\windows\system32\SETE8.tmp
file zipped: c:\windows\system32\SETE9.tmp
file zipped: c:\windows\system32\SETEB.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SETCE.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETD0.tmp
c:\windows\system32\SETD1.tmp
c:\windows\system32\SETD2.tmp
c:\windows\system32\SETD6.tmp
c:\windows\system32\SETD7.tmp
c:\windows\system32\SETD8.tmp
c:\windows\system32\SETD9.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\SETDE.tmp
c:\windows\system32\SETE0.tmp
c:\windows\system32\SETE2.tmp
c:\windows\system32\SETE7.tmp
c:\windows\system32\SETE8.tmp
c:\windows\system32\SETE9.tmp
c:\windows\system32\SETEB.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-15 do 2011-07-15 )))))))))))))))))))))))))))))))
.
.
2011-07-14 18:24 . 2011-07-14 18:24 -------- d-----w- c:\program files\trend micro
2011-07-14 18:24 . 2011-07-14 18:24 -------- d-----w- C:\rsit
2011-07-14 18:06 . 2011-07-14 18:06 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\ESET
2011-07-14 17:05 . 2011-07-14 17:05 -------- d-----w- c:\program files\ESET
2011-07-14 17:05 . 2011-07-14 17:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-07-06 14:53 . 2011-07-06 14:53 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\NVIDIA Corporation
2011-07-02 05:10 . 2011-07-02 05:10 -------- d-----w- c:\documents and settings\David\Data aplikací\Telefónica Móviles
2011-06-28 18:56 . 2011-06-28 18:56 -------- d-----w- c:\program files\VS Revo Group
2011-06-28 18:39 . 2011-06-28 18:39 -------- d-----w- c:\program files\CCleaner
2011-06-25 21:03 . 2011-06-25 21:03 -------- d-----w- c:\documents and settings\David\Data aplikací\runic games
2011-06-25 13:40 . 2011-06-25 13:40 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-25 13:39 . 2011-06-25 13:40 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-06-25 13:39 . 2011-06-28 18:46 -------- d-----w- c:\documents and settings\David\Data aplikací\DAEMON Tools Lite
2011-06-25 13:39 . 2011-06-25 14:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2011-06-25 08:30 . 2011-06-25 08:30 -------- d-----w- c:\documents and settings\David\Data aplikací\Unity
2011-06-25 08:13 . 2011-06-28 18:58 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\Unity
2011-06-16 06:03 . 2011-04-30 08:50 766464 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\SETCA.tmp
2011-06-16 06:03 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2009-11-09 12:46 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-03-02 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 15:45 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:45 . 2006-03-02 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:45 . 2011-02-16 17:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:45 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2006-03-02 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-03-02 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-19 16:47 . 2011-04-19 16:47 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-19 16:47 . 2011-04-19 16:47 110592 ----a-w- c:\windows\system32\OpenAL32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-14_20.18.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-15 04:51 . 2011-07-15 04:51 16384 c:\windows\Temp\Perflib_Perfdata_7d0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-02-02 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2007-05-06 405504]
"Adobe Reader Speed Launcher"="d:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"NVHotkey"="nvHotkey.dll" [2011-01-07 178792]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Hry\\Pro Evolution Soccer 5\\PES5.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20064:TCP"= 20064:TCP:BitComet 20064 TCP
"20064:UDP"= 20064:UDP:BitComet 20064 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.12.2009 17:43 721904]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [25.6.2011 15:40 218688]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.12.2009 23:13 135664]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4.1.2011 18:37 13224]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.12.2009 23:13 135664]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys --> c:\windows\system32\DRIVERS\ewdcsc.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-13 21:13]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-13 21:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = http=127.0.0.1:64202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A9693730-ADCC-4187-AE7F-0C7E9D10D017}: NameServer = 212.80.88.2,212.80.88.3
FF - ProfilePath - c:\documents and settings\David\Data aplikací\Mozilla\Firefox\Profiles\08366jlx.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-15 06:58
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-602609370-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:f1,a0,65,7f,aa,e1,8c,ea,9f,f0,28,f5,76,27,ed,d3,04,b7,29,6a,f6,
25,d8,2f,8e,95,b0,db,bf,95,1e,c2,67,8e,9b,c5,6e,d9,24,29,a4,8e,1c,0f,ee,42,\
"rkeysecu"=hex:b2,ce,31,15,b2,ac,40,2e,d7,2e,22,89,fe,50,38,18
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2140)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\stsystra.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Celkový čas: 2011-07-15 07:01:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-15 05:01
ComboFix2.txt 2011-07-14 20:22
.
Před spuštěním: Volných bajtů: 14 140 870 656
Po spuštění: Volných bajtů: 14 123 040 768
.
Current=5 Default=5 Failed=4 LastKnownGood=2 Sets=1,2,3,4,5
- - End Of File - - 71DB9FD79939A35CBED30AC43FD06366

[Rudy]

Smazáno, log již vypadá čistý. Nastala nějaká změna?

[Dafrigo]

Vše funguje tak, jak má. Alespoň na první pohled Díky moc za pomoc!!!

[Rudy]

Rádo se stalo!