nevim si rady

Zpráva

dexxameter · #1 Příspěvek od **dexxameter** » 24 říj 2011 16:46

dobrý den prosim o radu počítač je zpomalený a internet se pomalu otevira a stahovani stoji za prd nevim co s tim predem dekuji a omlouvam se jestly je to zde spatne vlozene diky a naschledanou

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:01:49, on 15.10.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\FSAUA\program\fsus.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\windows\system32\RunDLL32.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\explorer.exe
C:\windows\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [4StoryPrePatch] C:\Program Files\Gameforge4D\4Story\PrePatch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-21-725345543-1647877149-2147082517-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-725345543-1647877149-2147082517-1006\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\navigace nepotrebny\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\navigace nepotrebny\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\navigace nepotrebny\INetRepl.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - http://profile.ak.fbcdn.net/hprofile-ak ... _718_q.jpg

--
End of file - 12624 bytes

#2 Příspěvek od **Rudy** » 24 říj 2011 17:48

Zdravím!
Poprosím o log RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 . Je podrobnější, než HijackThis.

dexxameter · #3 Příspěvek od **dexxameter** » 25 říj 2011 19:07

dobrý den tedy zkus te to prosim snad mam ten zpravny log pro vas predem dekuji za odbornou pomoc a naschledanou

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tomas at 2011-10-25 20:05:00
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 45 GB (45%) free of 101 GB
Total RAM: 3070 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:05:05, on 25.10.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\program files\real\realplayer\update\realsched.exe
C:\windows\system32\RunDLL32.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\FSAUA\program\fsus.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\windows\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Tomas\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\Trend Micro\HiJackThis\Tomas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [4StoryPrePatch] C:\Program Files\Gameforge4D\4Story\PrePatch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-21-725345543-1647877149-2147082517-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-725345543-1647877149-2147082517-1006\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\navigace nepotrebny\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\navigace nepotrebny\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\navigace nepotrebny\INetRepl.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - http://profile.ak.fbcdn.net/hprofile-ak ... _718_q.jpg

--
End of file - 12698 bytes

======Scheduled tasks folder======

C:\windows\tasks\AppleSoftwareUpdate.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1647877149-2147082517-1003.job
C:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1647877149-2147082517-1003.job
C:\windows\tasks\Scheduled scanning task.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\6ab1dqn5.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "centrum.cz"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3, {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.4, jqs@sun.com:1.0, cs@dictionaries.addons.mozilla.org:1.0.2, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.23"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=C:\Program Files\Crawler\firefox\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647]
"Description"=12.0.1.647
"Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc;version=0.8.6i]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsjsrealplayerplugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
crawlersrch.bak
crawlersrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\6ab1dqn5.default\extensions\
cs@dictionaries.addons.mozilla.org
{20a82645-c095-46ed-80e3-08825760534b}

C:\Documents and Settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\6ab1dqn5.default\searchplugins\
hledejcenycz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
&Crawler Toolbar Helper - C:\PROGRA~1\Crawler\ctbr.dll [2011-03-12 1232520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-05-21 386776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-01-05 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431}
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2011-03-12 1232520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2007-08-31 988584]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-07 167936]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"F-Secure Manager"=C:\Program Files\F-Secure\Common\FSM32.EXE [2008-12-04 182936]
"F-Secure TNB"=C:\Program Files\F-Secure\FSGUI\TNBUtil.exe [2008-12-04 957024]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"ClamWin"=C:\Program Files\ClamWin\bin\ClamTray.exe [2011-07-30 86016]
"4StoryPrePatch"=C:\Program Files\Gameforge4D\4Story\PrePatch.exe [2010-10-20 319488]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"TkBellExe"=C:\program files\real\realplayer\update\realsched.exe [2011-05-21 273544]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2011-08-03 13892200]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2011-07-05 1632360]
"KernelFaultCheck"=C:\windows\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector []
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"WEBTRAN"= []
"OEXPRESS"= []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17351304]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt]
crypts.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\windows\system32\sessmgr.exe"="C:\windows\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Disney Interactive Studios\Pure\Pure.exe"="C:\Program Files\Disney Interactive Studios\Pure\Pure.exe:*:Enabled:Pure"
"C:\Documents and Settings\Tomas\Dokumenty\DC++\StrongDC.exe"="C:\Documents and Settings\Tomas\Dokumenty\DC++\StrongDC.exe:*:Enabled:StrongDC++"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Steam\steamapps\common\left 4 dead\srcds.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead\srcds.exe:*:Enabled:srcds"
"C:\Program Files\Nero\Nero 7\Core\nero.exe"="C:\Program Files\Nero\Nero 7\Core\nero.exe:*:Enabled:Nero Burning ROM"
"C:\Hry\UrbanTerror\ioUrbanTerror.exe"="C:\Hry\UrbanTerror\ioUrbanTerror.exe:*:Enabled:ioUrbanTerror"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe"="C:\Program Files\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe"="C:\Program Files\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe"="C:\Program Files\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Star Wars Empire at War\GameData\fpupdate.exe"="C:\Program Files\Star Wars Empire at War\GameData\fpupdate.exe:*:Enabled:fpupdate"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pro Evolution Soccer 2010\pes2010.exe"="C:\Program Files\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Worms\wf.exe"="C:\Program Files\Worms\wf.exe:*:Enabled:wf"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:googleearth.exe"
"C:\Program Files\navigace nepotrebny\wcescomm.exe"="C:\Program Files\navigace nepotrebny\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe"="C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\NFS11.exe"="C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application"
"C:\Program Files\Battle Los Angeles\bin\BattleLA.exe"="C:\Program Files\Battle Los Angeles\bin\BattleLA.exe:*:Enabled:BattleLA"
"C:\Program Files\Atari\TDU2\UpLauncher.exe"="C:\Program Files\Atari\TDU2\UpLauncher.exe:*:Enabled:UpLauncher"
"C:\Program Files\Atari\TDU2\_UpLauncher.exe"="C:\Program Files\Atari\TDU2\_UpLauncher.exe:*:Enabled:UpLauncher"
"C:\Program Files\Atari\TDU2\TestDrive2.exe"="C:\Program Files\Atari\TDU2\TestDrive2.exe:*:Enabled:Test Drive Unlimited 2"
"C:\Program Files\Need for Speed(TM) Hot Pursuit\Launcher.exe"="C:\Program Files\Need for Speed(TM) Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"C:\Program Files\Need for Speed(TM) Hot Pursuit\NFS11.exe"="C:\Program Files\Need for Speed(TM) Hot Pursuit\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe"="C:\Program Files\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe:*:Enabled:Might & Magic Heroes VI"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"msacm.iac2"=C:\windows\system32\iac25_32.ax
"VIDC.IYUV"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"msacm.msaudio1"=msaud32.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.sl_anet"=sl_anet.acm
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codeca.acm
"MSACM.CEGSM"=mobilev.acm

======List of files/folders created in the last 1 month======

2011-10-25 20:05:00 ----D---- C:\rsit
2011-10-19 17:22:45 ----D---- C:\Ubisoft Game Launcher
2011-10-19 17:22:41 ----D---- C:\Documents and Settings\Tomas\Data aplikací\Might & Magic Heroes VI
2011-10-19 16:03:03 ----D---- C:\Program Files\Ubisoft
2011-10-15 22:59:15 ----D---- C:\Program Files\Trend Micro
2011-10-15 18:14:21 ----D---- C:\Documents and Settings\Tomas\Data aplikací\NVIDIA
2011-10-02 12:15:56 ----A---- C:\windows\system32\mkl_vml_p4.dll
2011-10-02 12:15:56 ----A---- C:\windows\system32\mkl_vml_p3.dll
2011-10-02 12:15:55 ----A---- C:\windows\system32\mkl_vml_def.dll
2011-10-02 12:15:55 ----A---- C:\windows\system32\mkl_p4.dll
2011-10-02 12:15:55 ----A---- C:\windows\system32\mkl_p3.dll
2011-10-02 12:15:54 ----A---- C:\windows\system32\mkl_lapack64.dll
2011-10-02 12:15:54 ----A---- C:\windows\system32\mkl_lapack32.dll
2011-10-02 12:15:53 ----A---- C:\windows\system32\rapture3d_oal.dll
2011-10-02 12:15:53 ----A---- C:\windows\system32\mkl_def.dll
2011-10-02 12:15:53 ----A---- C:\windows\system32\libguide40.dll
2011-10-02 12:15:51 ----D---- C:\Program Files\BRS

======List of files/folders modified in the last 1 month======

2011-10-25 20:05:04 ----D---- C:\windows\temp
2011-10-25 20:00:00 ----D---- C:\windows\system32\CatRoot2
2011-10-25 19:58:06 ----A---- C:\windows\SchedLgU.Txt
2011-10-25 19:26:10 ----D---- C:\Documents and Settings\Tomas\Data aplikací\Skype
2011-10-25 19:12:01 ----D---- C:\windows\Prefetch
2011-10-25 19:07:31 ----SHD---- C:\windows\Installer
2011-10-25 17:50:51 ----SD---- C:\windows\Tasks
2011-10-25 17:50:50 ----D---- C:\Program Files\Crawler
2011-10-25 17:12:11 ----D---- C:\Program Files\F-Secure
2011-10-23 21:09:59 ----A---- C:\windows\NeroDigital.ini
2011-10-21 21:00:31 ----A---- C:\windows\winamp.ini
2011-10-20 07:53:35 ----D---- C:\WINDOWS
2011-10-19 16:17:57 ----D---- C:\windows\system32\DirectX
2011-10-19 16:17:43 ----HD---- C:\windows\inf
2011-10-19 16:10:02 ----RSD---- C:\windows\assembly
2011-10-19 16:08:22 ----SHD---- C:\Config.Msi
2011-10-19 16:08:21 ----D---- C:\windows\WinSxS
2011-10-19 16:03:03 ----D---- C:\Program Files
2011-10-19 16:03:01 ----HD---- C:\Program Files\InstallShield Installation Information
2011-10-18 22:17:13 ----D---- C:\windows\system32
2011-10-15 23:25:11 ----A---- C:\windows\avp.ini
2011-10-14 16:56:33 ----D---- C:\Program Files\Winamp
2011-10-14 16:21:51 ----D---- C:\windows\Minidump
2011-10-14 08:01:10 ----RD---- C:\Program Files\Skype
2011-10-02 12:18:42 ----D---- C:\windows\system32\drivers
2011-10-02 12:18:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Codemasters
2011-10-02 12:14:29 ----A---- C:\windows\system32\wrap_oal.dll
2011-10-02 12:14:28 ----A---- C:\windows\system32\OpenAL32.dll
2011-09-30 14:04:02 ----D---- C:\Program Files\Mozilla Firefox
2011-09-26 18:50:34 ----D---- C:\Documents and Settings\Tomas\Data aplikací\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidMgr;Bluetooth HID Manager Service; C:\windows\System32\Drivers\BTHidMgr.sys [2005-04-30 28271]
R0 fsbts;fsbts; C:\windows\system32\Drivers\fsbts.sys [2011-08-17 42672]
R0 FSFW;F-Secure Firewall Driver; C:\windows\System32\drivers\fsdfw.sys [2008-12-04 79872]
R0 mv61xx;mv61xx; C:\windows\system32\DRIVERS\mv61xx.sys [2007-06-15 143256]
R0 nvgts;nvgts; C:\windows\system32\DRIVERS\nvgts.sys [2007-08-09 102400]
R0 nvrd32;NVIDIA nForce RAID Driver; C:\windows\system32\DRIVERS\nvrd32.sys [2007-08-09 124928]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\windows\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\windows\system32\DRIVERS\PxHelp20.sys [2008-08-01 43872]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2008-11-26 717296]
R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys []
R1 intelppm;Řadič procesoru Intel; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SCDEmu;SCDEmu; C:\windows\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R2 atksgt;atksgt; C:\windows\system32\DRIVERS\atksgt.sys [2008-09-28 279712]
R2 lirsgt;lirsgt; C:\windows\system32\DRIVERS\lirsgt.sys [2008-09-28 25888]
R3 ADIDTSFiltService;ADI DTS Filter Service; C:\windows\system32\drivers\adidts.sys [2006-12-08 139776]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\windows\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 axvdkbus;axvdkbus; C:\windows\system32\DRIVERS\axvdkbus.sys [2003-02-25 8672]
R3 axvodka;axvodka; C:\windows\system32\DRIVERS\axvodka.sys [2003-02-27 102272]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 Iviaspi;IVI ASPI Shell; C:\windows\system32\drivers\iviaspi.sys [2005-07-26 10368]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2011-08-03 12542592]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\windows\system32\DRIVERS\NVENETFD.sys [2007-10-12 54144]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\windows\system32\DRIVERS\nvnetbus.sys [2007-10-12 22016]
R3 Pcouffin;Low level access layer for CD devices; C:\windows\System32\Drivers\Pcouffin.sys [2008-04-29 47360]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\windows\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmFilter;Logitech WingMan HID Filter Driver; C:\windows\system32\drivers\WmFilter.sys [2004-04-14 21280]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\windows\system32\drivers\WmXlCore.sys [2004-04-14 44064]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 SpyEmrg;Spy Emergency Driver; C:\windows\System32\Drivers\spyemrg.sys []
S3 a18zozg4;a18zozg4; C:\windows\system32\drivers\a18zozg4.sys []
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:\windows\system32\DRIVERS\Amps2prt.sys [2006-05-09 13824]
S3 Arp1394;Protokol 1394 ARP Client; C:\windows\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 BlueletAudio;Bluetooth Audio Service; C:\windows\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
S3 BT;Bluetooth PAN Network Adapter; C:\windows\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\windows\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\windows\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
S3 Cam3820;Cam3820 PC Camera Driver; C:\windows\System32\Drivers\cam3820a.sys [2009-01-10 300544]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 EagleXNt;EagleXNt; \??\C:\windows\system32\drivers\EagleXNt.sys []
S3 ENTECH;ENTECH; \??\C:\windows\system32\DRIVERS\ENTECH.sys []
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\windows\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\windows\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\windows\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\windows\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 mouhid;Ovladač myši standardu HID; C:\windows\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\windows\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\windows\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 SE26bus;Sony Ericsson Device 038 Driver driver (WDM); C:\windows\system32\DRIVERS\SE26bus.sys [2006-05-01 61600]
S3 SE26mdfl;Sony Ericsson Device 038 USB WMC Modem Filter; C:\windows\system32\DRIVERS\SE26mdfl.sys [2006-05-01 9360]
S3 SE26mdm;Sony Ericsson Device 038 USB WMC Modem Driver; C:\windows\system32\DRIVERS\SE26mdm.sys [2006-05-01 97184]
S3 SE26mgmt;Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM); C:\windows\system32\DRIVERS\SE26mgmt.sys [2006-05-01 88688]
S3 se26nd5;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS); C:\windows\system32\DRIVERS\se26nd5.sys [2006-05-01 18704]
S3 SE26obex;Sony Ericsson Device 038 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\SE26obex.sys [2006-05-01 86560]
S3 se26unic;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM); C:\windows\system32\DRIVERS\se26unic.sys [2006-05-01 90768]
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\windows\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 VComm;Virtual Serial port driver; C:\windows\system32\DRIVERS\VComm.sys [2004-10-19 61312]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\windows\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\windows\system32\drivers\WmVirHid.sys [2004-04-14 5600]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\windows\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe [2010-01-20 215648]
R2 FSMA;F-Secure Management Agent; C:\Program Files\F-Secure\Common\FSMA32.EXE [2008-12-04 117400]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 NVSvc;NVIDIA Driver Helper Service; C:\windows\system32\nvsvc32.exe [2011-08-03 146024]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R2 PnkBstrA;PnkBstrA; C:\windows\system32\PnkBstrA.exe [2008-11-11 66872]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\F-Secure\FSAUA\program\fsaua.exe [2008-12-04 490080]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe [2008-12-04 510560]
R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\F-Secure\ORSP Client\fsorsp.exe [2008-12-04 55904]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-10 136176]
S2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe []
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-10 136176]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

#4 Příspěvek od **Rudy** » 25 říj 2011 20:47

Jj. Je to ten správný. Teď poprosím o log z comboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

dexxameter · #5 Příspěvek od **dexxameter** » 26 říj 2011 18:07

tak snad už by to mělo býti v pořádku tady posílám log pro zkontrolování a předem děkuji protože sám si nevím rady a vy jste fakt machři díky za zkontrolování a popřípadě radu na závěr naschledanou a pěkný den

.

ComboFix 11-10-26.06 - Tomas 26.10.2011 18:58:40.2.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2192 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomas\Plocha\ComboFix.exe
AV: F-Secure Profi Antivirus 8.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Profi Antivirus 8.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Tomas\DokumentyDyD3W4_cfdg.exe
c:\documents and settings\Tomas\DokumentyGed2Wk_cfdg.exe
c:\documents and settings\Tomas\DokumentyJya8K7_cfdg.exe
c:\documents and settings\Tomas\DokumentyPlS3G0_cfdg.exe
c:\windows\ehome\medctrro.exe
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-26 do 2011-10-26 )))))))))))))))))))))))))))))))
.
.
2011-10-25 18:05 . 2011-10-25 18:05 -------- d-----w- C:\rsit
2011-10-19 15:22 . 2011-10-19 15:24 -------- d-----w- C:\Ubisoft Game Launcher
2011-10-19 15:22 . 2011-10-19 15:52 -------- d-----w- c:\documents and settings\Tomas\Data aplikací\Might & Magic Heroes VI
2011-10-19 14:03 . 2011-10-19 14:07 -------- d-----w- c:\program files\Ubisoft
2011-10-16 17:06 . 2011-10-16 17:06 -------- d-----w- c:\documents and settings\Tomas\Local Settings\Data aplikací\Ubisoft Game Launcher
2011-10-15 20:59 . 2011-10-15 20:59 388096 ----a-r- c:\documents and settings\Tomas\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-15 20:59 . 2011-10-15 20:59 -------- d-----w- c:\program files\Trend Micro
2011-10-15 16:14 . 2011-10-15 16:14 -------- d-----w- c:\documents and settings\Tomas\Data aplikací\NVIDIA
2011-10-10 09:09 . 2011-10-10 09:09 4550304 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-10-02 10:15 . 2009-07-13 17:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2011-10-02 10:15 . 2009-07-13 17:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2011-10-02 10:15 . 2009-07-13 17:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2011-10-02 10:15 . 2009-07-13 17:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2011-10-02 10:15 . 2009-07-13 17:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2011-10-02 10:15 . 2009-07-13 17:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2011-10-02 10:15 . 2009-07-13 17:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2011-10-02 10:15 . 2009-10-16 09:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2011-10-02 10:15 . 2009-07-13 17:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2011-10-02 10:15 . 2009-07-13 17:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2011-10-02 10:15 . 2011-10-02 10:15 -------- d-----w- c:\program files\BRS
2011-09-28 17:49 . 2011-09-30 12:03 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-09-28 17:49 . 2011-09-30 12:03 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-09-28 17:49 . 2011-09-30 12:03 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-09-28 17:49 . 2011-09-30 12:03 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-09-28 17:49 . 2011-09-30 12:03 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-09-28 17:49 . 2011-09-30 12:03 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-09-28 17:49 . 2011-09-23 01:15 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-09-28 17:49 . 2011-09-23 01:15 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-02 10:14 . 2008-10-15 17:11 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-10-02 10:14 . 2008-10-15 17:11 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-25 06:38 . 2011-05-25 13:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 09:56 . 2009-06-15 13:37 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-08-03 11:49 . 2011-09-19 17:37 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-03 11:49 . 2011-09-19 17:37 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-08-03 11:49 . 2011-09-19 17:37 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-03 11:49 . 2011-09-19 17:37 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-03 11:49 . 2011-09-19 17:37 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:49 . 2011-09-19 17:37 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:49 . 2011-09-19 17:37 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-03 11:49 . 2011-09-19 17:37 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-03 11:49 . 2011-09-19 17:37 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2011-09-19 17:37 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-08-03 11:49 . 2011-09-19 17:37 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:49 . 2011-09-19 17:37 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:49 . 2011-09-19 17:37 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2011-09-19 17:37 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:49 . 2011-09-19 17:37 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2008-05-08 13:33 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-08-03 11:49 . 2008-05-08 13:33 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-09-30 12:03 . 2011-09-28 17:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector" [X]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"OEXPRESS"="" [BU]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2011-07-29 86016]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story\PrePatch.exe" [2010-10-20 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-21 273544]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\windows\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Tomas\\Dokumenty\\DC++\\StrongDC.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe"=
"c:\\Program Files\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\navigace nepotrebny\\wcescomm.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Might & Magic Heroes VI\\Might & Magic Heroes VI.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [15.6.2009 15:37 42672]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [15.6.2009 15:37 79872]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [15.6.2007 9:52 143256]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.5.2008 16:51 717296]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [15.6.2009 15:36 67808]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [19.9.2011 19:37 2255464]
R3 axvdkbus;axvdkbus;c:\windows\system32\drivers\axvdkbus.sys [25.2.2003 21:43 8672]
R3 axvodka;axvodka;c:\windows\system32\drivers\axvodka.sys [27.2.2003 19:50 102272]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [15.6.2009 15:36 124072]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [15.6.2009 15:36 55904]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [29.4.2008 18:55 47360]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys --> c:\windows\system32\Drivers\spyemrg.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2010 19:09 136176]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [9.5.2006 18:27 13824]
S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [10.1.2009 16:11 300544]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2010 19:09 136176]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [15.6.2009 15:36 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [15.6.2009 15:36 25184]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 17:08]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 17:08]
.
2011-10-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1647877149-2147082517-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-10-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1647877149-2147082517-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-10-26 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2009-06-15 13:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60076
mStart Page = hxxp://home.sweetim.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 10.0.0.138
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\6ab1dqn5.default\
FF - prefs.js: browser.startup.homepage - centrum.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-WEBTRAN - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-EADM - c:\program files\Electronic Arts\EADM\EADMUI\EADMUninstall.exe
AddRemove-PC Translator - c:\docume~1\Tomas\LOCALS~1\Temp\UN32.EXE
AddRemove-Totalcmd - c:\totalcmd\tcuninst.exe
AddRemove-Windows CE Services - c:\windows\ISUN0407.EXE
AddRemove-{7353BAE6-5E49-46C4-A9B5-8A269A313789} - c:\documents and settings\Tomas\Local Settings\Data aplikací\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-26 19:02
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(832)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
.
Celkový čas: 2011-10-26 19:04:35
ComboFix-quarantined-files.txt 2011-10-26 17:04
.
Před spuštěním: Volných bajtů: 47 546 134 528
Po spuštění: Volných bajtů: 47 639 560 192
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2837756ED382F4F0314A9195E923EEFB

#6 Příspěvek od **Rudy** » 26 říj 2011 18:39

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\SweetIM

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-

Uložte na plochu jakko CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

dexxameter · #7 Příspěvek od **dexxameter** » 27 říj 2011 18:35

ndobrý den nevím zda jsem to udělal zprávně posílám vygenerovaný log a doufejme že to vyjde diky černý

ComboFix 11-10-27.05 - Tomas 27.10.2011 19:27:09.3.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2288 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomas\Plocha\ComboFix.exe
AV: F-Secure Profi Antivirus 8.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Profi Antivirus 8.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-27 do 2011-10-27 )))))))))))))))))))))))))))))))
.
.
2011-10-27 15:34 . 2011-10-27 15:36 -------- d-----w- c:\program files\Combat Arms EU
2011-10-27 15:31 . 2011-10-27 15:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NexonEU
2011-10-27 14:52 . 2011-10-27 15:31 -------- d-----w- C:\Download
2011-10-27 14:52 . 2011-10-27 14:52 -------- d-----w- C:\Nexon
2011-10-27 14:52 . 2011-10-27 14:52 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2011-10-25 18:05 . 2011-10-25 18:05 -------- d-----w- C:\rsit
2011-10-19 15:22 . 2011-10-19 15:24 -------- d-----w- C:\Ubisoft Game Launcher
2011-10-19 15:22 . 2011-10-19 15:52 -------- d-----w- c:\documents and settings\Tomas\Data aplikací\Might & Magic Heroes VI
2011-10-19 14:03 . 2011-10-19 14:07 -------- d-----w- c:\program files\Ubisoft
2011-10-16 17:06 . 2011-10-16 17:06 -------- d-----w- c:\documents and settings\Tomas\Local Settings\Data aplikací\Ubisoft Game Launcher
2011-10-15 20:59 . 2011-10-15 20:59 388096 ----a-r- c:\documents and settings\Tomas\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-15 20:59 . 2011-10-15 20:59 -------- d-----w- c:\program files\Trend Micro
2011-10-15 16:14 . 2011-10-15 16:14 -------- d-----w- c:\documents and settings\Tomas\Data aplikací\NVIDIA
2011-10-10 09:09 . 2011-10-10 09:09 4550304 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-10-02 10:15 . 2009-07-13 17:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2011-10-02 10:15 . 2009-07-13 17:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2011-10-02 10:15 . 2009-07-13 17:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2011-10-02 10:15 . 2009-07-13 17:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2011-10-02 10:15 . 2009-07-13 17:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2011-10-02 10:15 . 2009-07-13 17:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2011-10-02 10:15 . 2009-07-13 17:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2011-10-02 10:15 . 2009-10-16 09:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2011-10-02 10:15 . 2009-07-13 17:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2011-10-02 10:15 . 2009-07-13 17:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2011-10-02 10:15 . 2011-10-02 10:15 -------- d-----w- c:\program files\BRS
2011-09-28 17:49 . 2011-09-30 12:03 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-09-28 17:49 . 2011-09-30 12:03 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-09-28 17:49 . 2011-09-30 12:03 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-09-28 17:49 . 2011-09-30 12:03 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-09-28 17:49 . 2011-09-30 12:03 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-09-28 17:49 . 2011-09-30 12:03 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-09-28 17:49 . 2011-09-23 01:15 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-09-28 17:49 . 2011-09-23 01:15 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-26 18:28 . 2008-04-29 16:54 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-26 18:28 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-02 10:14 . 2008-10-15 17:11 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-10-02 10:14 . 2008-10-15 17:11 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-25 06:38 . 2011-05-25 13:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 09:56 . 2009-06-15 13:37 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-08-03 11:49 . 2011-09-19 17:37 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-03 11:49 . 2011-09-19 17:37 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-08-03 11:49 . 2011-09-19 17:37 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-03 11:49 . 2011-09-19 17:37 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-03 11:49 . 2011-09-19 17:37 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:49 . 2011-09-19 17:37 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:49 . 2011-09-19 17:37 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-03 11:49 . 2011-09-19 17:37 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-03 11:49 . 2011-09-19 17:37 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2011-09-19 17:37 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-08-03 11:49 . 2011-09-19 17:37 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:49 . 2011-09-19 17:37 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:49 . 2011-09-19 17:37 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2011-09-19 17:37 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:49 . 2011-09-19 17:37 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2008-05-08 13:33 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-08-03 11:49 . 2008-05-08 13:33 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-09-30 12:03 . 2011-09-28 17:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-26_17.02.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-27 17:18 . 2011-10-27 17:18 16384 c:\windows\temp\Perflib_Perfdata_610.dat
+ 2011-10-26 18:29 . 2011-10-26 18:29 18944 c:\windows\Installer\6a5e1.msi
+ 2011-10-26 18:28 . 2011-10-26 18:28 92672 c:\windows\Installer\6a5cb.msi
+ 2011-10-26 18:28 . 2011-10-26 18:28 24064 c:\windows\Installer\6a5bd.msi
- 2010-11-17 15:34 . 2011-05-21 12:09 5632 c:\windows\system32\pndx5032.dll
+ 2010-11-17 15:34 . 2011-10-26 18:28 5632 c:\windows\system32\pndx5032.dll
+ 2010-11-17 15:34 . 2011-10-26 18:28 6656 c:\windows\system32\pndx5016.dll
- 2010-11-17 15:34 . 2011-05-21 12:09 6656 c:\windows\system32\pndx5016.dll
+ 2010-11-17 15:34 . 2011-10-26 18:29 198832 c:\windows\system32\rmoc3260.dll
- 2009-07-07 18:14 . 2011-05-21 12:09 272896 c:\windows\system32\pncrt.dll
+ 2009-07-07 18:14 . 2011-10-26 18:28 272896 c:\windows\system32\pncrt.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector" [X]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"OEXPRESS"="" [BU]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2011-07-29 86016]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story\PrePatch.exe" [2010-10-20 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-26 273528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\windows\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Tomas\\Dokumenty\\DC++\\StrongDC.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe"=
"c:\\Program Files\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\navigace nepotrebny\\wcescomm.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Might & Magic Heroes VI\\Might & Magic Heroes VI.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [15.6.2009 15:37 42672]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [15.6.2009 15:37 79872]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [15.6.2007 9:52 143256]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.5.2008 16:51 717296]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [15.6.2009 15:36 67808]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [19.9.2011 19:37 2255464]
R3 axvdkbus;axvdkbus;c:\windows\system32\drivers\axvdkbus.sys [25.2.2003 21:43 8672]
R3 axvodka;axvodka;c:\windows\system32\drivers\axvodka.sys [27.2.2003 19:50 102272]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [15.6.2009 15:36 124072]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [15.6.2009 15:36 55904]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [29.4.2008 18:55 47360]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys --> c:\windows\system32\Drivers\spyemrg.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2010 19:09 136176]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [9.5.2006 18:27 13824]
S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [10.1.2009 16:11 300544]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2010 19:09 136176]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [15.6.2009 15:36 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [15.6.2009 15:36 25184]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 17:08]
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 17:08]
.
2011-10-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1647877149-2147082517-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-10-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1647877149-2147082517-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-10-27 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2009-06-15 13:57]
.
.
------- Doplňkový sken -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60076
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 10.0.0.138
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\6ab1dqn5.default\
FF - prefs.js: browser.startup.homepage - centrum.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-27 19:31
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(832)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
.
- - - - - - - > 'explorer.exe'(3116)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-10-27 19:32:36
ComboFix-quarantined-files.txt 2011-10-27 17:32
ComboFix2.txt 2011-10-26 17:04
.
Před spuštěním: Volných bajtů: 42 617 290 752
Po spuštění: Volných bajtů: 42 620 719 104
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 7B28781E9326BF29A559057657ABEADB

#8 Příspěvek od **Rudy** » 27 říj 2011 18:52

CF nebyl spuštěn pomopcí skriptu (bylo by to konstatováno v hlavičce logu). Zkuste CF spustit skriptem, který uvádím ve svém předchozím postu.

dexxameter · #9 Příspěvek od **dexxameter** » 29 říj 2011 19:22

tak snad :/

ComboFix 11-10-29.05 - Tomas 29.10.2011 20:15:43.4.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2216 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomas\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tomas\Plocha\CFScript.txt.txt
AV: F-Secure Profi Antivirus 8.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Profi Antivirus 8.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-29 )))))))))))))))))))))))))))))))
.
.
2011-10-28 13:30 . 2011-10-28 13:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nexon
2011-10-27 15:34 . 2011-10-28 13:42 -------- d-----w- c:\program files\Combat Arms EU
2011-10-27 14:52 . 2011-10-27 15:31 -------- d-----w- C:\Download
2011-10-27 14:52 . 2011-10-27 14:52 -------- d-----w- C:\Nexon
2011-10-27 14:52 . 2011-10-27 14:52 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2011-10-25 18:05 . 2011-10-25 18:05 -------- d-----w- C:\rsit
2011-10-19 15:22 . 2011-10-19 15:24 -------- d-----w- C:\Ubisoft Game Launcher
2011-10-19 15:22 . 2011-10-19 15:52 -------- d-----w- c:\documents and settings\Tomas\Data aplikací\Might & Magic Heroes VI
2011-10-19 14:03 . 2011-10-19 14:07 -------- d-----w- c:\program files\Ubisoft
2011-10-16 17:06 . 2011-10-16 17:06 -------- d-----w- c:\documents and settings\Tomas\Local Settings\Data aplikací\Ubisoft Game Launcher
2011-10-15 20:59 . 2011-10-15 20:59 388096 ----a-r- c:\documents and settings\Tomas\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-15 20:59 . 2011-10-15 20:59 -------- d-----w- c:\program files\Trend Micro
2011-10-15 16:14 . 2011-10-15 16:14 -------- d-----w- c:\documents and settings\Tomas\Data aplikací\NVIDIA
2011-10-10 09:09 . 2011-10-10 09:09 4550304 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-10-02 10:15 . 2009-07-13 17:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2011-10-02 10:15 . 2009-07-13 17:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2011-10-02 10:15 . 2009-07-13 17:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2011-10-02 10:15 . 2009-07-13 17:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2011-10-02 10:15 . 2009-07-13 17:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2011-10-02 10:15 . 2009-07-13 17:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2011-10-02 10:15 . 2009-07-13 17:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2011-10-02 10:15 . 2009-10-16 09:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2011-10-02 10:15 . 2009-07-13 17:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2011-10-02 10:15 . 2009-07-13 17:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2011-10-02 10:15 . 2011-10-02 10:15 -------- d-----w- c:\program files\BRS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-26 18:28 . 2008-04-29 16:54 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-26 18:28 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-02 10:14 . 2008-10-15 17:11 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-10-02 10:14 . 2008-10-15 17:11 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-25 06:38 . 2011-05-25 13:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 09:56 . 2009-06-15 13:37 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-08-03 11:49 . 2011-09-19 17:37 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-03 11:49 . 2011-09-19 17:37 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-08-03 11:49 . 2011-09-19 17:37 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-03 11:49 . 2011-09-19 17:37 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-03 11:49 . 2011-09-19 17:37 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:49 . 2011-09-19 17:37 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:49 . 2011-09-19 17:37 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-03 11:49 . 2011-09-19 17:37 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-03 11:49 . 2011-09-19 17:37 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2011-09-19 17:37 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-08-03 11:49 . 2011-09-19 17:37 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:49 . 2011-09-19 17:37 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:49 . 2011-09-19 17:37 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2011-09-19 17:37 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:49 . 2011-09-19 17:37 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2008-05-08 13:33 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-08-03 11:49 . 2008-05-08 13:33 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-09-30 12:03 . 2011-09-28 17:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-26_17.02.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-29 17:12 . 2011-10-29 17:12 16384 c:\windows\temp\Perflib_Perfdata_784.dat
+ 2011-10-26 18:29 . 2011-10-26 18:29 18944 c:\windows\Installer\6a5e1.msi
+ 2011-10-26 18:28 . 2011-10-26 18:28 92672 c:\windows\Installer\6a5cb.msi
+ 2011-10-26 18:28 . 2011-10-26 18:28 24064 c:\windows\Installer\6a5bd.msi
- 2010-11-17 15:34 . 2011-05-21 12:09 5632 c:\windows\system32\pndx5032.dll
+ 2010-11-17 15:34 . 2011-10-26 18:28 5632 c:\windows\system32\pndx5032.dll
+ 2010-11-17 15:34 . 2011-10-26 18:28 6656 c:\windows\system32\pndx5016.dll
- 2010-11-17 15:34 . 2011-05-21 12:09 6656 c:\windows\system32\pndx5016.dll
+ 2010-11-17 15:34 . 2011-10-26 18:29 198832 c:\windows\system32\rmoc3260.dll
- 2009-07-07 18:14 . 2011-05-21 12:09 272896 c:\windows\system32\pncrt.dll
+ 2009-07-07 18:14 . 2011-10-26 18:28 272896 c:\windows\system32\pncrt.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector" [X]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"OEXPRESS"="" [BU]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2011-07-29 86016]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story\PrePatch.exe" [2010-10-20 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-26 273528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\windows\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Tomas\\Dokumenty\\DC++\\StrongDC.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe"=
"c:\\Program Files\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\navigace nepotrebny\\wcescomm.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Might & Magic Heroes VI\\Might & Magic Heroes VI.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Combat Arms EU\\NMService.exe"=
"c:\\Program Files\\Combat Arms EU\\Engine.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [15.6.2009 15:37 42672]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [15.6.2009 15:37 79872]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [15.6.2007 9:52 143256]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.5.2008 16:51 717296]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [15.6.2009 15:36 67808]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [19.9.2011 19:37 2255464]
R3 axvdkbus;axvdkbus;c:\windows\system32\drivers\axvdkbus.sys [25.2.2003 21:43 8672]
R3 axvodka;axvodka;c:\windows\system32\drivers\axvodka.sys [27.2.2003 19:50 102272]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [15.6.2009 15:36 124072]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [15.6.2009 15:36 55904]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [29.4.2008 18:55 47360]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys --> c:\windows\system32\Drivers\spyemrg.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2010 19:09 136176]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [9.5.2006 18:27 13824]
S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [10.1.2009 16:11 300544]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2010 19:09 136176]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [15.6.2009 15:36 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [15.6.2009 15:36 25184]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 17:08]
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 17:08]
.
2011-10-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1647877149-2147082517-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-10-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1647877149-2147082517-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-10-29 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2009-06-15 13:57]
.
.
------- Doplňkový sken -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60076
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 10.0.0.138
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\6ab1dqn5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-29 20:19
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(832)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
.
- - - - - - - > 'explorer.exe'(2924)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-10-29 20:21:19
ComboFix-quarantined-files.txt 2011-10-29 18:21
ComboFix2.txt 2011-10-27 17:32
ComboFix3.txt 2011-10-26 17:04
.
Před spuštěním: Volných bajtů: 43 543 691 264
Po spuštění: Volných bajtů: 43 536 052 224
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 6C66005496D466394E74A433C3A0B642

#10 Příspěvek od **Rudy** » 29 říj 2011 20:02

Je to tam stále. Skript jste chybně uložil (c:\documents and settings\Tomas\Plocha\CFScript.txt.txt). Musí být uložen jako c:\documents and settings\Tomas\Plocha\CFScript.txt . SweetIm lze také odinstalovat.

dexxameter · #11 Příspěvek od **dexxameter** » 29 říj 2011 21:48

fakt se omlovam nevim jestly na po xkrate to bude ono jsem nesika :/

ComboFix 11-10-29.05 - Tomas 29.10.2011 22:37:14.5.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.1750 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomas\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tomas\Plocha\CFScript.txt
AV: F-Secure Profi Antivirus 8.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Profi Antivirus 8.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-29 )))))))))))))))))))))))))))))))
.
.
2011-10-28 13:30 . 2011-10-28 13:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nexon
2011-10-27 15:34 . 2011-10-29 20:16 -------- d-----w- c:\program files\Combat Arms EU
2011-10-27 14:52 . 2011-10-27 15:31 -------- d-----w- C:\Download
2011-10-27 14:52 . 2011-10-27 14:52 -------- d-----w- C:\Nexon
2011-10-27 14:52 . 2011-10-27 14:52 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2011-10-25 18:05 . 2011-10-25 18:05 -------- d-----w- C:\rsit
2011-10-19 15:22 . 2011-10-19 15:24 -------- d-----w- C:\Ubisoft Game Launcher
2011-10-19 15:22 . 2011-10-19 15:52 -------- d-----w- c:\documents and settings\Tomas\Data aplikací\Might & Magic Heroes VI
2011-10-19 14:03 . 2011-10-19 14:07 -------- d-----w- c:\program files\Ubisoft
2011-10-16 17:06 . 2011-10-16 17:06 -------- d-----w- c:\documents and settings\Tomas\Local Settings\Data aplikací\Ubisoft Game Launcher
2011-10-15 20:59 . 2011-10-15 20:59 388096 ----a-r- c:\documents and settings\Tomas\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-15 20:59 . 2011-10-15 20:59 -------- d-----w- c:\program files\Trend Micro
2011-10-15 16:14 . 2011-10-15 16:14 -------- d-----w- c:\documents and settings\Tomas\Data aplikací\NVIDIA
2011-10-10 09:09 . 2011-10-10 09:09 4550304 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-10-02 10:15 . 2009-07-13 17:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2011-10-02 10:15 . 2009-07-13 17:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2011-10-02 10:15 . 2009-07-13 17:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2011-10-02 10:15 . 2009-07-13 17:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2011-10-02 10:15 . 2009-07-13 17:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2011-10-02 10:15 . 2009-07-13 17:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2011-10-02 10:15 . 2009-07-13 17:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2011-10-02 10:15 . 2009-10-16 09:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2011-10-02 10:15 . 2009-07-13 17:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2011-10-02 10:15 . 2009-07-13 17:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2011-10-02 10:15 . 2011-10-02 10:15 -------- d-----w- c:\program files\BRS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-26 18:28 . 2008-04-29 16:54 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-26 18:28 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-02 10:14 . 2008-10-15 17:11 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-10-02 10:14 . 2008-10-15 17:11 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-25 06:38 . 2011-05-25 13:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 09:56 . 2009-06-15 13:37 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-08-03 11:49 . 2011-09-19 17:37 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-03 11:49 . 2011-09-19 17:37 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-08-03 11:49 . 2011-09-19 17:37 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-03 11:49 . 2011-09-19 17:37 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-03 11:49 . 2011-09-19 17:37 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:49 . 2011-09-19 17:37 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:49 . 2011-09-19 17:37 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-03 11:49 . 2011-09-19 17:37 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-03 11:49 . 2011-09-19 17:37 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2011-09-19 17:37 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-08-03 11:49 . 2011-09-19 17:37 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:49 . 2011-09-19 17:37 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:49 . 2011-09-19 17:37 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2011-09-19 17:37 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:49 . 2011-09-19 17:37 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2008-05-08 13:33 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-08-03 11:49 . 2008-05-08 13:33 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-09-30 12:03 . 2011-09-28 17:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-26_17.02.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-29 17:12 . 2011-10-29 17:12 16384 c:\windows\temp\Perflib_Perfdata_784.dat
+ 2011-10-26 18:29 . 2011-10-26 18:29 18944 c:\windows\Installer\6a5e1.msi
+ 2011-10-26 18:28 . 2011-10-26 18:28 92672 c:\windows\Installer\6a5cb.msi
+ 2011-10-26 18:28 . 2011-10-26 18:28 24064 c:\windows\Installer\6a5bd.msi
- 2010-11-17 15:34 . 2011-05-21 12:09 5632 c:\windows\system32\pndx5032.dll
+ 2010-11-17 15:34 . 2011-10-26 18:28 5632 c:\windows\system32\pndx5032.dll
+ 2010-11-17 15:34 . 2011-10-26 18:28 6656 c:\windows\system32\pndx5016.dll
- 2010-11-17 15:34 . 2011-05-21 12:09 6656 c:\windows\system32\pndx5016.dll
+ 2010-11-17 15:34 . 2011-10-26 18:29 198832 c:\windows\system32\rmoc3260.dll
- 2009-07-07 18:14 . 2011-05-21 12:09 272896 c:\windows\system32\pncrt.dll
+ 2009-07-07 18:14 . 2011-10-26 18:28 272896 c:\windows\system32\pncrt.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector" [X]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"OEXPRESS"="" [BU]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2011-07-29 86016]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story\PrePatch.exe" [2010-10-20 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-26 273528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\windows\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Tomas\\Dokumenty\\DC++\\StrongDC.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe"=
"c:\\Program Files\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\navigace nepotrebny\\wcescomm.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Might & Magic Heroes VI\\Might & Magic Heroes VI.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Combat Arms EU\\NMService.exe"=
"c:\\Program Files\\Combat Arms EU\\Engine.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [15.6.2009 15:37 42672]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [15.6.2009 15:37 79872]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [15.6.2007 9:52 143256]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.5.2008 16:51 717296]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [15.6.2009 15:36 67808]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [19.9.2011 19:37 2255464]
R3 axvdkbus;axvdkbus;c:\windows\system32\drivers\axvdkbus.sys [25.2.2003 21:43 8672]
R3 axvodka;axvodka;c:\windows\system32\drivers\axvodka.sys [27.2.2003 19:50 102272]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [15.6.2009 15:36 124072]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [15.6.2009 15:36 55904]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [29.4.2008 18:55 47360]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys --> c:\windows\system32\Drivers\spyemrg.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2010 19:09 136176]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [9.5.2006 18:27 13824]
S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [10.1.2009 16:11 300544]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2010 19:09 136176]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [15.6.2009 15:36 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [15.6.2009 15:36 25184]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 17:08]
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 17:08]
.
2011-10-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1647877149-2147082517-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-10-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1647877149-2147082517-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-10-29 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2009-06-15 13:57]
.
.
------- Doplňkový sken -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60076
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 10.0.0.138
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\6ab1dqn5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-29 22:41
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\program files\F-Secure\FWES\Program\fsdc32.dll
.
- - - - - - - > 'lsass.exe'(832)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
c:\program files\F-Secure\FWES\Program\fsdc32.dll
.
- - - - - - - > 'explorer.exe'(5428)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(732)
c:\program files\F-Secure\FWES\Program\fsdc32.dll
.
Celkový čas: 2011-10-29 22:42:45
ComboFix-quarantined-files.txt 2011-10-29 20:42
ComboFix2.txt 2011-10-27 17:32
ComboFix3.txt 2011-10-26 17:04
.
Před spuštěním: Volných bajtů: 43 533 873 152
Po spuštění: Volných bajtů: 43 533 332 480
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 7EEC30F400AA4CA94D6100D122C6E0F3

#12 Příspěvek od **Rudy** » 29 říj 2011 21:57

SweetIm je pryč (je to dost otravný sw, který navíc zpomaluje chod). Nastala nějaká změna?

dexxameter · #13 Příspěvek od **dexxameter** » 30 říj 2011 10:27

tak snad to je v pořádku díky za úmornou praci děkuji a přeji hezký den černý ( jste fakt machři )

#14 Příspěvek od **Rudy** » 30 říj 2011 11:17

Rádo se stalo!

VIRY.CZ

nevim si rady

nevim si rady

Re: nevim si rady

Re: nevim si rady

Re: nevim si rady

Re: nevim si rady

Re: nevim si rady

Re: nevim si rady

Re: nevim si rady

Re: nevim si rady

Re: nevim si rady

Re: nevim si rady

Re: nevim si rady

Re: nevim si rady

Re: nevim si rady