svchost.exe žere cpu, antivir nahlásil RKIT/Kryptic.763904

[pitimir]

Z mojej strany je to v poriadku...ako to vyzera u teba so spravanim PC?

[Ideatore]

Tady taky dobrý. Takže děkuji mockrát

[pitimir]

1) Docistime to:

• Odinstaluj Combofix:
  Start -> Spustit -> (napis) combofix /uninstall

• Pouzi T-Cleaner (ak by ho antivirus hlasil ako smejda, nic sa netreba bat, ide len o paranoju AV programu).

• Precisti PC CCleanerom (vratane registrov).

• Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).

2) Vloz log z HJT.

V pripade nezrovnalosti sa >>tu<< nachadza navod.

[Ideatore]

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36:19, on 1.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Svátky a výročí] C:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6618 bytes

[pitimir]

1) Pouzi JavaRa, mas staru Javu.


2) Doinstaluj poriadny firewall a antispyware (odporucam ZoneAlarm/Comodo a SuperAntiSpyware/Spyware Terminator).

A hotovo

[Ideatore]

Než jsem tam stihl nějakej firewall nainstalovat (do čehož se mi popravdě moc nechce, způsobovaly mi spíš víc starostí než užitku), zřejmě se mi tam zas dostala nějaká potvora. Projevuje se to tim, že při načítání internet. stránky svchost zatěžuje cpu na 99%. Není to při každym načítání, ale rozhodně dost často. Je to asi tak tejden, tejden a půl nazpátek, ale bohužel jsem neměl čas to nějak řešit, tak se k tomu dostávám až teď. Přikládám log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Lukáš at 2010-02-14 22:12:33
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (2%) free of 156 GB
Total RAM: 1023 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:55, on 14.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lukáš\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Lukáš.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Svátky a výročí] C:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-21-1292428093-926492609-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Martin')
O4 - HKUS\S-1-5-21-1292428093-926492609-725345543-1006\..\Run: [Start WingMan Profiler] (User 'Martin')
O4 - HKUS\S-1-5-21-1292428093-926492609-725345543-1006\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe (User 'Martin')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5642268250
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7962 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-03 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"=C:\Program Files\ASUS\Probe\AsusProb.exe [2002-12-06 617984]
"nForce Tray Options"=sstray.exe /r []
"CHotkey"=C:\WINDOWS\mHotkey.exe [2002-07-05 491008]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2008-10-07 86016]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"NPSStartup"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"=C:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe [2004-12-12 960512]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-07-03 81920]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe [2006-07-11 3144800]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk.disabled - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-30 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Totalcmd\TOTALCMD.EXE"="C:\Program Files\Totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\StrongDC\StrongDC.exe"="C:\Program Files\StrongDC\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Sony\Vegas 6.0\VegSrv60.exe"="C:\Program Files\Sony\Vegas 6.0\VegSrv60.exe:*:Enabled:Sony Vegas Network Render Service Control"
"F:\hry\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="F:\hry\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\VLC\vlc.exe"="C:\Program Files\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Martin\Plocha\Miranda\Miranda\miranda32.exe"="C:\Documents and Settings\Martin\Plocha\Miranda\Miranda\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0f53175-4dce-11dd-a3c3-9965402625e2}]
shell\AutoRun\command - J:\wd_windows_tools\WDSetup.exe


======List of files/folders created in the last 1 months======

2010-02-14 21:39:23 ----DC---- C:\Program Files\Microsoft Silverlight
2010-02-11 21:51:26 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-02-08 23:33:06 ----DC---- C:\Program Files\Crawler
2010-02-08 18:59:19 ----DC---- C:\rsit
2010-02-07 18:30:37 ----DC---- C:\Program Files\Yamicsoft
2010-02-07 18:24:13 ----AC---- C:\WINDOWS\system32\sshnas21.dll.old
2010-02-06 22:56:50 ----AC---- C:\WINDOWS\cadkasdeinst01e.exe
2010-02-06 16:32:49 ----AC---- C:\GERCC.txt
2010-02-06 16:32:45 ----AC---- C:\RCPARAM.txt
2010-02-04 19:03:31 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Samsung
2010-02-04 19:02:08 ----DC---- C:\Program Files\MarkAny
2010-02-04 11:17:36 ----DC---- C:\Documents and Settings\Lukáš\Data aplikací\ATI
2010-02-04 11:17:36 ----DC---- C:\Documents and Settings\All Users\Data aplikací\ATI
2010-02-04 11:03:08 ----C---- C:\WINDOWS\system32\ati2sgag.exe
2010-02-04 11:02:21 ----DC---- C:\Program Files\ATI Technologies
2010-02-04 11:01:20 ----DC---- C:\Program Files\ATI
2010-02-03 01:13:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-03 01:13:42 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-03 00:28:17 ----AC---- C:\WINDOWS\imsins.BAK
2010-02-03 00:27:33 ----HDC---- C:\WINDOWS\ie8
2010-02-03 00:07:14 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-02-03 00:06:33 ----AC---- C:\WINDOWS\system32\javaws.exe
2010-02-03 00:06:33 ----AC---- C:\WINDOWS\system32\javaw.exe
2010-02-03 00:06:33 ----AC---- C:\WINDOWS\system32\java.exe
2010-02-02 13:34:40 ----AC---- C:\demux_log.txt
2010-02-01 22:36:16 ----AC---- C:\WINDOWS\system32\DIFxAPI.dll
2010-02-01 22:32:32 ----DC---- C:\Program Files\Samsung
2010-02-01 20:19:41 ----SHDC---- C:\RECYCLER
2010-01-31 11:39:33 ----DC---- C:\Program Files\Common Files\Teleca Shared
2010-01-31 11:39:32 ----DC---- C:\Program Files\Sony Ericsson
2010-01-31 11:39:32 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
2010-01-31 09:38:23 ----DC---- C:\WINDOWS\temp
2010-01-23 01:28:04 ----DC---- C:\Program Files\Common Files\Skype
2010-01-19 20:57:03 ----DC---- C:\Documents and Settings\All Users\Data aplikací\HP Product Assistant

======List of files/folders modified in the last 1 months======

2010-02-14 22:12:41 ----DC---- C:\WINDOWS\Prefetch
2010-02-14 22:12:25 ----DC---- C:\Program Files\AVerTV DVB-T
2010-02-14 22:12:25 ----AC---- C:\WINDOWS\AVerDVBT.ini
2010-02-14 22:03:32 ----AC---- C:\WINDOWS\NeroDigital.ini
2010-02-14 21:45:23 ----DC---- C:\Program Files\Mozilla Firefox
2010-02-14 21:39:28 ----SHDC---- C:\WINDOWS\Installer
2010-02-14 21:39:28 ----DC---- C:\Config.Msi
2010-02-14 21:39:23 ----RDC---- C:\Program Files
2010-02-14 14:24:55 ----DC---- C:\Program Files\Mozilla Thunderbird
2010-02-14 07:46:57 ----DC---- C:\WINDOWS\system32\CatRoot2
2010-02-14 00:48:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-13 06:19:39 ----DC---- C:\WINDOWS
2010-02-12 16:22:33 ----HDC---- C:\WINDOWS\inf
2010-02-11 12:02:52 ----SDC---- C:\WINDOWS\Downloaded Program Files
2010-02-11 11:57:45 ----AC---- C:\WINDOWS\wincmd.ini
2010-02-11 10:49:36 ----AC---- C:\WINDOWS\wcx_ftp.ini
2010-02-11 10:14:05 ----DC---- C:\Documents and Settings\Lukáš\Data aplikací\Canon
2010-02-11 04:08:55 ----DC---- C:\Documents and Settings\Lukáš\Data aplikací\Real
2010-02-10 02:53:17 ----DC---- C:\WINDOWS\security
2010-02-09 21:11:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-09 21:11:12 ----DC---- C:\WINDOWS\system32
2010-02-09 21:07:27 ----DC---- C:\WINDOWS\srchasst
2010-02-09 01:50:12 ----DC---- C:\WINDOWS\system32\drivers
2010-02-08 22:11:12 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-02-07 19:52:48 ----SDC---- C:\WINDOWS\Tasks
2010-02-06 12:19:28 ----AC---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
2010-02-05 12:28:28 ----DC---- C:\Documents and Settings\Lukáš\Data aplikací\Winamp
2010-02-05 00:46:01 ----DC---- C:\WINDOWS\system32\oodag
2010-02-04 19:05:34 ----DC---- C:\WINDOWS\system32\CatRoot
2010-02-04 19:05:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-04 19:04:45 ----DC---- C:\WINDOWS\system32\Samsung_USB_Drivers
2010-02-04 19:02:35 ----HDC---- C:\Program Files\InstallShield Installation Information
2010-02-04 19:02:34 ----DC---- C:\WINDOWS\WinSxS
2010-02-04 18:49:22 ----DC---- C:\Program Files\PC Connectivity Solution
2010-02-04 11:17:37 ----DC---- C:\WINDOWS\system32\config
2010-02-04 11:05:28 ----RSDC---- C:\WINDOWS\assembly
2010-02-04 02:48:43 ----RDC---- C:\hry
2010-02-03 01:21:54 ----DC---- C:\WINDOWS\AppPatch
2010-02-03 01:14:28 ----DC---- C:\Program Files\Internet Explorer
2010-02-03 01:14:21 ----DC---- C:\WINDOWS\ie8updates
2010-02-03 01:13:59 ----HDC---- C:\WINDOWS\$hf_mig$
2010-02-03 01:09:39 ----DC---- C:\WINDOWS\Debug
2010-02-03 00:29:39 ----DC---- C:\WINDOWS\Help
2010-02-03 00:27:33 ----DC---- C:\WINDOWS\system32\cs-CZ
2010-02-03 00:06:16 ----AC---- C:\WINDOWS\system32\deploytk.dll
2010-02-02 23:58:31 ----DC---- C:\Program Files\Java
2010-02-01 20:05:46 ----DC---- C:\WINDOWS\Minidump
2010-02-01 20:05:46 ----DC---- C:\WINDOWS\Internet Logs
2010-02-01 19:57:11 ----DC---- C:\WINDOWS\ERDNT
2010-01-31 11:39:33 ----DC---- C:\Program Files\Common Files
2010-01-31 11:38:10 ----DC---- C:\WINDOWS\Downloaded Installations
2010-01-31 09:35:43 ----AC---- C:\WINDOWS\system.ini
2010-01-31 09:09:31 ----RSDC---- C:\WINDOWS\Fonts
2010-01-29 20:03:52 ----DC---- C:\Documents and Settings\Lukáš\Data aplikací\Skype
2010-01-29 19:05:52 ----DC---- C:\Documents and Settings\Lukáš\Data aplikací\skypePM
2010-01-25 18:23:37 ----AC---- C:\WINDOWS\ODBC.INI
2010-01-25 18:22:57 ----DC---- C:\Program Files\Common Files\Microsoft Shared
2010-01-25 18:22:55 ----HDC---- C:\WINDOWS\ShellNew
2010-01-25 18:19:24 ----DC---- C:\WINDOWS\system
2010-01-25 01:20:25 ----DC---- C:\Documents and Settings\Lukáš\Data aplikací\gtk-2.0
2010-01-23 01:28:04 ----RDC---- C:\Program Files\Skype
2010-01-23 01:27:59 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-01-17 20:22:46 ----AC---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-15 28520]
R2 ATTSCAP;AVerMedia, WDM MPEG-2 TS Capture (DVBT); C:\WINDOWS\system32\drivers\attscap.sys [2003-06-24 18048]
R2 ATVCAP;AVerMedia, DVB-T WDM Video Capture; C:\WINDOWS\system32\drivers\atvcap.sys [2003-06-24 56320]
R2 ATXBAR;AVerMedia, DVB-T WDM Crossbar; C:\WINDOWS\system32\drivers\ATXBAR.sys [2003-06-24 8576]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-18 56816]
R2 dvdmmg;dvdmmg; \??\C:\WINDOWS\system32\drivers\dvdmmg.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-30 3565056]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-06-29 25280]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-23 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-08-13 36864]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2003-06-06 70656]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-08-13 311552]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2002-06-21 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2002-06-21 39776]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-19 189568]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 ASAPIW2K;ASAPIW2K; \??\C:\WINDOWS\system32\Drivers\asapiW2k.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 az26cg1l;az26cg1l; C:\WINDOWS\system32\drivers\az26cg1l.sys []
S3 BTCAMDRV;Mobiola Web Camera driver; C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2006-11-01 219264]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\LUK~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys []
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2002-06-21 20128]
S3 WmHidLo;Logitech WingMan USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2002-06-21 13920]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2002-06-21 5728]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-08 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-15 108289]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-30 602112]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-12-17 238952]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-03 153376]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-07-03 131072]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-29 593920]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2008-10-07 163908]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-04-01 66872]
S2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-04-01 107832]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-10-17 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-14 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-21 355584]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[motji]

Hezké odpoledne, záskok za kolegu

Něco tam máte

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

[Ideatore]

ComboFix 10-02-16.01 - Administrator . 02. 2010 1:09.5.1 - x86 NETWORK
Spuštěný z: c:\documents and settings\Administrator.STROJ.000\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Dokumenty\cc_20100201_202706.reg

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Soubory vytvořené od 2010-01-17 do 2010-02-17 )))))))))))))))))))))))))))))))
.

2010-02-14 20:39 . 2010-02-14 20:39 -------- dc----w- c:\program files\Microsoft Silverlight
2010-02-08 22:33 . 2010-02-09 00:45 -------- dc----w- c:\program files\Crawler
2010-02-08 17:59 . 2010-02-08 17:59 -------- dc----w- C:\rsit
2010-02-07 17:30 . 2010-02-07 17:30 -------- dc----w- c:\program files\Yamicsoft
2010-02-06 21:56 . 2010-02-06 21:56 75776 -c--a-w- c:\windows\cadkasdeinst01e.exe
2010-02-04 18:02 . 2010-02-04 18:02 -------- dc----w- c:\program files\MarkAny
2010-02-04 10:07 . 2010-02-04 10:07 0 -c--a-w- c:\windows\ativpsrm.bin
2010-02-04 10:03 . 2009-09-29 20:15 593920 -c----w- c:\windows\system32\ati2sgag.exe
2010-02-04 10:02 . 2010-02-04 10:05 -------- dc----w- c:\program files\ATI Technologies
2010-02-04 10:01 . 2010-02-04 10:01 -------- dc----w- c:\program files\ATI
2010-02-03 00:07 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-02 23:27 . 2010-02-02 23:28 -------- dc-h--w- c:\windows\ie8
2010-02-01 21:36 . 2008-07-03 00:48 319456 -c--a-w- c:\windows\system32\DIFxAPI.dll
2010-02-01 21:32 . 2010-02-04 18:05 -------- dc----w- c:\program files\Samsung
2010-02-01 19:19 . 2010-02-01 19:19 -------- dcsh--w- c:\documents and settings\User\IECompatCache
2010-01-31 10:53 . 2005-02-11 09:24 6144 -c--a-r- c:\windows\system32\drivers\k750cm.sys
2010-01-31 10:52 . 2005-02-11 09:19 5744 -c--a-r- c:\windows\system32\drivers\k750wh.sys
2010-01-31 10:39 . 2010-01-31 10:39 -------- dc----w- c:\program files\Common Files\Teleca Shared
2010-01-31 10:39 . 2010-01-31 10:39 -------- dc----w- c:\program files\Sony Ericsson
2010-01-31 10:39 . 2010-01-31 10:39 -------- dc----w- c:\documents and settings\All Users\Documents
2010-01-27 00:26 . 2008-04-13 23:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-01-27 00:25 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\drivers\changer.sys
2010-01-27 00:25 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-01-23 00:28 . 2010-01-23 00:28 -------- dc----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-16 21:40 . 2008-07-21 09:58 -------- dc----w- c:\program files\AVerTV DVB-T
2010-02-16 16:40 . 2008-07-28 11:11 -------- dc----w- c:\program files\Mozilla Thunderbird
2010-02-04 18:02 . 2008-07-09 16:50 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-02-04 17:49 . 2009-02-15 19:36 -------- dc----w- c:\program files\PC Connectivity Solution
2010-02-02 23:06 . 2008-12-03 19:00 411368 -c--a-w- c:\windows\system32\deploytk.dll
2010-02-02 22:58 . 2008-07-20 13:17 -------- dc----w- c:\program files\Java
2010-02-02 22:25 . 2009-10-29 01:56 691696 -c--a-w- c:\windows\system32\drivers\sptd.sys
2010-01-31 19:10 . 2010-01-31 19:10 0 -c-ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-01-23 00:28 . 2008-08-06 20:34 -------- dc----r- c:\program files\Skype
2010-01-18 12:43 . 2009-05-01 10:49 56816 -c--a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-10 17:54 . 2008-07-10 02:28 -------- dc----w- c:\program files\Totalcmd
2009-12-26 06:55 . 2009-06-03 00:34 -------- dc----w- c:\program files\PokerStars
2009-12-22 21:20 . 2009-10-26 23:08 -------- dc----w- c:\program files\Mobile Master
2009-12-21 19:08 . 2009-10-25 21:13 916480 -c--a-w- c:\windows\system32\wininet.dll
2009-12-20 19:36 . 2008-12-30 13:30 -------- dc----w- c:\program files\HP
2009-12-20 19:32 . 2009-12-20 19:21 105710 -c--a-w- c:\windows\HPFins09.dat
2009-12-17 17:42 . 2009-10-26 22:28 238952 -c--a-w- c:\windows\system32\FsUsbExService.Exe
2009-12-14 08:21 . 2009-10-26 22:28 36608 -c--a-w- c:\windows\system32\FsUsbExDisk.Sys
2009-12-14 08:21 . 2009-10-26 22:28 110592 -c--a-w- c:\windows\system32\FsUsbExDevice.Dll
2009-12-09 15:16 . 2002-09-23 12:00 855012 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 15:16 . 2002-09-23 12:00 227990 ----a-w- c:\windows\system32\perfc005.dat
2009-11-21 16:03 . 2009-10-25 21:13 471552 -c--a-w- c:\windows\AppPatch\aclayers.dll
2009-07-28 16:51 . 2009-07-28 16:51 266717 -c--a-w- c:\program files\setuplog.txt
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"CHotkey"="mHotkey.exe" [2002-07-05 491008]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2005-01-26 1490944]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-10-07 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickDVBT"=c:\program files\AVerTV DVB-T\QuickDVB-T.exe
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "c:\program files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"NPSStartup"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\StrongDC\\StrongDC.exe"=
"c:\\Program Files\\Sony\\Vegas 6.0\\VegSrv60.exe"=
"f:\\hry\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\VLC\\vlc.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Martin\\Plocha\\Miranda\\Miranda\\miranda32.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13144:TCP"= 13144:TCP:++1
"13144:UDP"= 13144:UDP:++2

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-02 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-15 108289]
R2 ATTSCAP;AVerMedia, WDM MPEG-2 TS Capture (DVBT);c:\windows\system32\drivers\attscap.sys [2003-06-24 18048]
R2 ATVCAP;AVerMedia, DVB-T WDM Video Capture;c:\windows\system32\drivers\atvcap.sys [2003-06-24 56320]
R2 ATXBAR;AVerMedia, DVB-T WDM Crossbar;c:\windows\system32\drivers\ATXBAR.sys [2003-06-24 8576]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-17 238952]
R3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\DRIVERS\BTCamDrv.sys [2006-11-01 219264]
R3 cpuz130;cpuz130;c:\docume~1\LUK~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-14 36608]
S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [2005-12-06 35328]
S0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [2007-02-01 110128]
S0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2007-02-01 17328]

.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\documents and settings\Administrator.STROJ.000\Data aplikací\Mozilla\Firefox\Profiles\hgqxe8hb.default\
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-nForce Tray Options - sstray.exe
HKLM-Run-NPSStartup - (no file)
AddRemove-XPlite - f:\filmy\!Nevídáno
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-17 01:20
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="C988BE2ABDBD27317048B3283C3A9E62607428B37D7E2C62CD3C11D2B97737E64956A653A9A7B77F292FC99EF8C1E8940A736F665217F6B6DEDDAA1BEED0D4400CE3B9B4438010C59722AC4C31F8BD566A269504CF7E740C1AFE4B3D434158ECC72839A62226311B16344A0EEB6B1BD39B5C500E8E0F3CC2FA4B90827F0D8F237D49CCD55FEB44A8C22B6F163419A0CCFC98B75BA99484D0C2A27B07EEEF6C2BEBA5FD45971912307E7ED16996749315B1114697C0CF2C3FF5177139E2180666184C3C46ED688B84F1DD076329E7D895A0AFDEC07676B32A5B713C5C302593C4CC8258048788428B84FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CC038D530D6EB34529DB7CE019D40AA5CB75486B957DDD9EE3C79A99873AF0CA3759F40C119422D011D4F8D62410AC35D0321288A64554FEC6E187F86BE69FAAE5402B3DE732FA06CD7E643DA78E81648A58C7B97CE7ECEDC928EC92F135BCCE812F7CCEE5A53E0907C7DC11CDBA0B82A1F3A3B4D6E6DC41E2506A75156EF6254CA55AF9FDF1363B1E0305567CD2ED529222EF69E93572ED7570C902DE4B6AE374B52D5240D75AF56117F9CFE23B22B2B1851927C7F951DF20D15CA0A8BE2B81C15888D33DD27E34ACACE092AA47309DD9A72C7E2E8A6B99BDEF574310F4A9CD0DC787907C1F72E9B0168E3B79058D431F9C21F4CF72C3CC21AE9FD6F27E787680C860EDD1C5B559E5876C5F2966E89D8B8D67BB94DEBF39FBD0FAB167CDBBF37C177957C47E92F69AD0B1EB3DCE7B1CD90A80FB0F851432880E797FC31E61A584E792E278D5F28598F1930CE7A18704C6B95E03A8167209C485AAD7BD4F282AA371949A8AF1BC20ABDFA92207EF8FAD2E95ECD6161E1147C34312EF07087F7CE37CC2C5160229061B1EB2F88E92619A65EA906B706163F0D131B2F3DFE560FAC3A6A71F1491B3C06940BC56BAFE22AD0D0808C5152FED1D7692B98C7EFB1ED6DE2AC87E206538062C5DE68AFBA121E1B7C4FB8C71B39932AF055A679A48ED07F8534AE7EA5B82E26574FFEC1673D7A98D1E738B62B085E9495F56C3F750A05932D047C22ADE0A8450F28C3908710D89AF2010940C0501FEC774BCB0C2D62EF229604DCB19583E9F4E89A45115F5D66BBB832FE088D1B5B4BEBF67F550B7A8864B37E0B1348FAFC31113AE5B9A799E3D62EF943363718260EFA019293C1D858D7A9239BB1A7C982B9EC7FDC068D5DA78B92B94F77D8982B556051E746F7A881BFD10671FB0691AE12124735F5B266993FD9B5F5FE7E92A8070F38B2EC49B835A1B91F47E22D9B4A004AD1CD8D2C93381AAB98587D2D9F70CC29687D0FC47DB9C7A3C7AC60D753318F944458D403EA9407E1EF6F2FD77DE9"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-17 01:26:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-17 00:26

Před spuštěním: 1 765 388 288
Po spuštění: 1 736 904 704

- - End Of File - - 0CEB39602352FCC62F9E15869120755C

[motji]

tyto porty znáte?
"13144:TCP"= 13144:TCP:++1
"13144:UDP"= 13144:UDP:++2

Jak to ted vypadá s počítačem?

[Ideatore]

omlouvám se za zdržení. Jo, teď už je to lepší. ty porty znám.

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Collect::
C:\WINDOWS\system32\sshnas21.dll.old

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci