Využití CPU neustále nad 50%,svchost.exe prosím o pomoc

Zpráva

lunchbox · #1 Příspěvek od **lunchbox** » 26 úno 2010 16:48

Zdravím vás,
Mám velký problém a nevím si rady

Ode dneška je CPU hned po zapnutí PC využíván od 50% nahoru ... zjistil jsem,že to děla svchost.exe,taky jsem něco slyšel o combofix,tak jsem házím vysledek. Moc vás prosím a radu

ComboFix 10-02-25.02 - profil 26.02.2010 16:28:04.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1653 [GMT 1:00]
Spuštěný z: c:\documents and settings\profil\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\RegGenie
c:\program files\RegGenie\RegGenie.ini
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlservice.exe
c:\windows\RegGenieOnUninstall.exe
c:\windows\srchasst\nls302en.lex
c:\windows\system32\drivers\ppknyoa.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACd.sys
-------\Service_UACd.sys

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-26 do 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-02-26 15:13 . 2010-02-26 15:13 -------- d-sh--w- c:\documents and settings\Administrator.SWING\IETldCache
2010-02-25 17:27 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-25 17:27 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-25 17:27 . 2008-04-13 23:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-02-25 17:27 . 2008-04-13 23:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-02-25 17:27 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-25 17:27 . 2008-04-13 23:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-02-21 10:08 . 2010-02-21 10:08 -------- d-----w- c:\windows\Sun
2010-02-20 09:07 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-20 09:07 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-19 23:08 . 2010-02-19 23:09 -------- d-----w- c:\program files\Java
2010-02-19 23:08 . 2010-02-19 23:08 -------- d-----w- c:\program files\Common Files\Java
2010-02-19 12:41 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-19 12:41 . 2010-02-19 12:41 -------- d-----w- c:\program files\VS Revo Group
2010-02-19 12:31 . 2010-02-21 06:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-19 12:31 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-02-19 12:30 . 2010-02-19 12:30 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-02-19 12:30 . 2010-02-19 12:30 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-19 12:29 . 2010-02-20 09:05 -------- d-----w- c:\documents and settings\profil\Tracing
2010-02-19 12:28 . 2010-02-19 12:31 -------- d-----w- c:\program files\Microsoft
2010-02-19 12:28 . 2010-02-19 12:28 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-19 12:22 . 2010-02-19 12:22 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-19 12:20 . 2010-02-19 12:31 -------- d-----w- c:\program files\Windows Live
2010-02-16 12:04 . 2010-02-16 12:04 -------- d-----w- c:\program files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 15:35 . 2004-08-18 12:00 85904 ----a-w- c:\windows\system32\perfc005.dat
2010-02-26 15:35 . 2004-08-18 12:00 446912 ----a-w- c:\windows\system32\perfh005.dat
2010-02-25 19:10 . 2009-08-20 16:06 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-25 19:10 . 2008-12-01 16:35 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-23 15:19 . 2009-11-24 20:14 -------- d-----w- c:\program files\Google
2010-02-23 14:26 . 2008-11-27 07:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-16 12:04 . 2009-11-01 17:38 -------- d-----w- c:\program files\Common Files\Apple
2010-02-01 14:42 . 2009-07-26 16:41 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-01 14:41 . 2008-12-03 15:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-27 17:56 . 2009-08-28 08:05 -------- d-----w- c:\program files\Common Files\BioWare
2010-01-23 05:57 . 2009-09-28 10:35 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-13 14:49 . 2010-01-13 14:49 -------- d-----w- c:\program files\Uniblue
2010-01-12 04:03 . 2009-12-22 17:30 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-12 04:03 . 2009-12-22 17:30 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-12 04:03 . 2009-04-30 20:02 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03 . 2009-04-30 20:02 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 04:03 . 2009-02-09 12:18 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03 . 2008-06-25 19:57 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2008-06-25 19:57 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2008-06-25 19:57 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2008-06-25 19:57 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2008-06-25 19:57 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2008-06-25 19:57 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-02 19:41 . 2010-01-02 19:41 -------- d-----w- c:\program files\Get Styles
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 09:39 . 2009-12-31 09:29 -------- d-----w- c:\program files\KigoVideoConverter
2009-12-31 09:27 . 2009-12-31 09:27 -------- d-----w- c:\program files\WM Converter
2009-12-23 07:13 . 2008-12-01 17:32 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-21 19:08 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-11-27 06:58 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-18 12:00 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-18 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2009-12-16 09:03 185344 ----a-w- c:\program files\Get Styles\enlbrdr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\programs\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ICQ"="e:\programs\ICQ 7\ICQ7.0\ICQ.exe" [2010-02-11 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"WinampAgent"="e:\programs\Winamp\winampa.exe" [2009-07-01 37888]
"egui"="e:\programs\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="e:\programs\Nero 8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"iTunesHelper"="e:\programs\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\profil\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
winesm32.exe [2008-4-14 29184]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Programs\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\Programs\\HLSW\\hlsw.exe"=
"e:\\Games\\Call of Duty 2\\CoD2MP_s.exe"=
"e:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Programs\\ICQ6.5\\ICQ.exe"=
"e:\\Games\\Race Driver GRID\\GRID.exe"=
"e:\\Games\\Vietcong\\vietcong.exe"=
"e:\\Programs\\Veetle\\Player\\player.exe"=
"e:\\Programs\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Games\\Mass Effect\\Binaries\\MassEffect.exe"=
"e:\\Games\\Mass Effect\\MassEffectLauncher.exe"=
"e:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"e:\\Games\\PES 2010\\pes2010.exe"=
"e:\\Games\\Football Manager 2010\\fm.exe"=
"e:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"=
"e:\\Games\\Dragon Age\\DAOriginsLauncher.exe"=
"e:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Programs\\ICQ 7\\ICQ7.0\\ICQ.exe"=
"e:\\Programs\\ICQ 7\\ICQ7.0\\aolload.exe"=
"e:\\Games\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"e:\\Games\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Documents and Settings\\profil\\Plocha\\Skype.exe"=
"e:\\Programs\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.12.2008 18:32 691696]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [3.12.2008 21:16 2915944]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 13:23 106208]
R2 ekrn;ESET Service;e:\programs\ESET\ESET Smart Security\ekrn.exe [6.2.2009 13:23 727720]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [19.2.2010 13:31 54752]
R2 HOSTNT;Hostnt;c:\windows\system32\drivers\hostnt.sys [3.6.2009 16:19 4032]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [28.9.2009 11:35 246520]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 KeenfinderSrch Service;KeenfinderSrch Service; [x]
S2 MHDRV;Mhdrv;c:\windows\system32\drivers\mhdrv.sys [3.6.2009 16:19 27696]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [18.8.2004 13:00 3584]
S2 RCMHDOG;RCMHDOG;c:\windows\system32\drivers\rcmhdog.sys [3.6.2009 16:19 26304]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [27.11.2008 12:12 36864]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [23.12.2009 8:30 25832]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 22:48 704864]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [11.5.2005 13:12 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [11.5.2005 13:12 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [11.5.2005 13:12 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [11.5.2005 13:12 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [11.5.2005 13:12 77072]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [19.2.2010 13:41 27064]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23.11.2009 20:30 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23.11.2009 20:30 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23.11.2009 20:30 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [23.11.2009 20:31 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [23.11.2009 20:31 98568]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - e:\programs\ICQ 7\ICQ7.0\ICQ.exe
TCP: {49942757-E2E4-44DF-92BD-5825A1A9103F} = 10.255.255.10,10.255.255.20
DPF: {4944924A-64E4-49C1-AC97-ABA3927262FE} - hxxp://channel.dontblynk.com/Launcher/StWbUsa.cab
FF - ProfilePath - c:\documents and settings\profil\Data aplikací\Mozilla\Firefox\Profiles\h8fnsmpz.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - component: c:\documents and settings\profil\Data aplikací\Mozilla\Firefox\Profiles\h8fnsmpz.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: e:\programs\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\programs\Veetle\Player\npvlc.dll
FF - plugin: e:\programs\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
e:\programs\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
URLSearchHooks-{C94E154B-1459-4A47-966B-4B843BEFC7DB} - c:\program files\AskSearch\bin\DefaultSearch.dll
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 16:34
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\documents and settings\profil\Nabídka Start\Programy\Po spuštění\winesm32.exe 29184 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spjy.sys hal.dll >>UNKNOWN [0x8A972938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> atapi.sys @ 0xb7e2fb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb7d39bd4
PacketIndicateHandler -> NDIS.sys @ 0xb7d45a21
SendHandler -> NDIS.sys @ 0xb7d39d44
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-839522115-1343024091-2147167427-1004\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\profil\\Dokumenty\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\profil\\Dokumenty\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\profil\\Dokumenty\\Sports Interactive\\Football Manager 2010\\"
"LangDB"="e:\\Games\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009d28
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000072
"UniqueID"="DA-FCC5-2093"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056

[HKEY_USERS\S-1-5-21-839522115-1343024091-2147167427-1004\Software\G*e*n*i*e*"!\FM Genie Scout 2009]
"ShortlistDir"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00009b72
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000062
"UniqueID"="DA-FCC5-2093"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""

[HKEY_USERS\S-1-5-21-839522115-1343024091-2147167427-1004\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="DA-FCC5-2093"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""

[HKEY_USERS\S-1-5-21-839522115-1343024091-2147167427-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6d,3d,84,5e,d5,40,97,47,01,59,8c,72,6c,da,ab,a8,bc,b4,67,12,fd,d4,d6,
54,31,a9,72,46,be,d9,0d,fb,53,10,b3,44,a9,b7,c2,96,ee,bc,b3,a9,bc,ef,b4,c3,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-839522115-1343024091-2147167427-1004\Software\SecuROM\License information*]
"datasecu"=hex:89,3b,85,42,37,b5,5c,31,02,53,2b,da,f5,75,fb,eb,45,8e,49,20,c0,
a7,df,20,f3,5e,fb,58,46,65,71,29,cb,9c,ae,0e,70,aa,34,bf,13,4d,cf,04,45,8a,\
"rkeysecu"=hex:43,83,ec,24,51,bc,5b,cd,b7,a4,91,a1,1a,1e,74,3e
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3764)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
e:\programs\Nero 8\Nero BackItUp\NBService.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2010-02-26 16:37:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-26 15:37

Před spuštěním: Volných bajtů: 101 882 765 312
Po spuštění: Volných bajtů: 101 788 102 656

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 65707DC737FB6E3A876D92FCDE25DDF6

#2 Příspěvek od **Caroprd111** » 26 úno 2010 17:08

Zdravím

Na logu se pracuje, prosím o strpení.

Nedoporučuji používat ComboFix z vlastní iniciativy, může dojít k poškození systému!

#3 Příspěvek od **Caroprd111** » 26 úno 2010 17:12

Nelegální software zde neřešíme.
Obstarejte si legální zabezpečení PC (antivir, firewall), poté sem vložte log z RSIT a budeme pokračovat

Vyberte si třeba free Avast + nějaký firewall http://www.viry.cz/forum/viewtopic.php?f=29&t=6152 + http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

lunchbox · #4 Příspěvek od **lunchbox** » 26 úno 2010 17:22

Dobře,za chvíli vše bude jak říkáte

#5 Příspěvek od **Caroprd111** » 26 úno 2010 17:26

lunchbox · #6 Příspěvek od **lunchbox** » 26 úno 2010 17:46

Už mám ten Sunbelt Firewall,teď ještě Avast,ale musím pryč,takže vše dovyřeším večer,udělam vše,jen potřebuju zas,aby byl počítač v pořádku

už mám vše : Sunbelt,Avast i RSIT

za pár hodin sem hodím výsledek RSIT,budu pak velmi vděčný za každou pomoc.

#7 Příspěvek od **Caroprd111** » 26 úno 2010 18:08

Čekám na log

lunchbox · #8 Příspěvek od **lunchbox** » 26 úno 2010 20:36

Jak sem vymazal ten NOD,tak už to je normálně v pohodě ! Ale furt to občas skočí třeba na 30% a tak

Logfile of random's system information tool 1.06 (written by random/random)
Run by profil at 2010-02-26 20:33:33
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 97 GB (64%) free of 150 GB
Total RAM: 2047 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:43, on 26.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
E:\Programs\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Programs\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
E:\Programs\DAEMON Tools Lite\DTLite.exe
E:\Programs\ICQ 7\ICQ7.0\ICQ.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Programs\Nero 8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
E:\Programs\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Documents and Settings\profil\Plocha\RSIT.exe
C:\Program Files\trend micro\profil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... &gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Programs\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Programs\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "E:\Programs\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Programs\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "E:\Programs\ICQ 7\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: winesm32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Programs\ICQ 7\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Programs\ICQ 7\ICQ7.0\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4944924A-64E4-49C1-AC97-ABA3927262FE} (StWbUsa Control) - http://channel.dontblynk.com/Launcher/StWbUsa.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{49942757-E2E4-44DF-92BD-5825A1A9103F}: NameServer = 10.255.255.10,10.255.255.20
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - E:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Programs\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 11502 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Get Styles\enlbrdr.dll [2009-12-16 185344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{2C688203-7EB3-4327-9995-1CB417BA23F9} - BS.Player ControlBar - C:\Program Files\BS.Player ControlBar\BSToolbar.dll [2008-10-08 859592]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-25 16855552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"WinampAgent"=E:\Programs\Winamp\winampa.exe [2009-07-01 37888]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=E:\Programs\Nero 8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-01-11 13666408]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-01-11 110696]
"iTunesHelper"=E:\Programs\iTunes\iTunesHelper.exe [2010-01-22 141608]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=E:\Programs\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"ICQ"=E:\Programs\ICQ 7\ICQ7.0\ICQ.exe [2010-02-11 133368]

C:\Documents and Settings\profil\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
winesm32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Programs\uTorrent\utorrent.exe"="E:\Programs\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"E:\Programs\HLSW\hlsw.exe"="E:\Programs\HLSW\hlsw.exe:*:Enabled:hlsw"
"E:\Games\Call of Duty 2\CoD2MP_s.exe"="E:\Games\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"E:\Games\Call of Duty 4 - Modern Warfare\iw3mp.exe"="E:\Games\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"E:\Programs\ICQ6.5\ICQ.exe"="E:\Programs\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"E:\Games\Race Driver GRID\GRID.exe"="E:\Games\Race Driver GRID\GRID.exe:*:Enabled:GRID"
"E:\Games\Vietcong\vietcong.exe"="E:\Games\Vietcong\vietcong.exe:*:Enabled:vietcong"
"E:\Programs\Veetle\Player\player.exe"="E:\Programs\Veetle\Player\player.exe:*:Enabled:player"
"E:\Programs\Xfire\Xfire.exe"="E:\Programs\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Games\Mass Effect\Binaries\MassEffect.exe"="E:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"E:\Games\Mass Effect\MassEffectLauncher.exe"="E:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"E:\Games\Crysis\Bin32\Crysis.exe"="E:\Games\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"E:\Games\PES 2010\pes2010.exe"="E:\Games\PES 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"E:\Games\Football Manager 2010\fm.exe"="E:\Games\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010"
"E:\Games\Dragon Age\bin_ship\daorigins.exe"="E:\Games\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"E:\Games\Dragon Age\DAOriginsLauncher.exe"="E:\Games\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe"="E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Programs\ICQ 7\ICQ7.0\ICQ.exe"="E:\Programs\ICQ 7\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"E:\Programs\ICQ 7\ICQ7.0\aolload.exe"="E:\Programs\ICQ 7\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"E:\Games\Mass Effect 2\Binaries\MassEffect2.exe"="E:\Games\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game"
"E:\Games\Mass Effect 2\MassEffect2Launcher.exe"="E:\Games\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher"
"C:\Documents and Settings\profil\Plocha\Skype.exe"="C:\Documents and Settings\profil\Plocha\Skype.exe:*:Enabled:Skype"
"E:\Programs\iTunes\iTunes.exe"="E:\Programs\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Games\kos\game_sting_pak\sting.exe"="E:\Games\kos\game_sting_pak\sting.exe:*:Enabled:˝şĆĂżÂ¶óŔÎ"
"E:\Games\Combat Arms EU\CombatArms.exe"="E:\Games\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"E:\Games\Combat Arms EU\Engine.exe"="E:\Games\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"E:\Programs\ICQ 7\ICQ7.0\ICQ.exe"="E:\Programs\ICQ 7\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"E:\Programs\ICQ 7\ICQ7.0\aolload.exe"="E:\Programs\ICQ 7\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 3 months======

2010-02-26 20:33:34 ----D---- C:\Program Files\trend micro
2010-02-26 20:33:33 ----D---- C:\rsit
2010-02-26 17:48:43 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-02-26 17:48:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-02-26 17:23:19 ----D---- C:\Program Files\Sunbelt Software
2010-02-26 17:10:07 ----SHD---- C:\RECYCLER
2010-02-26 16:37:34 ----D---- C:\WINDOWS\temp
2010-02-26 16:37:32 ----A---- C:\ComboFix.txt
2010-02-26 16:25:42 ----A---- C:\Boot.bak
2010-02-26 16:25:38 ----RASHD---- C:\cmdcons
2010-02-26 16:16:38 ----A---- C:\WINDOWS\MBR.exe
2010-02-26 16:16:37 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-26 16:16:36 ----A---- C:\WINDOWS\PEV.exe
2010-02-26 16:16:35 ----A---- C:\WINDOWS\zip.exe
2010-02-26 16:16:35 ----A---- C:\WINDOWS\SWREG.exe
2010-02-26 16:16:35 ----A---- C:\WINDOWS\sed.exe
2010-02-26 16:16:35 ----A---- C:\WINDOWS\grep.exe
2010-02-26 16:16:34 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-26 16:16:34 ----A---- C:\WINDOWS\SWSC.exe
2010-02-26 16:16:04 ----D---- C:\WINDOWS\ERDNT
2010-02-26 16:08:12 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-26 16:02:18 ----D---- C:\Qoobox
2010-02-24 05:48:04 ----A---- C:\WINDOWS\imsins.BAK
2010-02-24 05:48:01 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-23 16:19:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2010-02-21 11:08:32 ----D---- C:\WINDOWS\Sun
2010-02-20 22:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2010-02-20 10:07:16 ----A---- C:\WINDOWS\system32\muweb.dll
2010-02-20 10:07:16 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-02-20 10:07:15 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-02-20 00:09:20 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-20 00:09:20 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-20 00:09:20 ----A---- C:\WINDOWS\system32\java.exe
2010-02-20 00:08:47 ----D---- C:\Program Files\Java
2010-02-20 00:08:45 ----D---- C:\Program Files\Common Files\Java
2010-02-20 00:08:30 ----D---- C:\Documents and Settings\profil\Data aplikací\Sun
2010-02-19 13:41:06 ----D---- C:\Program Files\VS Revo Group
2010-02-19 13:31:45 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-19 13:30:51 ----D---- C:\Program Files\Microsoft Sync Framework
2010-02-19 13:30:00 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-02-19 13:28:42 ----D---- C:\Program Files\Microsoft
2010-02-19 13:28:27 ----D---- C:\Program Files\Windows Live SkyDrive
2010-02-19 13:22:32 ----D---- C:\Program Files\Common Files\Windows Live
2010-02-19 13:20:53 ----D---- C:\Program Files\Windows Live
2010-02-16 13:04:44 ----D---- C:\Program Files\iPod
2010-02-11 00:21:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-11 00:21:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-11 00:18:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-11 00:18:44 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-11 00:18:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-11 00:18:32 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-11 00:18:22 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 00:18:08 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-11 00:17:58 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-01-13 15:49:11 ----D---- C:\Documents and Settings\profil\Data aplikací\Uniblue
2010-01-13 15:49:04 ----D---- C:\Program Files\Uniblue
2010-01-13 08:44:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 08:44:31 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-11 22:17:44 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2010-01-11 22:17:44 ----A---- C:\WINDOWS\system32\nvmctray.dll
2010-01-11 22:17:44 ----A---- C:\WINDOWS\system32\nvmccs.dll
2010-01-11 22:17:44 ----A---- C:\WINDOWS\system32\nvcpl.dll
2010-01-11 22:17:44 ----A---- C:\WINDOWS\system32\nvcolor.exe
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvwddi.dll
2010-01-02 20:41:28 ----D---- C:\Program Files\Get Styles
2009-12-31 10:29:40 ----D---- C:\Program Files\KigoVideoConverter
2009-12-31 10:27:39 ----D---- C:\Program Files\WM Converter
2009-12-25 17:33:33 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-12-25 17:32:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-25 17:32:24 ----D---- C:\Program Files\Bonjour
2009-12-25 17:30:18 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-12-25 17:07:08 ----D---- C:\Documents and Settings\profil\Data aplikací\Apple Computer
2009-12-23 08:41:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\BioWare
2009-12-23 08:35:50 ----D---- C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP
2009-12-22 18:30:28 ----A---- C:\WINDOWS\system32\OpenCL.dll
2009-12-22 18:30:27 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2009-12-10 06:08:33 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-10 06:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-10 06:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-10 06:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-10 06:07:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-11-28 16:14:11 ----D---- C:\Program Files\QuickTime
2009-11-28 16:14:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer

======List of files/folders modified in the last 3 months======

2010-02-26 20:33:34 ----RD---- C:\Program Files
2010-02-26 20:30:53 ----D---- C:\WINDOWS\system32\drivers
2010-02-26 20:30:15 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-26 20:29:29 ----D---- C:\WINDOWS
2010-02-26 17:52:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-26 17:49:55 ----SHD---- C:\WINDOWS\Installer
2010-02-26 17:49:27 ----HD---- C:\WINDOWS\inf
2010-02-26 17:48:46 ----D---- C:\WINDOWS\system32
2010-02-26 17:48:28 ----D---- C:\Program Files\Alwil Software
2010-02-26 17:47:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-26 16:33:00 ----A---- C:\WINDOWS\system.ini
2010-02-26 16:32:17 ----D---- C:\WINDOWS\srchasst
2010-02-26 16:31:43 ----D---- C:\WINDOWS\system32\config
2010-02-26 16:31:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-26 16:30:23 ----D---- C:\WINDOWS\AppPatch
2010-02-26 16:30:19 ----D---- C:\Program Files\Common Files
2010-02-26 16:25:42 ----RASH---- C:\boot.ini
2010-02-26 16:12:44 ----D---- C:\Documents and Settings
2010-02-26 16:02:06 ----D---- C:\WINDOWS\Prefetch
2010-02-25 20:54:31 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-25 20:10:35 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-02-25 20:10:11 ----D---- C:\Documents and Settings\profil\Data aplikací\ICQ
2010-02-24 05:48:09 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-23 16:19:05 ----D---- C:\Program Files\Google
2010-02-23 16:19:03 ----SD---- C:\WINDOWS\Tasks
2010-02-23 15:27:50 ----SD---- C:\Documents and Settings\profil\Data aplikací\Microsoft
2010-02-23 15:26:10 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-22 20:44:57 ----D---- C:\WINDOWS\Debug
2010-02-22 20:44:56 ----D---- C:\WINDOWS\Minidump
2010-02-22 18:17:19 ----D---- C:\Documents and Settings\profil\Data aplikací\uTorrent
2010-02-20 22:46:07 ----D---- C:\WINDOWS\WinSxS
2010-02-19 17:26:04 ----RSD---- C:\WINDOWS\assembly
2010-02-19 17:26:04 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-19 13:31:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-19 13:30:42 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-02-19 13:30:10 ----D---- C:\WINDOWS\system32\DirectX
2010-02-19 13:28:32 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-19 13:28:10 ----RSD---- C:\WINDOWS\Fonts
2010-02-16 13:04:41 ----D---- C:\Program Files\Common Files\Apple
2010-02-01 21:05:40 ----D---- C:\Documents and Settings\profil\Data aplikací\Skype
2010-02-01 20:30:37 ----D---- C:\Documents and Settings\profil\Data aplikací\skypePM
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-01 15:42:33 ----D---- C:\WINDOWS\Help
2010-02-01 15:42:33 ----D---- C:\Program Files\NVIDIA Corporation
2010-02-01 15:41:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-27 18:56:43 ----D---- C:\Program Files\Common Files\BioWare
2010-01-23 09:11:44 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-01-23 06:57:38 ----D---- C:\Program Files\ICQ6Toolbar
2010-01-22 23:34:19 ----D---- C:\Program Files\Internet Explorer
2010-01-22 22:58:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-01-12 05:03:33 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2010-01-12 05:03:33 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2010-01-12 05:03:33 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2010-01-12 05:03:33 ----A---- C:\WINDOWS\system32\nvcuda.dll
2010-01-12 05:03:33 ----A---- C:\WINDOWS\system32\nvcodins.dll
2010-01-12 05:03:33 ----A---- C:\WINDOWS\system32\nvapi.dll
2010-01-12 05:03:33 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2010-01-09 10:38:10 ----A---- C:\WINDOWS\wincmd.ini
2009-12-23 08:13:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2009-12-21 20:08:42 ----N---- C:\WINDOWS\system32\wininet.dll
2009-12-21 20:08:42 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-12-21 20:08:41 ----N---- C:\WINDOWS\system32\occache.dll
2009-12-21 20:08:41 ----N---- C:\WINDOWS\system32\mshtml.dll
2009-12-21 20:08:38 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-12-21 20:08:38 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-12-21 20:08:38 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-12-21 20:08:38 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-12-21 20:08:37 ----N---- C:\WINDOWS\system32\iepeers.dll
2009-12-21 20:08:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-12-21 20:08:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-12-21 14:18:29 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-12-17 08:42:35 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-12-14 08:10:03 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-12-09 11:11:01 ----N---- C:\WINDOWS\system32\ntoskrnl.exe
2009-12-09 11:11:00 ----N---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-12-09 06:55:34 ----A---- C:\WINDOWS\system32\jscript.dll
2009-12-08 10:25:31 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-11-27 18:14:10 ----A---- C:\WINDOWS\system32\quartz.dll
2009-11-27 18:14:09 ----A---- C:\WINDOWS\system32\msyuv.dll
2009-11-27 17:09:43 ----A---- C:\WINDOWS\system32\tsbyuv.dll
2009-11-27 17:09:43 ----A---- C:\WINDOWS\system32\msvidc32.dll
2009-11-27 17:09:42 ----A---- C:\WINDOWS\system32\msrle32.dll
2009-11-27 17:09:42 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2009-11-27 17:09:42 ----A---- C:\WINDOWS\system32\avifil32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-11 28880]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2008-12-03 2915944]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-11 100432]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-10-05 281760]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 HOSTNT;Hostnt; \??\C:\WINDOWS\system32\drivers\hostnt.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-10-05 25888]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-11 23376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-04-12 25280]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-01 4620288]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-01-12 10276768]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S2 MHDRV;Mhdrv; \??\C:\WINDOWS\system32\drivers\mhdrv.sys []
S2 RCMHDOG;RCMHDOG; \??\C:\WINDOWS\system32\drivers\rcmhdog.sys []
S3 apl3ye7r;apl3ye7r; C:\WINDOWS\system32\drivers\apl3ye7r.sys []
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-11-01 36864]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM); C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 77072]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-02-26 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; E:\Programs\Nero 8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-01-11 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-08-20 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-02-25 215104]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2008-12-03 304528]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2004-08-18 3584]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; E:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; E:\Programs\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-08-27 3280436]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; E:\Programs\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#9 Příspěvek od **Caroprd111** » 26 úno 2010 20:39

Napište, které z těchto toolbarů (lišt) můžeme smazat.

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

lunchbox · #10 Příspěvek od **lunchbox** » 26 úno 2010 20:40

všechny

#11 Příspěvek od **Caroprd111** » 26 úno 2010 20:42

OK, napíšu skript na smazání.

#12 Příspěvek od **Caroprd111** » 26 úno 2010 20:54

Pokud nemáte, přesuňte Combofix na plochu

otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=-
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Folder::
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\Yahoo!
C:\Program Files\Windows Live\Toolbar
C:\Program Files\ICQ6Toolbar
C:\Program Files\BS.Player ControlBar

Driver::
ICQ Service
NOD32FiXTemDono

File::
C:\WINDOWS\system32\regedt32.exe
C:\Documents and Settings\profil\Nabídka Start\Programy\Po spuštění\winesm32.exe

uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Obrázek

Tohle otestujte na http://www.virustotal.com/cs/
C:\WINDOWS\system32\drivers\rcmhdog.sys

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem vložte.)

lunchbox · #13 Příspěvek od **lunchbox** » 26 úno 2010 21:20

ComboFix :

ComboFix 10-02-26.01 - profil 26.02.2010 21:04:18.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1523 [GMT 1:00]
Spuštěný z: c:\documents and settings\profil\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\profil\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-26 do 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-02-26 20:01 . 2010-02-26 20:02 -------- d-----w- C:\32788R22FWJFW
2010-02-26 19:33 . 2010-02-26 19:33 -------- d-----w- c:\program files\trend micro
2010-02-26 19:33 . 2010-02-26 19:33 -------- d-----w- C:\rsit
2010-02-26 16:49 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-26 16:49 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-26 16:49 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-26 16:49 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-26 16:49 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-26 16:49 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-26 16:49 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-26 16:48 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-26 16:48 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-26 16:23 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2010-02-26 16:23 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2010-02-26 16:23 . 2010-02-26 16:23 -------- d-----w- c:\program files\Sunbelt Software
2010-02-26 15:13 . 2010-02-26 15:13 -------- d-sh--w- c:\documents and settings\Administrator.SWING\IETldCache
2010-02-25 17:27 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-25 17:27 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-25 17:27 . 2008-04-13 23:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-02-25 17:27 . 2008-04-13 23:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-02-25 17:27 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-25 17:27 . 2008-04-13 23:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-02-21 10:08 . 2010-02-21 10:08 -------- d-----w- c:\windows\Sun
2010-02-20 09:07 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-20 09:07 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-19 23:08 . 2010-02-19 23:09 -------- d-----w- c:\program files\Java
2010-02-19 23:08 . 2010-02-19 23:08 -------- d-----w- c:\program files\Common Files\Java
2010-02-19 12:41 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-19 12:41 . 2010-02-19 12:41 -------- d-----w- c:\program files\VS Revo Group
2010-02-19 12:31 . 2010-02-21 06:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-19 12:31 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-02-19 12:30 . 2010-02-19 12:30 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-02-19 12:30 . 2010-02-19 12:30 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-19 12:29 . 2010-02-20 09:05 -------- d-----w- c:\documents and settings\profil\Tracing
2010-02-19 12:28 . 2010-02-19 12:31 -------- d-----w- c:\program files\Microsoft
2010-02-19 12:28 . 2010-02-19 12:28 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-19 12:22 . 2010-02-19 12:22 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-19 12:20 . 2010-02-19 12:31 -------- d-----w- c:\program files\Windows Live
2010-02-16 12:04 . 2010-02-16 12:04 -------- d-----w- c:\program files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 20:06 . 2004-08-18 12:00 85904 ----a-w- c:\windows\system32\perfc005.dat
2010-02-26 20:06 . 2004-08-18 12:00 446912 ----a-w- c:\windows\system32\perfh005.dat
2010-02-26 16:48 . 2008-11-28 14:11 -------- d-----w- c:\program files\Alwil Software
2010-02-25 19:10 . 2009-08-20 16:06 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-25 19:10 . 2008-12-01 16:35 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-23 15:19 . 2009-11-24 20:14 -------- d-----w- c:\program files\Google
2010-02-23 14:26 . 2008-11-27 07:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-16 12:04 . 2009-11-01 17:38 -------- d-----w- c:\program files\Common Files\Apple
2010-02-01 14:42 . 2009-07-26 16:41 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-01 14:41 . 2008-12-03 15:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-27 17:56 . 2009-08-28 08:05 -------- d-----w- c:\program files\Common Files\BioWare
2010-01-23 05:57 . 2009-09-28 10:35 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-13 14:49 . 2010-01-13 14:49 -------- d-----w- c:\program files\Uniblue
2010-01-12 04:03 . 2009-12-22 17:30 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-12 04:03 . 2009-12-22 17:30 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-12 04:03 . 2009-04-30 20:02 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03 . 2009-04-30 20:02 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 04:03 . 2009-02-09 12:18 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03 . 2008-06-25 19:57 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2008-06-25 19:57 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2008-06-25 19:57 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2008-06-25 19:57 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2008-06-25 19:57 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2008-06-25 19:57 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-02 19:41 . 2010-01-02 19:41 -------- d-----w- c:\program files\Get Styles
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 09:39 . 2009-12-31 09:29 -------- d-----w- c:\program files\KigoVideoConverter
2009-12-31 09:27 . 2009-12-31 09:27 -------- d-----w- c:\program files\WM Converter
2009-12-23 07:13 . 2008-12-01 17:32 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-21 19:08 . 2004-08-18 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-11-27 06:58 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-18 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-18 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-02-26_15.32.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-18 12:00 . 2010-02-26 15:20 75310 c:\windows\system32\perfc009.dat
+ 2004-08-18 12:00 . 2010-02-26 20:06 75310 c:\windows\system32\perfc009.dat
+ 2008-06-21 03:54 . 2008-06-21 03:54 66600 c:\windows\system32\drivers\sbhips.sys
+ 2010-02-26 16:23 . 2010-02-26 16:23 57344 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\NewShortcut4_C665E66BE8EF49DBB30B81BB5E60462C.exe
+ 2010-02-26 16:23 . 2010-02-26 16:23 18718 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2010-02-26 16:23 . 2010-02-26 16:23 18718 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\ARPPRODUCTICON.exe
+ 2004-08-18 12:00 . 2010-02-26 20:06 450500 c:\windows\system32\perfh009.dat
- 2004-08-18 12:00 . 2010-02-26 15:20 450500 c:\windows\system32\perfh009.dat
+ 2010-02-26 16:23 . 2010-02-26 16:23 481280 c:\windows\Installer\2ebd67.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2009-12-16 09:03 185344 ----a-w- c:\program files\Get Styles\enlbrdr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\programs\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ICQ"="e:\programs\ICQ 7\ICQ7.0\ICQ.exe" [2010-02-11 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"WinampAgent"="e:\programs\Winamp\winampa.exe" [2009-07-01 37888]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="e:\programs\Nero 8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"iTunesHelper"="e:\programs\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\profil\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
winesm32.exe [2008-4-14 29184]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Programs\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\Programs\\HLSW\\hlsw.exe"=
"e:\\Games\\Call of Duty 2\\CoD2MP_s.exe"=
"e:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Programs\\ICQ6.5\\ICQ.exe"=
"e:\\Games\\Race Driver GRID\\GRID.exe"=
"e:\\Games\\Vietcong\\vietcong.exe"=
"e:\\Programs\\Veetle\\Player\\player.exe"=
"e:\\Programs\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Games\\Mass Effect\\Binaries\\MassEffect.exe"=
"e:\\Games\\Mass Effect\\MassEffectLauncher.exe"=
"e:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"e:\\Games\\PES 2010\\pes2010.exe"=
"e:\\Games\\Football Manager 2010\\fm.exe"=
"e:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"=
"e:\\Games\\Dragon Age\\DAOriginsLauncher.exe"=
"e:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Programs\\ICQ 7\\ICQ7.0\\ICQ.exe"=
"e:\\Programs\\ICQ 7\\ICQ7.0\\aolload.exe"=
"e:\\Games\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"e:\\Games\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Documents and Settings\\profil\\Plocha\\Skype.exe"=
"e:\\Programs\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [3.12.2008 21:16 2915944]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26.2.2010 17:49 162512]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [26.2.2010 17:23 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26.2.2010 17:49 19024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [19.2.2010 13:31 54752]
R2 HOSTNT;Hostnt;c:\windows\system32\drivers\hostnt.sys [3.6.2009 16:19 4032]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [28.9.2009 11:35 246520]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [26.2.2010 17:23 65576]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.12.2008 18:32 691696]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 KeenfinderSrch Service;KeenfinderSrch Service; [x]
S2 MHDRV;Mhdrv;c:\windows\system32\drivers\mhdrv.sys [3.6.2009 16:19 27696]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [18.8.2004 13:00 3584]
S2 RCMHDOG;RCMHDOG;c:\windows\system32\drivers\rcmhdog.sys [3.6.2009 16:19 26304]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [27.11.2008 12:12 36864]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [23.12.2009 8:30 25832]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 22:48 704864]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [11.5.2005 13:12 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [11.5.2005 13:12 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [11.5.2005 13:12 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [11.5.2005 13:12 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [11.5.2005 13:12 77072]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [19.2.2010 13:41 27064]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23.11.2009 20:30 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23.11.2009 20:30 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23.11.2009 20:30 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [23.11.2009 20:31 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [23.11.2009 20:31 98568]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - e:\programs\ICQ 7\ICQ7.0\ICQ.exe
TCP: {49942757-E2E4-44DF-92BD-5825A1A9103F} = 10.255.255.10,10.255.255.20
DPF: {4944924A-64E4-49C1-AC97-ABA3927262FE} - hxxp://channel.dontblynk.com/Launcher/StWbUsa.cab
FF - ProfilePath - c:\documents and settings\profil\Data aplikací\Mozilla\Firefox\Profiles\h8fnsmpz.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - component: c:\documents and settings\profil\Data aplikací\Mozilla\Firefox\Profiles\h8fnsmpz.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: e:\programs\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\programs\Veetle\Player\npvlc.dll
FF - plugin: e:\programs\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
e:\programs\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 21:12
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-839522115-1343024091-2147167427-1004\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\profil\\Dokumenty\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\profil\\Dokumenty\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\profil\\Dokumenty\\Sports Interactive\\Football Manager 2010\\"
"LangDB"="e:\\Games\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009d28
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000072
"UniqueID"="DA-FCC5-2093"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056

[HKEY_USERS\S-1-5-21-839522115-1343024091-2147167427-1004\Software\G*e*n*i*e*"!\FM Genie Scout 2009]
"ShortlistDir"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00009b72
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000062
"UniqueID"="DA-FCC5-2093"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""

[HKEY_USERS\S-1-5-21-839522115-1343024091-2147167427-1004\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="DA-FCC5-2093"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""

[HKEY_USERS\S-1-5-21-839522115-1343024091-2147167427-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6d,3d,84,5e,d5,40,97,47,01,59,8c,72,6c,da,ab,a8,bc,b4,67,12,fd,d4,d6,
54,31,a9,72,46,be,d9,0d,fb,53,10,b3,44,a9,b7,c2,96,ee,bc,b3,a9,bc,ef,b4,c3,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-839522115-1343024091-2147167427-1004\Software\SecuROM\License information*]
"datasecu"=hex:89,3b,85,42,37,b5,5c,31,02,53,2b,da,f5,75,fb,eb,45,8e,49,20,c0,
a7,df,20,f3,5e,fb,58,46,65,71,29,cb,9c,ae,0e,70,aa,34,bf,13,4d,cf,04,45,8a,\
"rkeysecu"=hex:43,83,ec,24,51,bc,5b,cd,b7,a4,91,a1,1a,1e,74,3e
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3788)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-02-26 21:14:43
ComboFix-quarantined-files.txt 2010-02-26 20:14
ComboFix2.txt 2010-02-26 15:37

Před spuštěním: Volných bajtů: 101 234 143 232
Po spuštění: Volných bajtů: 101 195 919 360

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - AC11A6B7B33DF7D50FBD6B8BD4D2C757

Z té stránky :

Antivirus;Verze;Poslední aktualizace;Výsledek
a-squared;4.5.0.50;2010.02.26;-
AhnLab-V3;5.0.0.2;2010.02.26;-
AntiVir;8.2.1.176;2010.02.26;-
Antiy-AVL;2.0.3.7;2010.02.26;-
Authentium;5.2.0.5;2010.02.26;-
Avast;4.8.1351.0;2010.02.26;-
Avast5;5.0.332.0;2010.02.26;-
AVG;9.0.0.730;2010.02.26;-
BitDefender;7.2;2010.02.26;-
CAT-QuickHeal;10.00;2010.02.26;-
ClamAV;0.96.0.0-git;2010.02.26;-
Comodo;4075;2010.02.26;-
DrWeb;5.0.1.12222;2010.02.26;-
eSafe;7.0.17.0;2010.02.25;-
eTrust-Vet;35.2.7331;2010.02.26;-
F-Prot;4.5.1.85;2010.02.26;-
F-Secure;9.0.15370.0;2010.02.26;-
Fortinet;4.0.14.0;2010.02.26;-
GData;19;2010.02.26;-
Ikarus;T3.1.1.80.0;2010.02.26;-
Jiangmin;13.0.900;2010.02.25;-
K7AntiVirus;7.10.984;2010.02.26;-
Kaspersky;7.0.0.125;2010.02.26;-
McAfee;5903;2010.02.25;-
McAfee+Artemis;5903;2010.02.25;-
McAfee-GW-Edition;6.8.5;2010.02.26;-
Microsoft;1.5502;2010.02.26;-
NOD32;4899;2010.02.26;-
Norman;6.04.08;2010.02.26;-
nProtect;2009.1.8.0;2010.02.26;-
Panda;10.0.2.2;2010.02.26;-
PCTools;7.0.3.5;2010.02.26;-
Prevx;3.0;2010.02.26;-
Rising;22.36.04.04;2010.02.26;-
Sophos;4.50.0;2010.02.26;-
Sunbelt;5700;2010.02.26;-
Symantec;20091.2.0.41;2010.02.26;-
TheHacker;6.5.1.6.212;2010.02.26;-
TrendMicro;9.120.0.1004;2010.02.26;-
VBA32;3.12.12.2;2010.02.26;-
ViRobot;2010.2.26.2204;2010.02.26;-
VirusBuster;5.0.27.0;2010.02.26;-

Rozšiřující informace
File size: 26304 bytes
MD5...: eadb33be9ac97ce20540d4383c3a94ce
SHA1..: 566e0f4a73a305d438721b5e7ec615abc2e22054
SHA256: 7d6d9ed7c41a6219b0ba5344f652dbebdac580af9ca45f7577dfda6bff44c4b8
ssdeep: 384:P1cQo3pDz2imx+qI/sP6wQFe8hAzv2hTGK8WSMW2UGA7tmeMrk7+04ugl1iL 2475:CXpDOxDP6hFe8hAzv2hW/h8HuZ 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x2ea0 timedatestamp.....: 0x3c3a52f0 (Tue Jan 08 02:01:20 2002) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x2a0 0x2af6 0x2b00 6.48 97fdaba4f1640b3073c5ca9c65d80836 .data 0x2da0 0xf8 0x100 0.99 8053d1c71639154d8dffb8884a7c265f INIT 0x2ea0 0xf26 0xf40 6.25 42c6dbb889055296864bd7a2b2768d76 .rsrc 0x3de0 0x778 0x780 3.42 b471594aae28e1d3b85a350d2674b055 .reloc 0x4560 0x2dc 0x2e0 5.10 d0258877e71225f1a09ab6a10cbcbf3c ( 2 imports ) > ntoskrnl.exe: RtlWriteRegistryValue, IoCreateUnprotectedSymbolicLink, RtlInitUnicodeString, IoDeleteDevice, ObfDereferenceObject, KeInitializeSemaphore, IoGetDeviceObjectPointer, IoCreateDevice, KeWaitForSingleObject, IofCallDriver, IoBuildDeviceIoControlRequest, IoCancelIrp, KeReadStateEvent, MmResetDriverPaging, RtlQueryRegistryValues, KeDelayExecutionThread, KeQueryTimeIncrement, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, IoReleaseCancelSpinLock, IoAcquireCancelSpinLock, InterlockedExchange, PsTerminateSystemThread, KeSetBasePriorityThread, KeGetCurrentThread, ZwClose, KeReleaseSemaphore, ObReferenceObjectByHandle, PsCreateSystemThread, KeSetEvent, RtlDeleteRegistryValue, IoDeleteSymbolicLink, ExQueueWorkItem, RtlTimeToTimeFields, KeQuerySystemTime, ExFreePool, IoAllocateErrorLogEntry, IoWriteErrorLogEntry, ExAllocatePoolWithTag, KeInitializeEvent, IoGetConfigurationInformation, MmPageEntireDriver, KeTickCount, IofCompleteRequest > HAL.dll: WRITE_PORT_UCHAR, KeStallExecutionProcessor, READ_PORT_UCHAR, KfRaiseIrql, KfLowerIrql, ExAcquireFastMutex, ExReleaseFastMutex ( 0 exports ) 
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck: publisher....: Microsoft Corporation copyright....: Copyright (C) Microsoft Corp. 1981-1996 product......: Microsoft(R) Windows NT(TM) Operating System description..: Parallel Printer Driver original name: rcmhdog.sys internal name: rcmhdog.sys file version.: 4.00 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned

#14 Příspěvek od **Caroprd111** » 26 úno 2010 21:25

Ještě jednou aplikujte ComboFix s tímto skriptem.

Kód: Vybrat vše

Driver::
NOD32FiXTemDono
ICQ Service

File::
c:\windows\system32\regedt32.exe
C:\Documents and Settings\profil\Nabídka Start\Programy\Po spuštění\winesm32.exe

Folder::
c:\program files\ICQ6Toolbar

lunchbox · #15 Příspěvek od **lunchbox** » 26 úno 2010 21:48

Tak :

ComboFix 10-02-26.01 - profil 26.02.2010 21:32:18.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1651 [GMT 1:00]
Spuštěný z: c:\documents and settings\profil\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\profil\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

FILE ::
"c:\documents and settings\profil\Nabídka Start\Programy\Po spuštění\winesm32.exe"
"c:\windows\system32\regedt32.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\profil\Nabídka Start\Programy\Po spuštění\winesm32.exe
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\windows\system32\regedt32.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Service_ICQ Service
-------\Service_NOD32FiXTemDono

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-26 do 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-02-26 19:33 . 2010-02-26 19:33 -------- d-----w- c:\program files\trend micro
2010-02-26 19:33 . 2010-02-26 19:33 -------- d-----w- C:\rsit
2010-02-26 16:49 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-26 16:49 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-26 16:49 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-26 16:49 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-26 16:49 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-26 16:49 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-26 16:49 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-26 16:48 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-26 16:48 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-26 16:23 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2010-02-26 16:23 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2010-02-26 16:23 . 2010-02-26 16:23 -------- d-----w- c:\program files\Sunbelt Software
2010-02-26 15:13 . 2010-02-26 15:13 -------- d-sh--w- c:\documents and settings\Administrator.SWING\IETldCache
2010-02-25 17:27 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-25 17:27 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-25 17:27 . 2008-04-13 23:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-02-25 17:27 . 2008-04-13 23:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-02-25 17:27 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-25 17:27 . 2008-04-13 23:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-02-21 10:08 . 2010-02-21 10:08 -------- d-----w- c:\windows\Sun
2010-02-20 09:07 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-20 09:07 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-19 23:08 . 2010-02-19 23:09 -------- d-----w- c:\program files\Java
2010-02-19 23:08 . 2010-02-19 23:08 -------- d-----w- c:\program files\Common Files\Java
2010-02-19 12:41 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-19 12:41 . 2010-02-19 12:41 -------- d-----w- c:\program files\VS Revo Group
2010-02-19 12:31 . 2010-02-21 06:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-19 12:31 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-02-19 12:30 . 2010-02-19 12:30 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-02-19 12:30 . 2010-02-19 12:30 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-19 12:29 . 2010-02-20 09:05 -------- d-----w- c:\documents and settings\profil\Tracing
2010-02-19 12:28 . 2010-02-19 12:31 -------- d-----w- c:\program files\Microsoft
2010-02-19 12:28 . 2010-02-19 12:28 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-19 12:22 . 2010-02-19 12:22 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-19 12:20 . 2010-02-19 12:31 -------- d-----w- c:\program files\Windows Live
2010-02-16 12:04 . 2010-02-16 12:04 -------- d-----w- c:\program files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 20:44 . 2004-08-18 12:00 85904 ----a-w- c:\windows\system32\perfc005.dat
2010-02-26 20:44 . 2004-08-18 12:00 446912 ----a-w- c:\windows\system32\perfh005.dat
2010-02-26 16:48 . 2008-11-28 14:11 -------- d-----w- c:\program files\Alwil Software
2010-02-25 19:10 . 2009-08-20 16:06 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-25 19:10 . 2008-12-01 16:35 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-23 15:19 . 2009-11-24 20:14 -------- d-----w- c:\program files\Google
2010-02-23 14:26 . 2008-11-27 07:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-16 12:04 . 2009-11-01 17:38 -------- d-----w- c:\program files\Common Files\Apple
2010-02-01 14:42 . 2009-07-26 16:41 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-01 14:41 . 2008-12-03 15:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-27 17:56 . 2009-08-28 08:05 -------- d-----w- c:\program files\Common Files\BioWare
2010-01-13 14:49 . 2010-01-13 14:49 -------- d-----w- c:\program files\Uniblue
2010-01-12 04:03 . 2009-12-22 17:30 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-12 04:03 . 2009-12-22 17:30 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-12 04:03 . 2009-04-30 20:02 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03 . 2009-04-30 20:02 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 04:03 . 2009-02-09 12:18 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03 . 2008-06-25 19:57 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2008-06-25 19:57 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2008-06-25 19:57 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2008-06-25 19:57 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2008-06-25 19:57 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2008-06-25 19:57 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-02 19:41 . 2010-01-02 19:41 -------- d-----w- c:\program files\Get Styles
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 09:39 . 2009-12-31 09:29 -------- d-----w- c:\program files\KigoVideoConverter
2009-12-31 09:27 . 2009-12-31 09:27 -------- d-----w- c:\program files\WM Converter
2009-12-23 07:13 . 2008-12-01 17:32 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-21 19:08 . 2004-08-18 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-11-27 06:58 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-18 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-18 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-02-26_15.32.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-18 12:00 . 2010-02-26 15:20 75310 c:\windows\system32\perfc009.dat
+ 2004-08-18 12:00 . 2010-02-26 20:34 75310 c:\windows\system32\perfc009.dat
+ 2008-06-21 03:54 . 2008-06-21 03:54 66600 c:\windows\system32\drivers\sbhips.sys
+ 2010-02-26 16:23 . 2010-02-26 16:23 57344 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\NewShortcut4_C665E66BE8EF49DBB30B81BB5E60462C.exe
+ 2010-02-26 16:23 . 2010-02-26 16:23 18718 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2010-02-26 16:23 . 2010-02-26 16:23 18718 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\ARPPRODUCTICON.exe
+ 2004-08-18 12:00 . 2010-02-26 20:34 450500 c:\windows\system32\perfh009.dat
- 2004-08-18 12:00 . 2010-02-26 15:20 450500 c:\windows\system32\perfh009.dat
+ 2010-02-26 16:23 . 2010-02-26 16:23 481280 c:\windows\Installer\2ebd67.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2009-12-16 09:03 185344 ----a-w- c:\program files\Get Styles\enlbrdr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\programs\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ICQ"="e:\programs\ICQ 7\ICQ7.0\ICQ.exe" [2010-02-11 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"WinampAgent"="e:\programs\Winamp\winampa.exe" [2009-07-01 37888]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="e:\programs\Nero 8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"iTunesHelper"="e:\programs\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\profil\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Programs\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\Programs\\HLSW\\hlsw.exe"=
"e:\\Games\\Call of Duty 2\\CoD2MP_s.exe"=
"e:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Programs\\ICQ6.5\\ICQ.exe"=
"e:\\Games\\Race Driver GRID\\GRID.exe"=
"e:\\Games\\Vietcong\\vietcong.exe"=
"e:\\Programs\\Veetle\\Player\\player.exe"=
"e:\\Programs\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Games\\Mass Effect\\Binaries\\MassEffect.exe"=
"e:\\Games\\Mass Effect\\MassEffectLauncher.exe"=
"e:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"e:\\Games\\PES 2010\\pes2010.exe"=
"e:\\Games\\Football Manager 2010\\fm.exe"=
"e:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"=
"e:\\Games\\Dragon Age\\DAOriginsLauncher.exe"=
"e:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Programs\\ICQ 7\\ICQ7.0\\ICQ.exe"=
"e:\\Programs\\ICQ 7\\ICQ7.0\\aolload.exe"=
"e:\\Games\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"e:\\Games\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Documents and Settings\\profil\\Plocha\\Skype.exe"=
"e:\\Programs\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.12.2008 18:32 691696]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [3.12.2008 21:16 2915944]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26.2.2010 17:49 162512]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [26.2.2010 17:23 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26.2.2010 17:49 19024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [19.2.2010 13:31 54752]
R2 HOSTNT;Hostnt;c:\windows\system32\drivers\hostnt.sys [3.6.2009 16:19 4032]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [26.2.2010 17:23 65576]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 KeenfinderSrch Service;KeenfinderSrch Service; [x]
S2 MHDRV;Mhdrv;c:\windows\system32\drivers\mhdrv.sys [3.6.2009 16:19 27696]
S2 RCMHDOG;RCMHDOG;c:\windows\system32\drivers\rcmhdog.sys [3.6.2009 16:19 26304]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [27.11.2008 12:12 36864]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [23.12.2009 8:30 25832]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 22:48 704864]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [11.5.2005 13:12 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [11.5.2005 13:12 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [11.5.2005 13:12 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [11.5.2005 13:12 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [11.5.2005 13:12 77072]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [19.2.2010 13:41 27064]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23.11.2009 20:30 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23.11.2009 20:30 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23.11.2009 20:30 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [23.11.2009 20:31 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [23.11.2009 20:31 98568]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - e:\programs\ICQ 7\ICQ7.0\ICQ.exe
TCP: {49942757-E2E4-44DF-92BD-5825A1A9103F} = 10.255.255.10,10.255.255.20
DPF: {4944924A-64E4-49C1-AC97-ABA3927262FE} - hxxp://channel.dontblynk.com/Launcher/StWbUsa.cab
FF - ProfilePath - c:\documents and settings\profil\Data aplikací\Mozilla\Firefox\Profiles\h8fnsmpz.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - component: c:\documents and settings\profil\Data aplikací\Mozilla\Firefox\Profiles\h8fnsmpz.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: e:\programs\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\programs\Veetle\Player\npvlc.dll
FF - plugin: e:\programs\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
e:\programs\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 21:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spjv.sys hal.dll >>UNKNOWN [0x8A95E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> atapi.sys @ 0xb7e2fb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb7d39bd4
PacketIndicateHandler -> NDIS.sys @ 0xb7d45a21
SendHandler -> NDIS.sys @ 0xb7d39d44
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-839522115-1343024091-2147167427-1004\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\profil\\Dokumenty\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\profil\\Dokumenty\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\profil\\Dokumenty\\Sports Interactive\\Football Manager 2010\\"
"LangDB"="e:\\Games\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009d28
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000072
"UniqueID"="DA-FCC5-2093"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056

[HKEY_USERS\S-1-5-21-839522115-1343024091-2147167427-1004\Software\G*e*n*i*e*"!\FM Genie Scout 2009]
"ShortlistDir"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00009b72
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000062
"UniqueID"="DA-FCC5-2093"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""

[HKEY_USERS\S-1-5-21-839522115-1343024091-2147167427-1004\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="DA-FCC5-2093"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""

[HKEY_USERS\S-1-5-21-839522115-1343024091-2147167427-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6d,3d,84,5e,d5,40,97,47,01,59,8c,72,6c,da,ab,a8,bc,b4,67,12,fd,d4,d6,
54,31,a9,72,46,be,d9,0d,fb,53,10,b3,44,a9,b7,c2,96,ee,bc,b3,a9,bc,ef,b4,c3,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-839522115-1343024091-2147167427-1004\Software\SecuROM\License information*]
"datasecu"=hex:89,3b,85,42,37,b5,5c,31,02,53,2b,da,f5,75,fb,eb,45,8e,49,20,c0,
a7,df,20,f3,5e,fb,58,46,65,71,29,cb,9c,ae,0e,70,aa,34,bf,13,4d,cf,04,45,8a,\
"rkeysecu"=hex:43,83,ec,24,51,bc,5b,cd,b7,a4,91,a1,1a,1e,74,3e
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3156)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
e:\programs\Nero 8\Nero BackItUp\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2010-02-26 21:46:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-26 20:46
ComboFix2.txt 2010-02-26 20:14
ComboFix3.txt 2010-02-26 15:37

Před spuštěním: Volných bajtů: 101 210 300 416
Po spuštění: Volných bajtů: 101 164 208 128

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 236DEF3A0457156F0057142C90E70808

VIRY.CZ

Využití CPU neustále nad 50%,svchost.exe prosím o pomoc

Využití CPU neustále nad 50%,svchost.exe prosím o pomoc

Re: Využití CPU neustále nad 50%,svchost.exe prosím o pomoc

Re: Využití CPU neustále nad 50%,svchost.exe prosím o pomoc

Re: Využití CPU neustále nad 50%,svchost.exe prosím o pomoc

Re: Využití CPU neustále nad 50%,svchost.exe prosím o pomoc

Re: Využití CPU neustále nad 50%,svchost.exe prosím o pomoc

Re: Využití CPU neustále nad 50%,svchost.exe prosím o pomoc

Re: Využití CPU neustále nad 50%,svchost.exe prosím o pomoc

Re: Využití CPU neustále nad 50%,svchost.exe prosím o pomoc

Re: Využití CPU neustále nad 50%,svchost.exe prosím o pomoc

Re: Využití CPU neustále nad 50%,svchost.exe prosím o pomoc

Re: Využití CPU neustále nad 50%,svchost.exe prosím o pomoc

Re: Využití CPU neustále nad 50%,svchost.exe prosím o pomoc

Re: Využití CPU neustále nad 50%,svchost.exe prosím o pomoc

Re: Využití CPU neustále nad 50%,svchost.exe prosím o pomoc